Collaborating Authors

Popular jQuery JavaScript library impacted by prototype pollution flaw


Three years after its last major security bug, the jQuery JavaScript library --used on 74 percent of all internet sites-- has received another security patch this week. This security update addresses a rare vulnerability --called prototype pollution-- that security researchers are only now starting to understand and discover in more and more JavaScript libraries. As the name suggests, prototype pollution refers to an attacker's ability to modify a JavaScript object's prototype. JavaScript objects are like variables, but instead of storing one value (var car "Fiat"), they can contain multiple values based on a predefined structure (var car {type:"Fiat", model:"500", color:"white"}). Prototypes define a JavaScript object's default structure and default values, so applications don't crash when no values are set.

Learn JQuery Programming Practically


JQuery is a well-known JavaScript library which is utilized extensively in sites that are modern. This library eases common JavaScript jobs for example event handling animations, manipulating HTML content, and communication with outside computers. Along with its easy-to-use features, JQuery also takes care of several cross- browser compatibility issues automatically. HTML: The student must know how to use HTML tags and attributes. Only a very basic understanding of HTML is assumed.

Thou Shalt Not Depend on Me

Communications of the ACM

Many websites use third-party components such as JavaScript libraries, which bundle useful functionality so that developers can avoid reinventing the wheel. But what happens when libraries have security issues? Chances are that websites using such libraries inherit these issues and become vulnerable to attacks. Given the risk of using a library with known vulnerabilities, it is important to know how often this happens in practice and, more importantly, who is to blame for the inclusion of vulnerable libraries--the developer of the website, or maybe a third-party advertisement, or tracker code loaded on the website?

Reactjs Succinctly [PDF] - Programmer Books


You need basic knowledge of JavaScript to survive this book. This book will not teach you JavaScript. If you're comfortable with JavaScript itself but have never used a JavaScript framework or library before, this book is for you. If you're learning React after using other JavaScript libraries, this book will also have an answer to the "Why?" question that's probably on your mind: Why bother learning something new? React is a JavaScript library that can be used to describe views (for example, HTML elements) based on some state (which is often in the form of data).

Scrollama.js, a JavaScript library for scrollytelling


I call myself a statistician, because, well, I'm a statistics graduate student. However, the most important things I've learned are less formal, but have proven extremely useful when working/playing with data.