...

View Full Version : Some Questions Regarding JavaScript



Hashim1
01-11-2012, 07:20 PM
Ok, so I have a couple of questions about JavaScript that I would like answered by the programming gurus on this forum, please. :)

Firstly, I have an idea for an online text-based role-playing game (games like GangsterParadise, etc.), and I am wondering, is it possible (or advisable?) to create the site using nothing but HTML, CSS and JavaScript? Can it be done, and if so, are there any downsides to doing this? I have heard using strictly JavaScript as a programming language on its own, on a site where members will have their own password-protected accounts, should not be done, as there are serious security flaws - is this true, and if so, why?

Secondly, most JS programmers on the forum have probably digested and been through hundreds and hundreds of books on the subject since beginning to learn JavaScript - in your opinion, what are the best books to get hold of, for a relative beginner to JavaScript? What book makes the language easy to understand, and doesn't have you scratching your head to make sense of what it is saying?

Thanks a lot in advance for the help, it's much appreciated. :)

rnd me
01-11-2012, 08:51 PM
no book make js any easier if you already learned to program in some other language.

i assume you mean browser js when you say "js". i don't know any good way of doing password protected accounts with just browser js.

that said, you can do 90% of the game VERY well using only js/html/css. you need some kind of a backend to store and share data between different users.


i use javascript on the backend as well (node.js), and can i assure you; it's as safe as any other backend language. without a backend, you have to give all players the same info, and you can't save individual variances.

Hashim1
01-11-2012, 09:10 PM
no book make js any easier if you already learned to program in some other language.

i assume you mean browser js when you say "js". i don't know any good way of doing password protected accounts with just browser js.

that said, you can do 90% of the game VERY well using only js/html/css. you need some kind of a backend to store and share data between different users.


i use javascript on the backend as well (node.js), and can i assure you; it's as safe as any other backend language. without a backend, you have to give all players the same info, and you can't save individual variances.

Could you explain what you mean when you say "backend", please? :) And also, I heard that it would usnafe to use Javascript, as Javascript can simply be disabled by a user's browser? Would coding it in JavaScript then not render my site unusable if JavaScript was disabled? Same with validating the user registration fields via JS, would it not be very easy to bypass them if all of it was done using JS? This is the only reason I was thinking using JavaScript might be seriously flawed, as it is client-side, and could easily be disabled by the user - would this not cause major problems?

Dormilich
01-12-2012, 06:33 AM
Could you explain what you mean when you say "backend", please?
backend = server-side programmes/scripts


And also, I heard that it would usnafe to use Javascript, as Javascript can simply be disabled by a user's browser?
a JS script is as "unsafe" as you make it. but disabling JS does not make it unsafe (depending on your understanding of the term unsafe).


Would coding it in JavaScript then not render my site unusable if JavaScript was disabled?
yes. but you don't have a choice when you want to handle user interactions.


Same with validating the user registration fields via JS, would it not be very easy to bypass them if all of it was done using JS?
that's why you always (should) have to do server-side validation. one paradigm of server-side scripting/programming: never ever trust userland data!


This is the only reason I was thinking using JavaScript might be seriously flawed, as it is client-side, and could easily be disabled by the user - would this not cause major problems?
it's not a flaw of JS, it's a flaw of client-side scripting in common. but without that you'd never be able to make a rich user experience.

felgall
01-12-2012, 08:05 AM
If you already have programming experience in some other language then the Wrox book "Professional JavaScript for Web Developers" by Nicholas Zakas is probably the best choice. It presents JavaScript in the same way that other programming languages are presented.

JavaScript is perfectly safe to use. The only potential issue is that it will not be available for everyone and so you should only use it either to provide a more immediate response without reloading web pages (where those without JavaScript will get the same response but will need to have the page reload after running a server side script to achieve the same result) or for things that are not essential.

Of you make having JavaScript enabled a requirement for running a JavaScript based game then there isn't going to be any issues since those without JavaScript are not going to be able to play the game anyway and the game isn't something that everyone has to be able to play (or you'd need a version that doesn't require a computer for those without a computer as well).

Hashim1
01-12-2012, 02:46 PM
yes. but you don't have a choice when you want to handle user interactions.


Thanks for your help answering those questions, they really helped. But what do you mean by the above? Surely you have a choice by handling user interactions with another language, like PHP, for example?

And for the record, I haven't learned to program/write scripts in any other language, JS is the first programming language I am getting to grips with.


Of you make having JavaScript enabled a requirement for running a JavaScript based game then there isn't going to be any issues since those without JavaScript are not going to be able to play the game anyway and the game isn't something that everyone has to be able to play (or you'd need a version that doesn't require a computer for those without a computer as well).

I understand what you're saying, but what I'm trying to say, I suppose, is: is it recommended to code a site entirely in JS, as opposed to PHP, for example? Because, of course, being server-side, PHP has a lot of advantages over JS, and I presume this is why it is used a lot more when coding sites like mine?

Dormilich
01-12-2012, 03:23 PM
Thanks for your help answering those questions, they really helped. But what do you mean by the above? Surely you have a choice by handling user interactions with another language, like PHP, for example?
nope. as PHP resides on the server, it can't handle user interaction (like doing something when the user clicks somewhere). PHP works based on the HTTP Request/Response model.


but what I'm trying to say, I suppose, is: is it recommended to code a site entirely in JS, as opposed to PHP, for example? Because, of course, being server-side, PHP has a lot of advantages over JS, and I presume this is why it is used a lot more when coding sites like mine?
you're comparing apples with pears. PHP and JS have totally different intentions of use (building HTML code vs. live user interaction)

PS. you can't code a site entirely in JS. a site is always coded in HTML. PHP prepares all the HTML code on the server and sends it to the browser, JS is able to change HTML code based on given events. but you need at least some HTML to load the JS scripts.

rnd me
01-12-2012, 04:47 PM
js is much faster at responding to clicks than php would be. you can do it php only or js only, but both of those choices have severe limitations. That's why just about all apps use a hybrid of js and some back-end technology like php, perl, asp, js, or python.

if you do want to write only client-side JS code, there are an increasing number of free and for-hire back-end APIs to perform variety of common server tasks. Some of the major free ones are yahoo Pipes, gData, and YQL. If you intend to store and share data, as opposed to just dispersing it, you are likely going to need at least some custom server-side code.

Hashim1
01-13-2012, 10:24 PM
nope. as PHP resides on the server, it can't handle user interaction (like doing something when the user clicks somewhere). PHP works based on the HTTP Request/Response model.

Oh okay, I wasn't aware of that, I assumed PHP could also handle user interactions. So what you're saying is, JavaScript handles user or brosser interactions (clicking of a mouse, page loading, etc.), and PHP basically handles and stores data that is sent to it, and cannot handle user interactions of any sort?



PS. you can't code a site entirely in JS. a site is always coded in HTML. PHP prepares all the HTML code on the server and sends it to the browser, JS is able to change HTML code based on given events. but you need at least some HTML to load the JS scripts.

Lol, no, I am aware a site isn't built in JS, HTML is used to build all webpages, of course, but what I was trying to say was, is it recommended to code a site either in PHP or JavaScript, one or the other, entirely?


js is much faster at responding to clicks than php would be. you can do it php only or js only, but both of those choices have severe limitations. That's why just about all apps use a hybrid of js and some back-end technology like php, perl, asp, js, or python.

So it is possible to do that, then? Using JavaScript to handle user interactions, and handle aspects that need to be handled via the server, such as user database, etc, via PHP?

felgall
01-14-2012, 12:04 AM
is it recommended to code a site either in PHP or JavaScript, one or the other, entirely?

Neither. They both serve totally different purposes and so what can be done with one cannot be done with the other.

For example if you have a form on your web page you can use JavaScript to make it more user friendly to those filling out the form with JavaScript enabled to advise them of any invalid values they have entered. You can't use JavaScript to validate the form input though as not all of your visitors will have JavaScript and some will deliberately turn it off of it doesn't allow the invalid values they are trying to enter to break into your site. You must have server side processing to provide the form validation and to actually do something with the data received in the form, neither of these can be done with just JavaScript.

Philip M
01-14-2012, 07:33 AM
JavaScript form validation only provides convenience for users, not security. This means that JavaScript should be used as an "enhancement", not as a requirement. So your form should not be dependent on JavaScript alone to perform your validation. Instead, whatever server-side language you use to process the form (PERL, ASP, PHP, etc.) should also perform the same validation. If for example a script verifies that the user agreed to a firm's terms of service, or filters invalid characters out of fields that should only contain numbers, the validation must also be performed server-side, and not just on the client. Otherwise, people will be able to bypass your validation (and even possibly inject malicious code) simply by disabling Javascript.

felgall
01-14-2012, 09:07 PM
whatever server-side language you use to process the form (PERL, ASP, PHP, etc.) should also perform the same validation.

Unless there are some validations that cannot be easily performed in the browser or not worth performing in the browser in which case they would only be run on the server and a form that passes the JavaScript validation might still be rejected. For example there might be fields that need to be compared with data on the server where 99.99% of values will pass and it just isn't worth the overhead of setting up an ajax call for the client side validation to cover the exceptions.

Any validations done in JavaScript need to be repeated on the server but not all validations done on the server will necessarily have been checked first in javaScript.

Hashim1
01-14-2012, 09:37 PM
Neither. They both serve totally different purposes and so what can be done with one cannot be done with the other.

For example if you have a form on your web page you can use JavaScript to make it more user friendly to those filling out the form with JavaScript enabled to advise them of any invalid values they have entered. You can't use JavaScript to validate the form input though as not all of your visitors will have JavaScript and some will deliberately turn it off of it doesn't allow the invalid values they are trying to enter to break into your site. You must have server side processing to provide the form validation and to actually do something with the data received in the form, neither of these can be done with just JavaScript.


JavaScript form validation only provides convenience for users, not security. This means that JavaScript should be used as an "enhancement", not as a requirement. So your form should not be dependent on JavaScript alone to perform your validation. Instead, whatever server-side language you use to process the form (PERL, ASP, PHP, etc.) should also perform the same validation. If for example a script verifies that the user agreed to a firm's terms of service, or filters invalid characters out of fields that should only contain numbers, the validation must also be performed server-side, and not just on the client. Otherwise, people will be able to bypass your validation (and even possibly inject malicious code) simply by disabling Javascript.


Unless there are some validations that cannot be easily performed in the browser or not worth performing in the browser in which case they would only be run on the server and a form that passes the JavaScript validation might still be rejected. For example there might be fields that need to be compared with data on the server where 99.99% of values will pass and it just isn't worth the overhead of setting up an ajax call for the client side validation to cover the exceptions.

Any validations done in JavaScript need to be repeated on the server but not all validations done on the server will necessarily have been checked first in javaScript.

Thank you to all three of you, informative and helpful answers, I'm now clear on what I need to do in terms of that particular aspect of the site.

What about my second question in my original post, regarding a good book to use to learn JavaScript? Can any of you recommend something?

felgall
01-14-2012, 11:12 PM
What about my second question in my original post, regarding a good book to use to learn JavaScript? Can any of you recommend something?

If you have experience programming in other languages then the WROX book "Professional JavaScript for Web Developers" by Nicholas Zakas presents JavaScript in the same way that you would be used to from books on other programming languages.

If you don't have much previous programming knowledge then the O'Reilly book "Head First JavaScript" by Michael Morrison is one of the better ones as it provides you with lots of interactive ways to help you to remember what it teaches.

If you prefer an online resource with lots of examples then take a look at the site in my sig.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum