Scripting Languages G22.3033-002 Summer 2008

• final: Final exam.

Scripting Languages G22.3033-002 Summer 2008 Final Exam

Thursday 8/7/2008. 60 points.

http://www.cs.nyu.edu/courses/summer08/G22.3033-002/

• final-problems: Final exam problems.

Final exam problems.

• final-1: final-1 BNF and regular expressions
• final-2: final-2 Web programming
• final-3: final-3 Type conversions
• final-4: final-4 List comprehensions
• final-5: final-5 Web application security
• final-6: final-6 Prototypes and constructors

final-1 BNF and regular expressions

(3+3+4 = 10 points) Consider the following BNF grammar rules:

	identifier	::=	id_start | id_start id_rest
	id_rest	::=	id_inner | id_inner id_rest
	id_start	::=	_ | letter
	id_inner	::=	_ | letter | digit
	letter	::=	A | B | ... | Z | a | b | ... | z
	digit	::=	0 | 1 | ... | 9

1. Give two examples of strings matched by the nonterminal identifier.
2. Give two examples of strings for which the nonterminal identifier does not match.
3. Write a Perl regular expression that matches the same strings as the nonterminal identifier in the BNF grammar.

final-2 Web programming

(2+2+2+2+2 = 10 points) Please keep your answers to the following questions short.

1. How does PHP code read user input?
2. How does JavaScript code read user input?
3. Where does the output from an echo statement in PHP go?
4. Where does the output from a document.write() call in JavaScript go?
5. How can PHP store information on the hard drive of the client?

final-3 Type conversions

(5+5 = 10 points)

1. Consider the Perl code snippet "pe" . ("a", "rl").

   3-a(1)

   What is the context provider for subexpression ("a", "rl")?
   

   3-a(2)

   What is the type conversion context for subexpression ("a", "rl")?
   

   3-a(3)

   What is the value of subexpression ("a", "rl") after type conversion, but before the converted value gets used?
   

   3-a(4)

   What is the end result of the entire code snippet "pe" . ("a", "rl")?

2. Consider the Perl code snippet sqrt @a, assuming array @a has the value (1,9,4,9).

   3-b(1)

   What is the context provider for subexpression @a?
   

   3-b(2)

   What is the type conversion context for subexpression @a?
   

   3-b(3)

   What is the value of subexpression @a after type conversion, but before the converted value gets used?
   

   3-b(4)

   What is the end result of the entire code snippet sqrt @a?

final-4 List comprehensions

(4+6 = 10 points) Consider the following Python code.

     numbers = [1, 2]
     extensions = ["html", "pdf"]
     quizzes = [("quiz%d.%s" % (n, e)) for n in numbers for e in extensions]

1. What is the value of variable quizzes at the end of the code snippet?
2. The first two lines of the Python code translate to Perl as follows:

             @numbers = (1, 2);
             @extensions = ("html", "pdf");
        

   Translate the third line of the Python code to Perl.

final-5 Web application security

(3+3+4 = 10 points) Consider the following PHP script editor_poll.php.

     <html><body>
       <?php if (empty($_GET['editor'])) { ?>
         <form action="editor_poll.php">
           <input type="radio" name="editor" value="emacs"   /> Emacs
           <input type="radio" name="editor" value="notepad" /> Notepad
           <input type="radio" name="editor" value="vi"      /> Vi
           <input type="radio" name="editor" value="other"   /> Other
           <br />
           <input type="submit" value="submit" />
         </form>
       <?php } else { ?>
         You selected: <?php echo $_GET['editor'] ?>
       <?php } ?>
     </body></html>

1. What security vulnerability does the script have?
2. How could an attacker exploit the security vulnerability?
3. How can you change the code to prevent the vulnerability?

final-6 Prototypes and constructors

(2+2+2+4 = 10 points) Consider the following JavaScript code.

     function Vector(x, y) { this.x = x; this.y = y; }
     Vector.prototype.length = function() {
       q = this.x * this.x + this.y * this.y;
       return Math.sqrt(q);
     }
     v = new Vector(3, 4);
     document.write(v.length());

1. What does it print?
2. What is the constructor of the object v?
3. What is the prototype of the object v?
4. Explain in detail what the operator new in JavaScript does.