Scripting Languages G22.3033-002 Summer 2008 Example solutions for final exam

Scripting Languages G22.3033-002 Summer 2008

Previous: Top, Up: Top

Scripting Languages G22.3033-002 Summer 2008 Example solutions for final exam

Thursday 8/7/2008. 60 points.

http://www.cs.nyu.edu/courses/summer08/G22.3033-002/

Next: Solutions-final, Up: solutions-final

Instructions for example solutions

These are example solutions. Please keep in mind that often, there is not just one correct solution to a question. If you come up with different answers, then it may be that both your answers and these answers here are correct. Of course, these answers here may also contain mistakes. If you spot a mistake, please let me know so I can correct it.

Previous: Instructions, Up: solutions-final

Example solutions for final exam

Next: solutions-final-2, Up: Solutions-final

solutions-final-1 BNF and regular expressions

apple1, _weight
1apple, weight=
[A-Za-z_][A-Za-z0-9_]*

Next: solutions-final-3, Previous: solutions-final-1, Up: Solutions-final

solutions-final-2 Web programming

From the EGPCS superglobals ($_ENV, $_GET, $_POST, $_COOKIE, $_SESSION).
By reading user input out of forms, using DOM tree properties during an event handler.
In the same place where the code snippet was embedded in HTML.
In the same place where the code snippet was embedded in HTML.
By setting a cookie.

Next: solutions-final-4, Previous: solutions-final-2, Up: Solutions-final

solutions-final-3 Type conversions

          3-a(1) context provider:   operator .
          3-a(2) conversion context: scalar (string)
          3-a(3) converted value:    "rl"
          3-a(4) end result:         "perl"

          3-b(1) context provider:   function sqrt
          3-b(2) conversion context: scalar (number)
          3-b(3) converted value:    4
          3-b(4) end result:         2

Next: solutions-final-5, Previous: solutions-final-3, Up: Solutions-final

solutions-final-4 List comprehensions

["quiz1.html", "quiz1.pdf", "quiz2.html", "quiz2.pdf"]
for $n (@numbers) { for $e (@extensions) { push @quizzes, "quiz$n.$e" } }

Next: solutions-final-6, Previous: solutions-final-4, Up: Solutions-final

solutions-final-5 Web application security

The script is vulnerable to XSS (cross-site scripting).
By constructing a URL that uses malicious JavaScript code where the value for parameter editor is expected. For example: http://www.cs.nyu.edu/~hirzel/editor_poll.php?editor=<script>alert("boo!")</script>.
By sanitizing the user input before writing it to HTML. After “You selected”, the code should be: <?php echo htmlentities($_GET['editor']) ?>.

Previous: solutions-final-5, Up: Solutions-final

solutions-final-6 Prototypes and constructors

5
The constructor is the function Vector.
The prototype is the object Vector.prototype.
- Create a new object.
- Set the constructor of the new object to Vector.
- Set the the prototype of the new object to Vector.prototype.
- Call function Vector, with the newly created object as this.