Content deleted Content added
No edit summary Tags: Visual edit Mobile edit Mobile web edit |
Rescuing 5 sources and tagging 1 as dead. #IABot (v1.6.5) (Artix Kreiger) |
||
Line 65:
Although there are strong outward similarities between JavaScript and Java, including language name, [[Syntax (programming languages)|syntax]], and respective [[standard library|standard libraries]], the two languages are distinct and differ greatly in design; JavaScript was influenced by programming languages such as [[Self (programming language)|Self]] and [[Scheme (programming language)|Scheme]].<ref>
{{cite web
|
|
|
|page = 4
| accessdate= 2009-05-03▼
|date = 2007-10-23
|deadurl = yes
|archiveurl = https://www.webcitation.org/5rBiWD4P6?url=http://www.ecmascript.org/es4/spec/overview.pdf
|archivedate = 2010-07-13
|df =
}}
</ref>
Line 101 ⟶ 107:
So, along with Macromedia, work restarted on ECMAScript 4 with the goal of standardizing what was in ActionScript 3. To this end, Adobe Systems released the ActionScript Virtual Machine 2, code named [[Tamarin (software)|Tamarin]], as an [[open source]] project. But Tamarin and ActionScript 3 were too different from web JavaScript to converge, as was realized by the parties in 2007 and 2008.
Alas, there was still turmoil between the various players; [[Douglas Crockford]]—then at [[Yahoo!]]—joined forces with Microsoft in 2007 to oppose ECMAScript 4, which led to the ECMAScript 3.1 effort. The development of ECMAScript 4 was never completed, but that work influenced subsequent versions.<ref>{{cite web |url=http://www.ecmascript.org/docs.php |title=Documentation |website=ecmascript.org |access-date=16 July 2016 }}{{dead link|date=March 2018 |bot=InternetArchiveBot |fix-attempted=yes }}</ref>
While all of this was happening, the open source and developer communities set to work to revolutionize what could be done with JavaScript. This community effort was sparked in 2005 when [[Jesse James Garrett]] released a white paper in which he coined the term [[Ajax (programming)|Ajax]], and described a set of technologies, of which JavaScript was the backbone, used to create web applications where data can be loaded in the background, avoiding the need for full page reloads and leading to more dynamic applications. This resulted in a renaissance period of JavaScript usage spearheaded by open source libraries and the communities that formed around them, with libraries such as [[Prototype JavaScript Framework|Prototype]], [[jQuery]], [[Dojo Toolkit]], [[MooTools]], and others being released.
Line 469 ⟶ 475:
* JavaScript form validation only provides convenience for users, not security. If a site verifies that the user agreed to its terms of service, or filters invalid characters out of fields that should only contain numbers, it must do so on the server, not only the client.
* Scripts can be selectively disabled, so JavaScript can't be relied on to prevent operations such as right-clicking on an image to save it.<ref>{{cite journal
|
|
|
|
|
|deadurl = yes
|archiveurl = https://www.webcitation.org/618GtbF4O?url=http://blog.anta.net/2008/06/17/right-click-%E2%80%9Cprotection%E2%80%9D-forget-about-it/
|archivedate = 2011-08-22
|df =
}}</ref>
* It is extremely bad practice to embed sensitive information such as passwords in JavaScript because it can be extracted by an attacker.
Line 488 ⟶ 499:
These flaws have affected major browsers including Firefox,<ref>Mozilla Corporation, [http://www.mozilla.org/security/announce/2006/mfsa2006-38.html Buffer overflow in crypto.signText()]</ref> Internet Explorer,<ref>{{cite web|last1=Festa |first1=Paul |title=Buffer-overflow bug in IE |url=http://news.com.com/2100-1001-214620.html |archive-url=https://web.archive.org/web/20021225190522/http://news.com.com/2100-1001-214620.html |dead-url=yes |archive-date=December 25, 2002 |website=[[CNET]] |date=August 19, 1998 |accessdate= |df= }}</ref> and Safari.<ref>SecurityTracker.com, [http://securitytracker.com/alerts/2006/Mar/1015713.html Apple Safari JavaScript Buffer Overflow Lets Remote Users Execute Arbitrary Code and HTTP Redirect Bug Lets Remote Users Access Files]</ref>
Plugins, such as video players, [[Adobe Flash#Flash client security|Adobe Flash]], and the wide range of [[ActiveX]] controls enabled by default in Microsoft Internet Explorer, may also have flaws exploitable via JavaScript (such flaws have been exploited in the past).<ref>SecurityFocus, [http://www.securityfocus.com/bid/19030/info Microsoft WebViewFolderIcon ActiveX Control Buffer Overflow Vulnerability]</ref><ref>Fusion Authority, [http://www.fusionauthority.com/security/3234-macromedia-flash-activex-buffer-overflow.htm Macromedia Flash ActiveX Buffer Overflow] {{webarchive|url=https://www.webcitation.org/618GwPiuw?url=http://www.fusionauthority.com/security/3234-macromedia-flash-activex-buffer-overflow.htm |date=2011-08-22 }}</ref>
In Windows Vista, Microsoft has attempted to contain the risks of bugs such as buffer overflows by running the Internet Explorer process with limited privileges.<ref>{{cite web|author= |url=http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx |title=Protected Mode in Vista IE7 – IEBlog |website=Blogs.msdn.com |date=2006-02-09 |accessdate=2017-02-24}}</ref> [[Google Chrome]] similarly confines its page renderers to their own "sandbox".
Line 569 ⟶ 580:
* [[Qt Quick]]'s markup language (available since Qt 4.7) uses JavaScript for its application logic. Its declarative syntax is also similar to JavaScript.
* [[Ubuntu Touch]] provides a JavaScript API for its unified usability interface.
* [[Open webOS]] is the next generation of web-centric platforms built to run on a wide range of form factors.<ref>{{cite web|url=http://openwebosproject.org/|title=Open webOS|date=30 March 2012|publisher=|deadurl=yes|archiveurl=https://web.archive.org/web/20120330015746/http://openwebosproject.org/|
* [[Enyo (software)|enyo JS]] is a framework to develop apps for all major platforms, from phones and tablets to PCs and TVs<ref>{{cite web|url=http://enyojs.com/ |title=Enyo JavaScript Application Framework |website=Enyojs.com |date= |accessdate=2017-02-24}}</ref>
* [[WinJS]] provides a special Windows Library for JavaScript functionality in [[Windows 8]] that enables the development of [[Metro (design language)|Modern style]] (formerly ''Metro style'') applications in [[HTML5]] and JavaScript.
* [[NativeScript]] is an open-source framework to develop apps on the Apple iOS and Android platforms.
* [[Weex]] is a framework for building Mobile cross-platform UI, created by China Tech giant [[Alibaba Group|Alibaba]]<ref>{{cite web|url=https://weex-project.io/|title=Weex|date=2 February 2017|publisher=|deadurl=bot: unknown|archiveurl=https://web.archive.org/web/20170202074333/https://weex-project.io/|
* [[XULRunner]] is packaged version of the Mozilla platform to enable standalone desktop application development
| |||