previous lessons have focused on client-side scripts programs embedded in the page’s html code ...
TRANSCRIPT
Server-Side Scripting 2
Server-side Scripts
Previous lessons have focused on client-side scripts Programs embedded in the page’s HTML code
Can also execute scripts on the server Server-side scripts
Programs that the web server runs in response to something done by a web client (browser)
Common server-side languages and extensions Perl Common Gateway Interface (CGI) – .pl, .cgi PHP – .php Active Server Pages (ASP) – .asp ASP.NET – .aspx JavaServer Pages (JSP) – .jsp ColdFusion – .cfm
Server-Side Scripting 3
Client-side Execution Client requests a page containing JavaScript code
GET ex0.html HTTP/1.1 Server returns an HTML file containing embedded JavaScript
<html><body>
<script type="text/javascript“>var iter = 0; while(iter < 1000) {
document.write("G O N A V Y ! ");iter = iter + 1;
}</script>
</body></html>
Client renders the page Includes executing the embedded JavaScript
Server-Side Scripting 4
Server-side Execution
Client requests a page containing JavaScript code GET ex0.jsx? HTTP/1.1
Server executes the JavaScript code and generates the HTML content
Client receives HTML and renders it
Server-Side Scripting 5
Sending Data with Forms
Two mechanisms for sending arguments to server-side scripts GET POST
GET provides inputs to the server as part of the URL Simpler
POST provides inputs to the server “behind the scenes”
Server-Side Scripting 6
Using the GET Method
Example URLhttp://.../f2c.jsx?fahrenheit=78
URL for script ends with “?” Designates the start of the querystring
Querystring consists of name=value pairs name=value pairs are parameters the server-side script will use
as inputs Multiple name=value pairs separated by “&”
arg1=value1&arg2=value2 Specify the action and method attributes in the form
element action specifies the script to use method specifies either GET or POST <form name=“myForm" action="http://.../f2c.jsx" method="get">
Server-Side Scripting 7
Input Validation & Sanitization
Server-side scripts execute on the remote server Uses server resources Can cause problems for a server administrator
Performance Security
Validation and sanitization help ensure valid input is supplied to a program
Validation: checks if the input meets a set of criteria
Sanitization: modifies the input to ensure that it is valid
Server-Side Scripting 8
Validation Checks
Testing for the length Format Range Allowable characters
Example Program expects positive integer input
Validate that any string input consists only of the digits 0 through 9
Server-Side Scripting 9
Input Sanitization
Attempt to parse a valid value from the provided input
Strip the invalid content from the input Re-format the input
Escape characters so they cannot be interpreted as code
Use a default value
Server-Side Scripting 10
Validation & Sanitization Example
Assume a script that writes “GO NAVY!” a user-specified number of times gonavy.jsx?n=800
What if the user wants to print “GO NAVY” 100,000,000 times? What if multiple users want to do so?
Server-Side Scripting 11
Validation & Sanitization Example (cont.)
For performance reasons, we may want to limit users to N=5000
Validate the user input A number
If not a number, set to a default value of 100 Less than 0
If < 0, set value to 0 Greater than (or equal to) 5000
If > 5000, set value to 5000