2016-12-12
Question number 1: Jeanette Uddenfeldt and Victor Li
namespace GooCom\Fud;
abstract class Foo{
abstract function getFoo();}
class RealFoo extends Foo{
(Edited: 2016-12-12)
function getFoo(){
return "foo";
}
}
Question number 1: Jeanette Uddenfeldt and Victor Li
namespace GooCom\Fud;
abstract class Foo{
abstract function getFoo();
}
class RealFoo extends Foo{
function getFoo(){
return "foo";
}
}
Problem 4: - Daniel Nguyen -Sec 3
<script type="text/javascript">
var body = document.body;
var tbl = document.createElement('table');
for (var i =0; i< 50; i++) {
var tr = tbl.insertRow();
for( var j =0; j <50; j++) {
if (i == 49 && j == 49) {
break
}
else {
var td = tr.insertCell();
td.style.border = '1px solid black';
if((i+j)%2 == 0){
td.appendChild(document.createTextNode('X'));
}
else {
td.appendChild(document.createTextNode('O'));
}
}
}
}
body.innerHTML = tbl.outerHTML;
</script>
</html>
Problem 4: - Daniel Nguyen -Sec 3
<script type="text/javascript">
var body = document.body;
var tbl = document.createElement('table');
for (var i =0; i< 50; i++) {
var tr = tbl.insertRow();
for( var j =0; j <50; j++) {
if (i == 49 && j == 49) {
break
}
else {
var td = tr.insertCell();
td.style.border = '1px solid black';
if((i+j)%2 == 0){
td.appendChild(document.createTextNode('X'));
}
else {
td.appendChild(document.createTextNode('O'));
}
}
}
}
body.innerHTML = tbl.outerHTML;
</script>
</html>
Question 8: Brandon Mercado, Johnathon Ludeman
a) SQL Injection: A SQL Injection attack uses SQL statements in form inputs to execute malicious queries. This relies on non-prepared statements + input values that are not SQL escaped.
b) A target="_blank" attack takes advantage of links that use the _blank attribute. The _blank attribute opens a new tab when the link is clicked. If Javascript is used to open the the link with th _blank attribute, the script has access to the parent tab. So a script can overwrite the parent tab with whatever the script wants to write.
Mitigation: Whe using the _blank attribute in an anchor tag, one should also set the rel attribute="noopener noreferrer" to stop the child tab from scripting the parent tab.
Question 8: Brandon Mercado, Johnathon Ludeman
a) SQL Injection: A SQL Injection attack uses SQL statements in form inputs to execute malicious queries. This relies on non-prepared statements + input values that are not SQL escaped.
b) A target="_blank" attack takes advantage of links that use the _blank attribute. The _blank attribute opens a new tab when the link is clicked. If Javascript is used to open the the link with th _blank attribute, the script has access to the parent tab. So a script can overwrite the parent tab with whatever the script wants to write.
Mitigation: Whe using the _blank attribute in an anchor tag, one should also set the rel attribute="noopener noreferrer" to stop the child tab from scripting the parent tab.
//Group Members: Avinash More, Kevin Hou
7. Give an application code example of each of the following in Javascript: (a) timer, (b) XHR request, (c) Promise.
Answer:
(a) timer:
The two key methods to use with JavaScript are:
setTimeout(function, milliseconds)
- Executes a function, after waiting a specified number of milliseconds.
setInterval(function, milliseconds)
- Same as setTimeout(), but repeats the execution of the function continuously.
//Made a button that alerts hello 3 seconds after the click
<button onclick="setTimeout(myFunction, 3000)">Try it</button>
<script>
function myFunction() {
alert('Hello');
}
</script>
(b)
To create an XMLHttpRequest one could simply write in Javascript:
request = new XMLHttpRequest();
If we need to set up HTTP request headers we can use:
request.setRequestHeader("name", "value");
Sample Application code:
//make a XHR request in JS and handle the readyState
//create a http request
request = new XMLHttpRequest();
//callback function to select the case based on the response we get back
request.onreadystatechange = function()
{
switch(request.readyState) {
/*
case 0:// handle uninitialized case
case 1: // handle open but no send case
case 2: // handle send but no response case
case 3: // handle response is being downloaded case
*/
case 4:
document.getElementById("test-news").innerHTML = request.responseText;
break;
}
}
//make the request
request.open("GET", "test_news.html", true);
request.send();
(c) Promise:
var my_promise = new Promise(function(fulfill, reject) {
//get the random number
var n = Math.floor(Math.random() * 20);
//
if (n === 6) {
fulfill(n);
} else {
reject(n);
}
});
my_promise.then(function(n) {
console.log('Random number was '+n);
}. catch(n) {
console.log('Random number wasn't 6 because it was '+n);
});
//Group Members: Avinash More, Kevin Hou
7. Give an application code example of each of the following in Javascript: (a) timer, (b) XHR request, (c) Promise.
Answer:
(a) timer:
The two key methods to use with JavaScript are:
setTimeout(function, milliseconds)
- Executes a function, after waiting a specified number of milliseconds.
setInterval(function, milliseconds)
- Same as setTimeout(), but repeats the execution of the function continuously.
//Made a button that alerts hello 3 seconds after the click
<button onclick="setTimeout(myFunction, 3000)">Try it</button>
<script>
function myFunction() {
alert('Hello');
}
</script>
(b)
To create an XMLHttpRequest one could simply write in Javascript:
request = new XMLHttpRequest();
If we need to set up HTTP request headers we can use:
request.setRequestHeader("name", "value");
Sample Application code:
//make a XHR request in JS and handle the readyState
//create a http request
request = new XMLHttpRequest();
//callback function to select the case based on the response we get back
request.onreadystatechange = function()
{
switch(request.readyState) {
/*
case 0:// handle uninitialized case
case 1: // handle open but no send case
case 2: // handle send but no response case
case 3: // handle response is being downloaded case
*/
case 4:
document.getElementById("test-news").innerHTML = request.responseText;
break;
}
}
//make the request
request.open("GET", "test_news.html", true);
request.send();
(c) Promise:
var my_promise = new Promise(function(fulfill, reject) {
//get the random number
var n = Math.floor(Math.random() * 20);
//
if (n === 6) {
fulfill(n);
} else {
reject(n);
}
});
my_promise.then(function(n) {
console.log('Random number was '+n);
}. catch(n) {
console.log('Random number wasn't 6 because it was '+n);
});
3)
a) git init myrepo
b) git branch developer
c) git format-patch rev1 rev2 --stdout>devPatch.patch
Ankit Basarkar
3)
a) git init myrepo
b) git branch developer
c) git format-patch rev1 rev2 --stdout>devPatch.patch
Ankit Basarkar
Team: Gaurav Gupta, Vasudha Venkatesh
section 3
Problem: 5
<!DOCTYPE html>
<html>
<body>
<script>
function validate()
{
var elt=document.getElementById(phnoid);
var pattern=/^\(\d{3}\)\s\d{3}-\d{4}$/;
if(elt.value.match(pattern)) return true;
else {document.getElementById("errormsg").innerHTML= "input value is invalid";
return false;}
}
</script>
<form id="form1" onsubmit="return validate();"> <input type="text" id="phnoid" name="phno" /> <input type="submit" name="btnn" id="btnnid" /> <p id="errormsg"></p> </form> </body></html>
Team: Gaurav Gupta, Vasudha Venkatesh
section 3
Problem: 5
<!DOCTYPE html>
<html>
<body>
<script>
function validate()
{
var elt=document.getElementById(phnoid);
var pattern=/^\(\d{3}\)\s\d{3}-\d{4}$/;
if(elt.value.match(pattern)) return true;
else {document.getElementById("errormsg").innerHTML= "input value is invalid";
return false;}
}
</script>
<form id="form1" onsubmit="return validate();"> <input type="text" id="phnoid" name="phno" /> <input type="submit" name="btnn" id="btnnid" /> <p id="errormsg"></p> </form> </body></html>
Team: Chris Agbuya, Adam Homann, Richard Perez
Section: 3
Problem: 6
<?xml version = "1.0" encoding ="utf-8" ?>
<!-- BusinessCard.dtd -->
<!ELEMENT BusinessCard (FullName, Position, Business, Address) >
<!ELEMENT FullName (#PCDATA)>
<!ELEMENT Position (#PCDATA)>
<!ELEMENT Business (#PCDATA)>
<!ELEMENT Address (#PCDATA)>
<!ATTLIST VIP CDATA "VIP" >
Team: Chris Agbuya, Adam Homann, Richard Perez
Section: 3
Problem: 6
<?xml version = "1.0" encoding ="utf-8" ?>
<!-- BusinessCard.dtd -->
<!ELEMENT BusinessCard (FullName, Position, Business, Address) >
<!ELEMENT FullName (#PCDATA)>
<!ELEMENT Position (#PCDATA)>
<!ELEMENT Business (#PCDATA)>
<!ELEMENT Address (#PCDATA)>
<!ATTLIST VIP CDATA "VIP" >
Team members: Madhuri Jujare and Fion Leong
Question 2: Describe and give an example of the POST-REDIRECT-GET pattern.
When you click the reload or back button on a page that's a result of a POST'd form, your browser asks for data to be submitted, to which users typically click okay -- this isn't a wise habit. To solve this problem, the POST-REDIRECT-GET pattern is used.
When POST is used for the form, data is processed in the receiving controller. Rather than choosing a view to display the data, we instead output a 301 redirect location header to some safe page e.g. in PHP:
<?php
header("Location: http://somewheresafe.com/");
When the browser goes to http://somewheresafe.com, it uses GET to request the page. Because the POST'd form data resulted in a redirect, only the get location is stored in the browser history. So now, clicking the back button will go through this same page and the page before this where the form was initially blank.
(Edited: 2016-12-13) Team members: Madhuri Jujare and Fion Leong
Question 2: Describe and give an example of the POST-REDIRECT-GET pattern.
When you click the reload or back button on a page that's a result of a POST'd form, your browser asks for data to be submitted, to which users typically click okay -- this isn't a wise habit. To solve this problem, the POST-REDIRECT-GET pattern is used.
When POST is used for the form, data is processed in the receiving controller. Rather than choosing a view to display the data, we instead output a 301 redirect location header to some safe page e.g. in PHP:
<?php
header("Location: http://somewheresafe.com/");
When the browser goes to http://somewheresafe.com, it uses GET to request the page. Because the POST'd form data resulted in a redirect, only the get location is stored in the browser history. So now, clicking the back button will go through this same page and the page before this where the form was initially blank.
Team members: Madhuri Jujare and Fion Leong
Question 9: Define the following terms: (a) internationalization (b) code point (c) grapheme
(a) internationalization: adding to an application the ability to input, process, and output international text
(b) code point: number which an abstract character maps to
(c) grapheme: the smallest unit of a writing system of any given language. Graphemes include, but are not limited to alphabetic letters, typographic ligatures, Chinese characters, numerical digits, and punctuation marks. For example, ã, a, and fi are all graphemes. In regards to Unicode, a character in Unicode doesn't always map to what one might think of as a character. For instance, ã can be represented as the code point U+00E3 or as an "a" U+0061 followed by a combining tilde U+0303. These two representations count as graphemes.
Team members: Madhuri Jujare and Fion Leong
Question 9: Define the following terms: (a) internationalization (b) code point (c) grapheme
(a) internationalization: adding to an application the ability to input, process, and output international text
(b) code point: number which an abstract character maps to
(c) grapheme: the smallest unit of a writing system of any given language. Graphemes include, but are not limited to alphabetic letters, typographic ligatures, Chinese characters, numerical digits, and punctuation marks. For example, ã, a, and fi are all graphemes. In regards to Unicode, a character in Unicode doesn't always map to what one might think of as a character. For instance, ã can be represented as the code point U+00E3 or as an "a" U+0061 followed by a combining tilde U+0303. These two representations count as graphemes.
(c) 2024 Yioop - PHP Search Engine