Return to Video

Shopping List Take 2 - Web Development

  • 0:00 - 0:03
    Okay, the answer, of course, is HTML is rendered by
  • 0:03 - 0:06
    the browser. Let's go ahead and see that in practice.
  • 0:06 - 0:10
    When I click add here, pizza gets added very largely
  • 0:10 - 0:13
    to our shopping list, of course this is probably not what
  • 0:13 - 0:15
    we intended, and we can even put better HTML in
  • 0:15 - 0:19
    here. Potatoes, the marquee tag is always fun for this
  • 0:19 - 0:22
    sort of thing. And as you can see, we have
  • 0:22 - 0:25
    now totally screwed up our shopping list. Now we discussed this
  • 0:25 - 0:28
    in the previous lesson. This is because we did not
  • 0:28 - 0:31
    escape our HTML when we displayed it allowing the user to
  • 0:31 - 0:34
    enter raw HTML into the page. Now, let's see what,
  • 0:34 - 0:38
    how this happened in practice. When we actually rendered our list,
  • 0:38 - 0:41
    we're just sticking the raw HTML directly into the page,
  • 0:41 - 0:44
    allowing the user to put arbitrary HTML into our page. And
  • 0:44 - 0:47
    in this particular case, it's somewhat amusing. But if they had
  • 0:47 - 0:50
    inserted javascript into our page, which, to be fair, modern browsers
  • 0:50 - 0:53
    don't allow you do it anymore. They could actually do some
  • 0:53 - 0:58
    really nasty things, like, steal my authentication cookies and send it back
  • 0:58 - 1:01
    home. Which is a common way of breaking into websites that
  • 1:01 - 1:04
    I may or may not done a lot of in my youth.
タイトル:
Shopping List Take 2 - Web Development
概説:

08-20 Shopping List Take 2

more » « less
Video Language:
English
Team:
Udacity
プロジェクト:
CS253 - Web Development
Duration:
01:06

English subtitles

改訂 Compare revisions