HTML and CSS Reference
In-Depth Information
Access and secure data
Most web applications require static or dynamic data. Static data is written directly into the
HTML markup, not altered or loaded by code such as JavaScript. It's rendered and displayed
to users without any way for the data to change. Dynamic data can change. Dynamic data
can update a ticker on a webpage from a news feed, capture user data to perform an
operation and provide results, or perhaps even store just a user's registration information
in a database.
Both approaches to data have benefits as well as disadvantages. Static data is quite
secure because it doesn't provide much of an attack surface for a malicious user. However,
as a website transitions into a more dynamic site, with live updates of data and the ability
for users to enter information into various fields, an attack surface opens and the site can
become less secure.
Knowing how to prevent malicious users from causing harm to your application and
possibly your users is important. You can implement the same mechanisms used to pre-
vent malicious usage to simplify the user experience and to keep your data generally clean.
Certain data elements, such as phone numbers and email addresses, can be provided in
different formats. Because such information can be very important, you want to make it
as easy as possible for users to enter it. Having complete address information and ensur-
ing that all the necessary fields are populated also can be very important. HTML5 supports
constructs such as regular expressions and required attributes to support implementing
these types of rules. Throughout the objectives in this chapter, validating user input both
declaratively via HTML5 and also by using JavaScript is covered.
In other scenarios, data coming to and from the website is either consuming data feeds
or providing data to another destination. Websites today commonly have a direct link to
social networking updates. In these cases, the retrieving and sending of the data is invisible in
that users aren't engaged with the process. These processes should be streamlined and not
interfere with the website's user experience. In this chapter's objectives, consuming data from
external sources, transmitting data, and serializing and deserializing data are all covered.
Objectives in this chapter:
Objective 3.1: Validate user input by using HTML5 elements
Objective 3.2: Validate user input by using JavaScript
Objective 3.3: Consume data
Objective 3.4: Serialize, deserialize, and transmit data
Search WWH ::

Custom Search