Chapter 9
DecodeURICcomponent () function
A built- in function used in JavaScript for encoding the individual parts of a URI.
DecodeURICcomputer () function
A built- in function used in javaScript for decoding the individual parts of a URI.
Content delivery network (CDN)
A company that maintains web serves optimized for fast delivery of content.
Same origin policy
A java script security feature that restricts how JavaScript code in one window, tab, or frame accesses a web page in another window, tab, or frame on a client computer.
Web storage
A newer specification for storing data about a web session, which sets out standards for storing more information than cookies allow and uses a syntax and methods that are more intuitive than cookies.
Code injection attacks
A security threat in which a program or user enters JavaScript code that changes the function of the web page.
Query string
A set of name- value pairs appended to a target URL
Hypertext Transfer Protocol (HTTP)
A set of rules used by browers and servers to exchange information about web documents
Hidden form field
A special type of input element that is not displayed by web browsers and, therefore , allows developers to hide information form users.
Token
A string of random characters used to verify a user's identity in a system that supports persistent logins
Man-in-the-middle attack
An attack in which data being exchange between two parties is read and potentially change in transit.
Persistent Cookies
Cookies that remain available beyond the current browser session an are stored in a text file on a client computer.
Temporary cookies
Cookies that remain available only for the current browser session.
Stateless
Describe a protocol that doesn't accommodate storing persistent data.
State information
Information about individual visits to a web site.
Third- party scripts
Scripts from other domains.
HTTP
See Hypertext Transfer Protocol (HTTP)
Cookies
Small pieces of information that are stored in text files on a user's computer.
Expires attribute
The attribute of the cookie property that determines how long a cookie can remain on a client system before it is deleted.
Path Attribute
The attribute of the cookie property that determines the availability of a cookie to other web pages on a server.
Domain attribute
The attribute of the cookie property that specifies how widely a cookie can be shared across multiple servers in the same domain.
Transport layer security (TLS)
The encryption standard planned to eventually replace SSL.
Secure sockets layer (SSL)
The main protocol used to encrypt data on web sites.
Encoding
The process of converting each special character in a text string to its corresponding hexadecimal ASCIL value, preceded by a percent sign.
Domain property
The property of the document object that can use to change the origin of a document to its root domain name.
Sessionstorage property
The web storage property that you use for storage that is removed automatically when a user closes the browser tab or window that generated it, much like temporary cookies.
Localstorage property
The web storage property that you use for storage that remains until you run code to delete it, similar to persistent cookies.
Escape
To convert characters to their characters code equivalents, similar to encoding.
Secure coding
Writing code in a way that minimizes any intentional or accidental security issues. (defensive coding)