Web Development

Introduction

Regular expressions is a powerful tool for the incoming data processing. The problem demanding replacement or text search, can be successfully solved by this “language inside language”. And thought maximum effect from the regular expressions might be achieved by using server languages, it is not no point to undervalue the opportunities of this client’s utility.

Basic concepts

Regular expression is a tool for lines or symbols strings processing, which determines text template.

Modifier is designed for regular expression “supervision”.

Metacharacters are special symbols, which serve as commands of regular expressions language.

Regular expression is worked out as usual variable, just it is used slash instead of quotes, e.g.:var reg=/reg_expression/

Simple templates are such templates, which do not need any special symbols.

Let us say, our task is to change all the letters “p” (both capital and lowercase) to Latin letter “R” in phrase Regular expressions.

We create template var reg=/p/ and realize it with replace method

<script language=”JavaScript”>
var str=”Regular expressions”
var reg=/r/
var result=str.replace(reg, “R”)
document.write(result)
</script>

As a result we receive <<RegulaR expressions>>, change was made only in first occurrence of letter “r” according to match-case.
But this result doesn’t suit under conditions of our task… Here we need modifiers “g” and “i”, which may be used both separately and altogether. These modifiers are put inside the template of regular expression, after slash. They have the following values:

modifier “g” specifies line search as “global”, that is to say in our case change happens with all the occurrences of letter “p”. Now the template looks this way: var reg=/r/g. If we insert it into our code:

<script language=”JavaScript”>
var str=”Regular expressions”
var reg=/r/g
var result=str.replace(reg, “R”)
document.write(result)
</script>

So we receive <<RegulaR expRetions>>.

modifier “i” specifies case-insensitive line search, so if we add this modifier into our template var reg=/r/gi, after script processing we receive required result of our task:<<regular expretions>>.

Special symbols (Metacharacters)

Metacharacters specify symbols type of the required line, type of external environment of line in text, as well as quantity of the symbols of separate type in browseable text. That is why it is possible to divide metacharacters into three groups:

Metacharacters of coincidence search:

\b word board, which specifies condition, under which the template is to be processed at the end or at the beginning of the words.

\B not word board, which specifies condition, under which the template is not processed at the end or at the beginning of the words.

\d digit from 0 to 9.

\D not a digit.

\s single empty symbol, corresponding to space symbol.

\S single nonempty symbol, any symbol other than space.

\w digit, letter of flatworm.

\W not digit, letter of flatworm.

. any symbol, any signs, letter, digits, etc.

[ ] symbol series, specifies condition, under which template has to be processed under any symbols coincidence put into square brackets.

[^ ], set of non-occurransing symbols, specifies condition, under which template has not to be processed under any symbols coincidence put into square brackets.

Quantified metacharacters:

* Zero or more times.

? Zero or one time

+ One or more times.

{n} exactly n times.

{n,} n or more times.

{n,m} at least n times but less than m times.

Metacharacters of position:

^ at the line beginning.

$ at the end of line.

Some methods of work with templates

replace — this method we had already used at the beginning of the article, it is assigned for the sample search and change of found subchain to new subchain.

test — this methods checks out whether coincidence in the line takes place towards the template, and retrieves false, if comparison with the sample failed, otherwise true.

For example:

<script language=”JavaScript”>
var str=”JavaScript”
var reg=/PHP/
var result=reg.test(str)
document.write(result)
</script>

As a result displays false, as the line “JavaScript” is not equal to line “PHP“.

Also method test may retrieve any other line assigned by the programmer to true or false.

For example:

<script language=”JavaScript”>
var str=”JavaScript”
var reg=/PHP/
var result=reg.test(str) ? “Line coincided”: “Line did not coincide”
document.write(result)
</script>

In this case a result will be displayed as “Line did not coincide”.

exec — this method processes matching of the line with the sample, assigned by the template. If correlation with the sample failed, the meaning null is retrieved. Otherwise the result is subchains array, corresponding to specified sample. /*The first element of the array will be equal to initial line complying with the specified template*/

for example:

<script language=”JavaScript”>
var reg=/(\d+).(\d+).(\d+)/
var arr=reg.exec(”I was born on 15.09.1980″)
document.write(”Date of birth: “, arr[[ ,]] “< br>”)
document.write(”Day of birth: “, arr, “< br>”)
document.write(”Month of birth: “, arr, “< br>”)
document.write(”Year of birth: “, arr, “< br>”)
</script>

As a result we receive four lines:

Date of birth: 15.09.1980
Day of birth: 15
Month of birth: 09
Year of birth: 1980

Conclusion

Far not all the abilities and advantages of the regular expressions are described in this article.
For deeper studying of this matter I’d recommend you to learn RebExp object.
Also I’d like to point out that syntax of regular expressions is the same in JavaScript and PHP.
For example if you need to check out the correctness of e-mail input, the regular expression looks the same
way for JavaScript and PHP: /[0-9a-z_]+@[0-9a-z_^.]+.[a-z]{2,3}/i.

by: Igor Pankov

Introduction

The Internet is becoming a more and more dangerous place to be, due in no small part to the inherent security risks posed by viruses and spyware. Additionally, applications that access the Internet as part of their normal operations may have errors in their code that allows hackers to launch attacks against the computer on which those applications are running. The safety and integrity of digital assets is further compromised by the fast-growing threat of cybercrooks who devise and implement large-scale hoaxes such as phishing and ID theft.

In the light of all this, it’s clear that users need a reliable and secure web browser between them and the Internet, which will be free of these problems and won’t let harmful content invade the computer.

The web browser industry continues to be dominated by the Windows-bundled Internet Explorer, with an 85% market share, but in recent years a new breed of free, more functional and resilient browsers has appeared – the most popular being Mozilla/Firefox and Opera. All have received serious security upgrades to help protect against recent scares and safeguard users online.

Internet Explorer is at version 6.0, essentially the same product that was included with Windows XP in 2001. Eighteen months ago, the release of Windows XP Service Pack 2 substantially increased IE safety; however, it did not eliminate many of the loopholes exploited by hostile program code. At present, Firefox is at version 1.5, but its very different development history (see next section) means that it can be considered at a similar level of maturity as Internet Explorer.

Currently, Microsoft is preparing its next-generation browser, Internet Explorer 7.0, which it plans to introduce sometime during the first half of 2006. The company has stated that it intends to make the browser stronger and more secure to help protect its users against the many problems that have dogged the software over the years.

We, along with Internet users everywhere, await the final results with interest. In the meantime, we decided to undertake our own security evaluation of both IE 7 (beta) and its closest rival, Firefox 1.5.

History and overview

Internet Explorer is a proprietary graphical web browser developed by Microsoft. In 1995, the company licensed the commercial version of Internet Explorer 3.0 from Spyglass Mosaic and integrated the program into its Windows 95 OSR1 edition. Later, it included IE4 as the default browser in Windows 98 – a move which continues to raise many antitrust questions.

Firefox is an open-source browser developed by the Mozilla Foundation; anyone who is proficient enough can collaborate in writing and improving its program code. Mozilla is known for its stringent approach to security, promising a bounty of several thousand dollars for any major vulnerability found in the product.

Security incidents and threat response

While no browser is perfect, major security lapses happened rather more frequently with IE than with Firefox. To be fair, Firefox has less than a 10% market share and is thus a rather less enticing target than IE; that’s probably also why security researchers focus much of their attention on the vulnerabilities of Microsoft’s browser, not Firefox’s. Some people have argued that if the market shares were reversed, bugs in Firefox would start appearing on a more frequent basis, as has recently been the case with Internet Explorer.

The open-source architecture of Firefox contributes to the overall safety of the browser; a community of skilled programmers can spot problems more quickly and correct them before a new release is available for general use. It’s been said that threat response time for Firefox averages one week, while it may take months for Microsoft engineers to fix critical bugs reported by security analysts – an unacceptable situation for users who remain unnecessarily vulnerable to exploits (hacker attacks) during that time.

>From the threat response standpoint, Firefox is clearly the winner.

Security features

Phishing safeguard

New protection against financial fraud and identity theft has been incorporated into the new IE. A so-called “phishing filter” now appears on the Internet Options menu, which is intended to protect users against unknowingly disclosing private information to unauthorized third parties. Here’s how it works:

If a user visits a spoofed site which looks exactly like a genuine one – usually as a result of clicking on a link in a fraudulent email - the browser senses a phishing attempt and compares the site against a list of known phishing sites. If the filter finds the site is a phishing culprit, it blocks access to the site and informs the user of the danger of leaving his/her personal details on sites like this. The database of known phishing sites is updated regularly, and users have an option to report a suspected phishing instant to Microsoft for evaluation.

We’re pleased to report that, even in beta, the filter appears to work quite well, correctly identifying half of the test sites we visited as phishing sites.

In Firefox, phishing protection is delivered through third-party extensions such as Google Safe Browsing (currently in beta for US-based users only (see http://www.google.com/tools/firefox/safebrowsing/index.html); this can be plugged into the browser’s extension menu.

As additional protection against accidental phishing, the authors of IE have stated that they plan to make their product display the URL of every visited site. With IE 6, this capability was not available and many pop-ups appeared without displaying an address in the previously non-existent address bar. Unfortunately, in neither browser were we were able to achieve more than a fifty percent URL display ratio; we trust that this percentage will increase as the release of IE 7 approaches and Mozilla continues to work on improving its functionality in this area.

Restriction of executable Web content

In the current version of IE, suspect websites have been free to install almost any software they want on visitors’ machines. While XP SP2 has dramatically reduced this possibility, many unnecessary add-ons and toolbars can still be easily installed by inexperienced users. IE 7 should provide more protection for naïve users, as it will offer to run in protected mode, thus restricting access to the host OS files and settings and making these critical elements of the computer inaccessible to malware.

The default setting for Firefox 1.5 is to have installation of extensions and add-ons disabled; the user must manually change settings in order to enable adding extensions to the browser.

There will always be a tradeoff between security and functionality, but security experts always maintained that letting websites unrestrictedly launch executable code within the browser creates unlimited potential for exploitation. IE 7 will offer much greater flexibility in configuring which external code will be permitted to run within the browser and what impact it would have on the OS.

ActiveX restrictions

Aside from some graphics enhancement of web pages, in most cases ActiveX is more damaging than beneficial. Many sites that serve up spyware and pop-up ads use ActiveX scripting technology, and ActiveX scripting in the Windows environment can be allowed to run unrestrictedly with administrator (root) privileges. Firefox 1.5 does not support Microsoft’s proprietary ActiveX technology and so the Firefox browser is more resilient against spyware infection.

In IE6, even with SP2, ActiveX is allowed to run by default, which automatically renders IE users less protected against the threat of spyware. In the upcoming IE 7, it is not yet known whether Microsoft will continue this approach, but early indications point to this being the case. This would be unfortunate, since the current approach is a clear security vulnerability.

Of course, IE users can manually disable ActiveX scripting on a particular website and let ActiveX be started automatically on all other sites visited. Or, vice versa, they can disable ActiveX scripting on most of the sites visited and permit it to run on a particular site. All this can be configured under the Security tab in IE’s Options menu. However, it is hardly realistic to expect Internet novices, who need the most protection, to do this.

Java, JavaScript and Visual Basic components

Java and JavaScript can be enabled and disabled by both browsers. Firefox allows users to specify permissions for particular actions performed by these scripts. IE 6 allows users to create a group of trusted sites to which global limitations on these scripts will not apply. In IE 7, more flexibility will be added that will lead users toward a more customized display of web pages belonging to a particular site; it appears Firefox also plans to introduce more flexible parameters.

Internal download manager

IE 7’s download manager will be revamped, and feature an option to pause and resume downloads - a feature not available with the current version. Specific actions will be able to be defined following the completion of a download, and users can check the newly-downloaded file with their anti-virus before running it. This approach is already in place with Firefox, so Microsoft appears to be playing catch-up here.

Encryption of data on protected sites

When you submit sensitive information, such as transaction details to a bank or financial institution, it travels in an encrypted form through a secure HTTP (SHTTP) connection. The information is encrypted by your browser and decrypted at the receiving end. The new version of IE will use stronger encryption algorithms to reliably transfer your data without the risk of being intercepted and deciphered by someone in transit. A padlock icon indicating that a user is on a secure site will be placed in a more obvious place than currently, and more detailed information will be provided to help visitors check the authenticity of such sites.

Firefox currently has a better-organized display of security certificates for its users, so clearly Microsoft has a room for improvement.

Updating

Both browsers are updated automatically when new code is ready. Firefox has this update mechanism already in place, and for IE 7, it is expected that updates will be provided through Windows update technology.

Privacy enhancements

IE 7 will have the ability for users to flexibly set what private data will be saved and can be applied to different sites; users will be able to easily remove browsing history and other private details such as passwords, cookies, details submitted on web forms, download history, and temporary files. In IE 6, these files were stored all over the place and users have complained that there is no clear way to delete this information. Firefox 1.5 already provides this capability.

Conclusion

IE 7 promises a lot of interesting security and privacy enhancements that will help users stay more secure. With the final release users will receive a good, solid browser that, if Microsoft promises are fulfilled, will help it to compete well on the security front. As we have seen, Firefox 1.5 is already a role model, and it will be interesting to see what lies ahead for this talented challenger.

A key Internet oversight agency put the brakes on plans to construct an online red-light district, rejecting for a third time a proposal to create a voluntary “.xxx” address for pornographic Web sites.

The board of the Internet Corporation for Assigned Names and Numbers on Friday cited fears that it would find itself having to regulate content and concerns that such a domain name did not have the support of the adult-entertainment industry.

“So the proposal is effectively rejected, and it is my understanding that as a consequence of this vote, we will not accept any further proposals” on the domain name in the current round of applications,

ICANN Chairman Vinton Cerf said after the 9-5 vote. One member, ICANN Chief Executive Paul Twomey, abstained.

The company seeking the domain name, ICM Registry LLC, had been allowed to revise a previously rejected proposal. Although ICANN wants to close the current round, which began in 2004, a new proposal could be offered in the next round of applications.

And ICM’s president and chief executive, Stuart Lawley, said a lawsuit against ICANN was likely over the rejected bid.

A few ICANN board members criticized their own agency as being too timid to tread toward controversial ideas.

Susan Crawford, a board member who backed the “.xxx” domain name, said the Internet’s success grew out of a principle that the network should be open to anyone or anything as long as it isn’t illegal or harmful.

“In a nutshell, everything not prohibited is permitted,” Crawford said.

Crawford, a professor at Yeshiva University’s Cardozo Law School in New York, said no applicant “could ever demonstrate unanimous, cheering approval for its application.”

Other board members, however, said the level of support for ICM’s proposal was a factor, along with concern that ICANN could find itself in the tricky role of deciding or managing what content would have been appropriate for the new Internet address.

“This application doesn’t meet the request for proposals mainly on the supporting community,” said board member Raimundo Beca of Chile, who voted against the domain. The adult industry, he added, “has been from the very beginning so split about this.”

Porn sites opposed to “.xxx” were largely concerned that the domain name, while billed as voluntary, would make it easier for governments to later mandate its use and push sexual content into what the adult-entertainment industry terms an online ghetto.

ICM, which had planned to charge $60 per “.xxx” name, had vowed to fight any government effort to compel its use and cited preregistrations of more than 76,000 names as evidence of support.

“We are extremely disappointed by the board’s action today,” Lawley said. “It is not supportable for any of the reasons articulated by the board, ignores the rules ICANN itself adopted for (new domains) and makes a mockery of ICANN bylaws’ prohibition of unjustifiable discriminatory treatment.”

Religious groups worried that “.xxx” would legitimize and expand the number of adults sites, which more than a third of U.S. Internet users visit each month, according to comScore Media Metrix.

Focus on the Family lauded the decision, noting that from “the very beginning this idea held out false hope for parents concerned with filth on the Internet,” said Daniel Weiss, a senior analyst for media and sexuality.

“It’s a strange notion to suggest that we can help kids by sanctioning, endorsing and proliferating the very material that threatens them”, he said.

But U.S. Sen. Mary Landrieu (news, bio, voting record), a Louisiana Democrat, chastised ICANN for not approving the domain name.

“These top-level domain names are the first signal to parents as to what their children are viewing online,” she said. “For example, when we see ‘.gov’ we know we are visiting a government agency, and ‘.edu’ tells us an educational institution is about to appear. Yet, ICANN continues to turn its back on child protection by refusing to take similar steps to make harmful content as readily identifiable.”

Given its voluntary nature, “.xxx” wasn’t unlikely to have much effect on parents’ ability to block porn sites. And because a domain name serves merely as an easy-to-remember moniker for a site’s actual numeric Internet address, even if its use is required, a child could simply punch in the numeric address of any blocked “.xxx” name.

Lawley, however, said sites using “.xxx” would have been required to label themselves based on such criteria as the presence of nudity and whether it is in an artistic or educational context. Filters could check the labels even if a child were to try to bypass domain name-specific controls.

Nearly all of the board members opposing the domain cited concerns about content regulation, while supporters said ICANN should not block new domains over fears like that.

“I think that this — what this should alert us to is that we have a much higher, bigger problem that we need to be discussing, and I hope that conversation doesn’t end here,” board member Joichi Ito said.

Lawley added that “the part of the contract they are now claiming would lead them to content management was put in by them during the contract negotiations.”

In order to master the art of web design, designers must follow the subsequent pointers:

1. Web designers are marketers per se. Web sites are all about advertising products, ideas and services. Thus, a web designer has to understand the mindset of marketers in order to create a design that sells.

2. Read, read and read. We do not experience everything. Thus, our tendency is to learn from others. Reading web design books, newsletters and tips are pretty valuable since they can save you time and effort. Basically, books are more conclusive than newsletters and tips however, they are for free and mostly updated.

3. Narrow down your target market. You cannot please everybody same thing that you cannot be good at everything. Thus, this fact calls for the narrowing of your target market. Even in the interface of the so-called web design, a designer cannot claim that he is an expert at anything or everything about the needs of a website. It is better to pick a certain audience and try to be good at catching their attention, preference and choice. This practice allows you to be best at a given area thus developing expertise.

4. Answer your target audience’s needs. In order to answer the visitor’s needs, web designers must know what kind of visitors his site is welcoming. Do they belong to the younger generation or otherwise? What do they want from your site? Are these information, details and pleasures in your site in order to get their undivided attention and loyalty? Bear in mind that colors, font size, style of graphics, contents and the entirety of the site affects viewer’s decision and choice.

5. Know the basics of SEO and copywriting. Though Search Engines Optimization and copywriting are not directly related to designing, still, designers must have basic knowledge about them. This is because web designing is intertwined with marketing, use of keywords and visibility.

Aside from that, designers must also have knowledge of the programming basics. If not, the tendency is waste time or to create a mediocre or unsatisfactory design to the detriment of the sites.

6. The primacy of functionality. If ever you are faced to make a decision between a web site’s aesthetic form and its functionality, you have to be firm in upholding the latter. Not everything that is pretty is ‘saleable’. Besides, you don’t create web sites for the sake of making it nice-looking.

Above anything else, the site must be functional so as to cater to every visitor’s wants and needs. Appearance is a means to catch visitor’s attention nevertheless, it is not the end. If a designer prioritizes appearance alone without considering its primary consideration the web site’s marketability will suffer.

7. Know when to break the rules. Rules are only guidelines, if you feel that the rules are inappropriate for a certain creation follow your heart’s desire and venture on an experimental adventure.

Article Source: Article99