Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    Regular Coder
    Join Date
    Dec 2010
    Location
    Sheffield, UK
    Posts
    138
    Thanks
    81
    Thanked 1 Time in 1 Post

    Some Questions Regarding JavaScript

    Ok, so I have a couple of questions about JavaScript that I would like answered by the programming gurus on this forum, please.

    Firstly, I have an idea for an online text-based role-playing game (games like GangsterParadise, etc.), and I am wondering, is it possible (or advisable?) to create the site using nothing but HTML, CSS and JavaScript? Can it be done, and if so, are there any downsides to doing this? I have heard using strictly JavaScript as a programming language on its own, on a site where members will have their own password-protected accounts, should not be done, as there are serious security flaws - is this true, and if so, why?

    Secondly, most JS programmers on the forum have probably digested and been through hundreds and hundreds of books on the subject since beginning to learn JavaScript - in your opinion, what are the best books to get hold of, for a relative beginner to JavaScript? What book makes the language easy to understand, and doesn't have you scratching your head to make sense of what it is saying?

    Thanks a lot in advance for the help, it's much appreciated.
    http://www.topcashback.co.uk/ref/hashim1

    ^
    Total earnings so far: £25.15
    A very generous cashback site worth checking out.


  • #2
    Senior Coder rnd me's Avatar
    Join Date
    Jun 2007
    Location
    Urbana
    Posts
    4,349
    Thanks
    11
    Thanked 589 Times in 570 Posts
    no book make js any easier if you already learned to program in some other language.

    i assume you mean browser js when you say "js". i don't know any good way of doing password protected accounts with just browser js.

    that said, you can do 90% of the game VERY well using only js/html/css. you need some kind of a backend to store and share data between different users.


    i use javascript on the backend as well (node.js), and can i assure you; it's as safe as any other backend language. without a backend, you have to give all players the same info, and you can't save individual variances.
    my site (updated 13/9/26)
    BROWSER STATS [% share] (2014/5/28) IE7:0.1, IE8:5.3, IE11:8.4, IE9:3.2, IE10:3.2, FF:18.2, CH:46, SF:7.9, NON-MOUSE:32%

  • #3
    Regular Coder
    Join Date
    Dec 2010
    Location
    Sheffield, UK
    Posts
    138
    Thanks
    81
    Thanked 1 Time in 1 Post
    Quote Originally Posted by rnd me View Post
    no book make js any easier if you already learned to program in some other language.

    i assume you mean browser js when you say "js". i don't know any good way of doing password protected accounts with just browser js.

    that said, you can do 90% of the game VERY well using only js/html/css. you need some kind of a backend to store and share data between different users.


    i use javascript on the backend as well (node.js), and can i assure you; it's as safe as any other backend language. without a backend, you have to give all players the same info, and you can't save individual variances.
    Could you explain what you mean when you say "backend", please? And also, I heard that it would usnafe to use Javascript, as Javascript can simply be disabled by a user's browser? Would coding it in JavaScript then not render my site unusable if JavaScript was disabled? Same with validating the user registration fields via JS, would it not be very easy to bypass them if all of it was done using JS? This is the only reason I was thinking using JavaScript might be seriously flawed, as it is client-side, and could easily be disabled by the user - would this not cause major problems?
    Last edited by Hashim1; 01-11-2012 at 09:14 PM.
    http://www.topcashback.co.uk/ref/hashim1

    ^
    Total earnings so far: £25.15
    A very generous cashback site worth checking out.


  • #4
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,291
    Thanks
    13
    Thanked 345 Times in 341 Posts
    Quote Originally Posted by Hashim1 View Post
    Could you explain what you mean when you say "backend", please?
    backend = server-side programmes/scripts

    Quote Originally Posted by Hashim1 View Post
    And also, I heard that it would usnafe to use Javascript, as Javascript can simply be disabled by a user's browser?
    a JS script is as "unsafe" as you make it. but disabling JS does not make it unsafe (depending on your understanding of the term unsafe).

    Quote Originally Posted by Hashim1 View Post
    Would coding it in JavaScript then not render my site unusable if JavaScript was disabled?
    yes. but you don't have a choice when you want to handle user interactions.

    Quote Originally Posted by Hashim1 View Post
    Same with validating the user registration fields via JS, would it not be very easy to bypass them if all of it was done using JS?
    that's why you always (should) have to do server-side validation. one paradigm of server-side scripting/programming: never ever trust userland data!

    Quote Originally Posted by Hashim1 View Post
    This is the only reason I was thinking using JavaScript might be seriously flawed, as it is client-side, and could easily be disabled by the user - would this not cause major problems?
    it's not a flaw of JS, it's a flaw of client-side scripting in common. but without that you'd never be able to make a rich user experience.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #5
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,640
    Thanks
    0
    Thanked 649 Times in 639 Posts
    If you already have programming experience in some other language then the Wrox book "Professional JavaScript for Web Developers" by Nicholas Zakas is probably the best choice. It presents JavaScript in the same way that other programming languages are presented.

    JavaScript is perfectly safe to use. The only potential issue is that it will not be available for everyone and so you should only use it either to provide a more immediate response without reloading web pages (where those without JavaScript will get the same response but will need to have the page reload after running a server side script to achieve the same result) or for things that are not essential.

    Of you make having JavaScript enabled a requirement for running a JavaScript based game then there isn't going to be any issues since those without JavaScript are not going to be able to play the game anyway and the game isn't something that everyone has to be able to play (or you'd need a version that doesn't require a computer for those without a computer as well).
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #6
    Regular Coder
    Join Date
    Dec 2010
    Location
    Sheffield, UK
    Posts
    138
    Thanks
    81
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Dormilich View Post
    yes. but you don't have a choice when you want to handle user interactions.
    Thanks for your help answering those questions, they really helped. But what do you mean by the above? Surely you have a choice by handling user interactions with another language, like PHP, for example?

    And for the record, I haven't learned to program/write scripts in any other language, JS is the first programming language I am getting to grips with.

    Quote Originally Posted by felgall
    Of you make having JavaScript enabled a requirement for running a JavaScript based game then there isn't going to be any issues since those without JavaScript are not going to be able to play the game anyway and the game isn't something that everyone has to be able to play (or you'd need a version that doesn't require a computer for those without a computer as well).
    I understand what you're saying, but what I'm trying to say, I suppose, is: is it recommended to code a site entirely in JS, as opposed to PHP, for example? Because, of course, being server-side, PHP has a lot of advantages over JS, and I presume this is why it is used a lot more when coding sites like mine?
    http://www.topcashback.co.uk/ref/hashim1

    ^
    Total earnings so far: £25.15
    A very generous cashback site worth checking out.


  • #7
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,291
    Thanks
    13
    Thanked 345 Times in 341 Posts
    Quote Originally Posted by Hashim1 View Post
    Thanks for your help answering those questions, they really helped. But what do you mean by the above? Surely you have a choice by handling user interactions with another language, like PHP, for example?
    nope. as PHP resides on the server, it can't handle user interaction (like doing something when the user clicks somewhere). PHP works based on the HTTP Request/Response model.

    Quote Originally Posted by Hashim1 View Post
    but what I'm trying to say, I suppose, is: is it recommended to code a site entirely in JS, as opposed to PHP, for example? Because, of course, being server-side, PHP has a lot of advantages over JS, and I presume this is why it is used a lot more when coding sites like mine?
    you're comparing apples with pears. PHP and JS have totally different intentions of use (building HTML code vs. live user interaction)

    PS. you can't code a site entirely in JS. a site is always coded in HTML. PHP prepares all the HTML code on the server and sends it to the browser, JS is able to change HTML code based on given events. but you need at least some HTML to load the JS scripts.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • Users who have thanked Dormilich for this post:

    Hashim1 (01-13-2012)

  • #8
    Senior Coder rnd me's Avatar
    Join Date
    Jun 2007
    Location
    Urbana
    Posts
    4,349
    Thanks
    11
    Thanked 589 Times in 570 Posts
    js is much faster at responding to clicks than php would be. you can do it php only or js only, but both of those choices have severe limitations. That's why just about all apps use a hybrid of js and some back-end technology like php, perl, asp, js, or python.

    if you do want to write only client-side JS code, there are an increasing number of free and for-hire back-end APIs to perform variety of common server tasks. Some of the major free ones are yahoo Pipes, gData, and YQL. If you intend to store and share data, as opposed to just dispersing it, you are likely going to need at least some custom server-side code.
    my site (updated 13/9/26)
    BROWSER STATS [% share] (2014/5/28) IE7:0.1, IE8:5.3, IE11:8.4, IE9:3.2, IE10:3.2, FF:18.2, CH:46, SF:7.9, NON-MOUSE:32%

  • Users who have thanked rnd me for this post:

    Hashim1 (01-13-2012)

  • #9
    Regular Coder
    Join Date
    Dec 2010
    Location
    Sheffield, UK
    Posts
    138
    Thanks
    81
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Dormilich View Post
    nope. as PHP resides on the server, it can't handle user interaction (like doing something when the user clicks somewhere). PHP works based on the HTTP Request/Response model.
    Oh okay, I wasn't aware of that, I assumed PHP could also handle user interactions. So what you're saying is, JavaScript handles user or brosser interactions (clicking of a mouse, page loading, etc.), and PHP basically handles and stores data that is sent to it, and cannot handle user interactions of any sort?

    PS. you can't code a site entirely in JS. a site is always coded in HTML. PHP prepares all the HTML code on the server and sends it to the browser, JS is able to change HTML code based on given events. but you need at least some HTML to load the JS scripts.
    Lol, no, I am aware a site isn't built in JS, HTML is used to build all webpages, of course, but what I was trying to say was, is it recommended to code a site either in PHP or JavaScript, one or the other, entirely?

    Quote Originally Posted by rnd me
    js is much faster at responding to clicks than php would be. you can do it php only or js only, but both of those choices have severe limitations. That's why just about all apps use a hybrid of js and some back-end technology like php, perl, asp, js, or python.
    So it is possible to do that, then? Using JavaScript to handle user interactions, and handle aspects that need to be handled via the server, such as user database, etc, via PHP?
    http://www.topcashback.co.uk/ref/hashim1

    ^
    Total earnings so far: £25.15
    A very generous cashback site worth checking out.


  • #10
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,640
    Thanks
    0
    Thanked 649 Times in 639 Posts
    Quote Originally Posted by Hashim1 View Post
    is it recommended to code a site either in PHP or JavaScript, one or the other, entirely?
    Neither. They both serve totally different purposes and so what can be done with one cannot be done with the other.

    For example if you have a form on your web page you can use JavaScript to make it more user friendly to those filling out the form with JavaScript enabled to advise them of any invalid values they have entered. You can't use JavaScript to validate the form input though as not all of your visitors will have JavaScript and some will deliberately turn it off of it doesn't allow the invalid values they are trying to enter to break into your site. You must have server side processing to provide the form validation and to actually do something with the data received in the form, neither of these can be done with just JavaScript.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • Users who have thanked felgall for this post:

    Hashim1 (01-14-2012)

  • #11
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,017
    Thanks
    203
    Thanked 2,538 Times in 2,516 Posts
    JavaScript form validation only provides convenience for users, not security. This means that JavaScript should be used as an "enhancement", not as a requirement. So your form should not be dependent on JavaScript alone to perform your validation. Instead, whatever server-side language you use to process the form (PERL, ASP, PHP, etc.) should also perform the same validation. If for example a script verifies that the user agreed to a firm's terms of service, or filters invalid characters out of fields that should only contain numbers, the validation must also be performed server-side, and not just on the client. Otherwise, people will be able to bypass your validation (and even possibly inject malicious code) simply by disabling Javascript.

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.

  • Users who have thanked Philip M for this post:

    Hashim1 (01-14-2012)

  • #12
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,640
    Thanks
    0
    Thanked 649 Times in 639 Posts
    Quote Originally Posted by Philip M View Post
    whatever server-side language you use to process the form (PERL, ASP, PHP, etc.) should also perform the same validation.
    Unless there are some validations that cannot be easily performed in the browser or not worth performing in the browser in which case they would only be run on the server and a form that passes the JavaScript validation might still be rejected. For example there might be fields that need to be compared with data on the server where 99.99% of values will pass and it just isn't worth the overhead of setting up an ajax call for the client side validation to cover the exceptions.

    Any validations done in JavaScript need to be repeated on the server but not all validations done on the server will necessarily have been checked first in javaScript.
    Last edited by felgall; 01-14-2012 at 09:09 PM.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • Users who have thanked felgall for this post:

    Hashim1 (01-14-2012)

  • #13
    Regular Coder
    Join Date
    Dec 2010
    Location
    Sheffield, UK
    Posts
    138
    Thanks
    81
    Thanked 1 Time in 1 Post
    Quote Originally Posted by felgall View Post
    Neither. They both serve totally different purposes and so what can be done with one cannot be done with the other.

    For example if you have a form on your web page you can use JavaScript to make it more user friendly to those filling out the form with JavaScript enabled to advise them of any invalid values they have entered. You can't use JavaScript to validate the form input though as not all of your visitors will have JavaScript and some will deliberately turn it off of it doesn't allow the invalid values they are trying to enter to break into your site. You must have server side processing to provide the form validation and to actually do something with the data received in the form, neither of these can be done with just JavaScript.
    Quote Originally Posted by Philip M View Post
    JavaScript form validation only provides convenience for users, not security. This means that JavaScript should be used as an "enhancement", not as a requirement. So your form should not be dependent on JavaScript alone to perform your validation. Instead, whatever server-side language you use to process the form (PERL, ASP, PHP, etc.) should also perform the same validation. If for example a script verifies that the user agreed to a firm's terms of service, or filters invalid characters out of fields that should only contain numbers, the validation must also be performed server-side, and not just on the client. Otherwise, people will be able to bypass your validation (and even possibly inject malicious code) simply by disabling Javascript.
    Quote Originally Posted by felgall View Post
    Unless there are some validations that cannot be easily performed in the browser or not worth performing in the browser in which case they would only be run on the server and a form that passes the JavaScript validation might still be rejected. For example there might be fields that need to be compared with data on the server where 99.99% of values will pass and it just isn't worth the overhead of setting up an ajax call for the client side validation to cover the exceptions.

    Any validations done in JavaScript need to be repeated on the server but not all validations done on the server will necessarily have been checked first in javaScript.
    Thank you to all three of you, informative and helpful answers, I'm now clear on what I need to do in terms of that particular aspect of the site.

    What about my second question in my original post, regarding a good book to use to learn JavaScript? Can any of you recommend something?
    http://www.topcashback.co.uk/ref/hashim1

    ^
    Total earnings so far: £25.15
    A very generous cashback site worth checking out.


  • #14
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,640
    Thanks
    0
    Thanked 649 Times in 639 Posts
    Quote Originally Posted by Hashim1 View Post
    What about my second question in my original post, regarding a good book to use to learn JavaScript? Can any of you recommend something?
    If you have experience programming in other languages then the WROX book "Professional JavaScript for Web Developers" by Nicholas Zakas presents JavaScript in the same way that you would be used to from books on other programming languages.

    If you don't have much previous programming knowledge then the O'Reilly book "Head First JavaScript" by Michael Morrison is one of the better ones as it provides you with lots of interactive ways to help you to remember what it teaches.

    If you prefer an online resource with lots of examples then take a look at the site in my sig.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • Users who have thanked felgall for this post:

    Hashim1 (01-16-2012)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •