Chapter 1, JavaScript and the Web, provides a broad overview of the role of JavaScript in the Web. You will learn that JavaScript, besides giving behavior to web pages, can do a lot more today. JavaScript is now not only used on the client side, but also on the server side. JavaScript is almost the de facto standard way to create delightful experiences on the Web.

Chapter 2, Secure Ajax RESTful APIs, touches upon using JavaScript in tandem with RESTful APIs. We will learn how to make basic GET and POST calls to an endpoint. Subsequently, we will learn how to make malicious requests. From this chapter, we will learn more about some specific topics.

Chapter 3, Cross-site Scripting, explains what cross-site scripting is and helps you understand how such issues can occur. Most importantly, you will also learn how to minimize such risks.

Chapter 4, Cross-site Request Forgery, explains what cross-site forgery is and helps you understand how such issues can occur. Most importantly, you will also learn how to minimize such risks.

Chapter 5, Misplaced Trust in the Client, discusses a broad topic that can take place in many forms. In general, misplaced trust in the client takes place when the author's JavaScript code doesn't work as intended due to malicious actions by an adversary.

Chapter 6, JavaScript Phishing, explores the different ways in which JavaScript can be used to achieve a malicious end. JavaScript phishing is usually associated with online identity theft and privacy intrusion.

You will need the following in order to go through this book successfully:

This book is for readers who have knowledge of JavaScript scripting and are comfortable with using JavaScript (such as using jQuery) to consume Web APIs. Some Python scripting experience is useful but not required. Most importantly, readers should be curious to know about the basics of JavaScript security.

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "A jQuery .get() request simply performs a GET request from a server."

A block of code is set as follows:

var jqxhr = $.get("http://example.com/data", function() {
  alert( "success" );
})
  .done(function() {
    alert( "second success" );
  })
  .fail(function() {
    alert( "error" );
  })
  .always(function() {
    alert( "finished" );
  });

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

var express    = require('express');
var bodyParser = require('body-parser');
var app        = express();
var session    = require('cookie-session');
var csrf    = require('csrf');

app.use(csrf());
app.use(bodyParser());

Any command-line input or output is written as follows:

sudo pip install tornado==3.1
sudo pip install pymongo
sudo pip install tornado-cors

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Click on Submit."

Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.