Today we moved on to the JavaScript Essentials room where we will “Learn how to use JavaScript to add interactivity to a website and understand associated vulnerabilities”.
The first section of the room is an overview of how JavaScript works and how variables are stored using var, let, and const.
Then the room discusses Data Types, Loops and Request-Response Cycle’s.
Following on the room then goes over browser consoles such as Google Chrome, Firefox etc and how you can execute JavaScript within the console and run that directly and a few examples such as creating some boilerplate HTML such as –
” <!DOCTYPE html>
<html lang=”en”>
<head>
<title>Internal JS</title>
</head>
<body>
<h1>Addition of Two Numbers</h1>
<p id=”result”></p>
<script>
let x = 5;
let y = 10;
let result = x + y;
document.getElementById(“result”).innerHTML = “The result is: ” + result;
</script>
</body>
</html>
&&
"<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>External JS</title>
</head>
<body>
<h1>Addition of Two Numbers</h1>
<p id="result"></p>
<!-- Link to the external JS file -->
<script src="script.js"></script>
</body>
</html>"The way JavaScript can be used directly in the HTML code or how this can be linked externally to a file which is best practises. It also shows how a malcious JavaScript file can be used to exploit an unsuspecting user into clicking an link/file and how this can execute malcious commands in the users browser.
What the user will see who clicked the link/file –
In the code above, a for loop has been created to open a JavaScript alert prompt which will show five times in the users browser after being clicked.
Next we moved onto the topic of Bypassing Control Flow Statements which included flow structures such as if-else, switch statements to make decisions, and loops like for, while, and do while to repeat actions.
Next, we moved onto Minified Files and JavaScript Obfuscation/Deobfuscation whereby it makes it harder for humans to read said JavaScript and increases performance for production websites.
Overall, quite a good room as I feel I have learned a bit regarding variables, how they are stored and some tips and tricks along the way as well as best practises!
Until next time & don’t sleepwalk through life!
Jajohecha peve