Javascript example

XSS / Code injection

A page can load javascript from anywhere.

When users can edit website content, use PHP's:

• htmlentities($str)
• strip_tags($str[, $allowed_tags])

Popup windows

window.open("http://example.com", "new window", options)

DOM

Document Object Model - object-oriented representation of a web page

An object is created for every element (tag) on the page

    <a href="http://example.com" id="mylink1">link</a>

generates an HTMLAnchorElement object, which contains its attributes (such as href), its style information, its children and parent pointers, etc

• http://gamera.caset.buffalo.edu/~depape/315/jsinner.html
• http://gamera.caset.buffalo.edu/~depape/315/jsevent2.html
• http://gamera.caset.buffalo.edu/~depape/315/jshide.html
• http://gamera.caset.buffalo.edu/~depape/315/jshighlight.html
• http://gamera.caset.buffalo.edu/~depape/315/jshighlight2.html

function $(name)
  {
  return document.getElementById(name)
  }

This document is by Dave Pape, and is released under a Creative Commons License.