Index
A
- addToDo() function / Frontend code for the to-do list app on top of Express.js
- Ajax
- about / jQuery Ajax
- alert() function
- about / What is cross-site scripting?
- animate() method / Animation
- app ID
- app secret
- attacks
- preventing / Basic defense against similar attacks
- autoescape function / Do not trust users – parsing input by users
B
- Bootstrap
C
- chaining
- about / Chaining
- checkPasswordValues() function / The templates
- checkUserNameValues() function / The templates
- cookie-session
- cross-site request forgery (CSRF) / Cross-site request forgery
- about / Introducing cross-site request forgery
- examples / Examples of CSRF, Other examples of CSRF
- <img> tags, using / CSRF using the <img> tags
- cross-site scripting
- about / What is cross-site scripting?
- persistent cross-site scripting / Persistent cross-site scripting
- nonpersistent cross-site scripting / Nonpersistent cross-site scripting
- examples / Examples of cross-site scripting, Cross-site scripting example 1, Cross-site scripting example 2, Cross-site scripting example 3
- to-do app, building with Tornado/Python / A simple to-do app using Tornado/Python
- defending against / Defending against cross-site scripting, Do not trust users – parsing input by users
- cross site scripting (XSS) / Cross-site scripting
- csrf
- CSRF attacks
- defense against / Basic defense against CSRF attacks
D
- defending against, JavaScript phishing
- about / Defending against JavaScript phishing
- newer version of web browsers, upgrading / Upgrading to latest versions of web browsers
- real web pages, recognizing / Recognizing real web pages
- site, protecting against XSS/CSRF / Protecting your site against XSS and CSRF
- pop ups, avoiding / Avoid using pop ups and keep your address bars
- address bars, keeping / Avoid using pop ups and keep your address bars
E
- eBay
- Express.js
- URL / Building a RESTful server
- used, for building RESTful server / A simple RESTful server in Node.js and Express.js
F
- fadeIn() function / Chaining
- fadeout() function / Chaining
- formEnter() function / The templates
- full-stack JavaScript / Full-stack JavaScript
G
- Google Caja
- Google Chrome
H
- hide() function / Hide/Show
- HTML/CSS
- JavaScript, using with / JavaScript and your HTML/CSS elements
- htmlentities() function
J
- JavaScript
- using, with HTML/CSS / JavaScript and your HTML/CSS elements
- functionalities / JavaScript and your HTML/CSS elements
- on server side / JavaScript on the server side
- JavaScript phishing
- about / What is JavaScript phishing?
- JavaScript phishing, examples
- about / Examples of JavaScript phishing
- classic examples / Classic examples
- user history access, by accessing local state / Accessing user history by accessing the local state
- XSS / XSS and CSRF
- CSRF / XSS and CSRF
- events, intercepting / Intercepting events
- JavaScript security issues
- about / JavaScript security issues
- cross-site request forgery (CSRF) / Cross-site request forgery
- cross site scripting (XSS) / Cross-site scripting
- jQuery Ajax
- about / jQuery Ajax
- GET request / jQuery GET
- getJSON() request / jQuery getJSON
- POST request / jQuery POST
- jQuery effects
- about / jQuery effects
- hide/show / Hide/Show
- toggle / Toggle
- animation / Animation
- jQuery GET
- about / jQuery GET
- jQuery getJSON
- about / jQuery getJSON
- jQuery POST
- about / jQuery POST
M
- MAMP
- URL / Cross-origin injection
- misplaced trust, in client
- about / When trust gets misplaced
- simple create user example / A simple example
- server side, building / Building the server side – mistrust.py
- working, on client-side code templates / The templates
- JavaScript code, manipulating / Manipulating the JavaScript code
- dealing with / Dealing with mistrust
- MongoDB
- Mozilla Firefox
N
- Node.js
- URL / Building a RESTful server
- used, for building RESTful server / A simple RESTful server in Node.js and Express.js
- nonpersistent cross-site scripting
O
- Origin header
- checking / Checking the Origin header
P
- PayPal
- about / Classic examples
- URL / Classic examples, Recognizing real web pages
- persistent cross-site scripting
- about / Persistent cross-site scripting
- protection forms, cross-site scripting
- HTML and JavaScript escaping/validating / Do not trust users – parsing input by users
- cookie security / Do not trust users – parsing input by users
- scripts, diabling / Do not trust users – parsing input by users
- protection techniques
- about / Other forms of protection
- OAuth-styled / Creating your own app ID and app secret – OAuth-styled
- Origin header, checking / Checking the Origin header
- lifetime, limiting of token / Limiting the lifetime of the token
- PyMongo
- URL / Coding up server.py
- Python
- URL / Coding up server.py
- Python setuptools
- URL / Coding up server.py
R
- RESTful server
- building / Building a RESTful server
- building, Node.js used / A simple RESTful server in Node.js and Express.js
- building, Express.js used / A simple RESTful server in Node.js and Express.js
- frontend code, to-do app / Frontend code for the to-do list app on top of Express.js
- cross-origin injection / Cross-origin injection
- JavaScript code, injecting via external form / Injecting JavaScript code
- API endpoints, guessing / Guessing the API endpoints
S
- secure-filters
- show() function / Hide/Show
- slideDown() function / Chaining
- slideUp() function / Chaining
- submitForm() function / The templates
T
- to-do app
- server.py, coding up / Coding up server.py
- todoTemplate() function / Frontend code for the to-do list app on top of Express.js
- toggle() function / Toggle
- toggleForm() function / Frontend code for the to-do list app on top of Express.js
- Tornado web framework
- URL / Coding up server.py
- tornado_cors
- URL / Coding up server.py