Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: JavaScript and the Web; JavaScript and your HTML/CSS; jQuery effects; Hide/Show; Toggle; Animation; Chaining; jQuery Ajax; jQuery GET; jQuery getJSON; jQuery POST; JavaScript beyond the client; JavaScript on the server side; Full-stack JavaScript; JavaScript security issues; Cross-site request forgery; Cross-site scripting; Summary; Chapter 2: Secure Ajax RESTful APIs; Building a RESTful server; A simple RESTful server in Node.js and Express.js
Frontend code for the to-do list app on top of ExpressJSCross-origin injection ; Injecting JavaScript code; Guessing the API endpoints; Basic defense against similar attacks; Summary; Chapter 3: Cross-site Scripting; What is cross-site scripting?; Persistent cross-site scripting; Nonpersistent cross-site scripting; Examples of cross-site scripting; A simple to-do app using Tornado/Python; Coding up server.py; Cross-site scripting example 1; Cross-site scripting example 2; Cross-site scripting example 3; Defending against cross-site scripting; Do not trust users -- parsing input by users
Chapter 6: JavaScript PhishingWhat is JavaScript phishing?; Examples of JavaScript phishing; Classic examples; Accessing user history by accessing local state; XSS and CSRF; Intercepting events; Defending against JavaScript phishing; Upgrading to latest versions of web browsers; Recognizing real web pages; Protecting your site against XSS and CSRF; Avoid using pop ups and keep your address bars; Summary; Index
Summary
Annotation This book is for JavaScript developers having basic web development knowledge and also for those who want to explore the security issues that arise from the use of JavaScript. Prior knowledge of how JavaScript is used, such as for DOM manipulation or to perform Ajax operations, is assumed