RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

JavaScript

Product
Developers: Sun Microsystems
Technology: Development tools of applications

Content

Main articles:


JavaScript is an object-oriented scripting programming language. Is ECMAScript language dialect. JavaScript is usually used as the built-in language for programming access to subjects of applications. Finds the broadest application in browsers as a scripting language for interactivity giving to web pages.

Main architectural lines: dynamic typification, weak typification, automatic control of memory, prototype programming, functions as objects of the first class. Many languages had an impact on JavaScript, when developing there was a purpose to make language similar to Java, but at the same time a lung for use by nonprogrammers. Any company or the organization does not know the JavaScript language that distinguishes it from a number of the programming languages used in web development.

The name "JavaScript" is the registered trade mark of company SUN Microsystems, Inc.

Prerequisites

In 1992 the Nombas company (afterwards the purchased Openwave (engl.)) began development of the built-in scripting Cmm language (Si-minus-minus) which, as envisioned by developers, had to become rather powerful to replace macroes, saving at the same time similarity with Si that to developers did not make work to study it. Work with memory was the main difference from Si. In a modern language all memory management was exercised automatically: there was no need to create buffers, to announce variables, to perform type conversion. For the rest languages strongly resembled each other: in particular, Cmm supported fixed functions and operators of Si. Cmm was renamed into ScriptEase as the initial name sounded too negatively, and mentioning in it Si "frightened off" people.

On the basis of this language the proprietary product CEnvi was created. At the end of November, 1995 Nombas developed the version of CEnvi implemented in web pages. Pages which could be changed using scripting language received the name Espresso Pages — they showed use of scripting language for creation of a game, check of the user input in forms and creations of animation. Espresso Pages were positioned as the demoversion designed to help to provide that happens if in the browser the Cmm language is implemented. They worked only in 16-bit Netscape Navigator running Windows.

JavaScript

The task to implement the Scheme programming language or something similar in the Netscape browser was set for Brendan Aykh employed in Netscape company on April 4, 1995. As requirements were vague, transferred Aykh to the group responsible for server products where he worked month, being engaged in improvement of the HTTP protocol. In May the developer was transferred back, in the command which is engaged in a client part (browser) where he immediately began to develop the concept of a modern language of programming. Management of development of the browser, including Tom Paquin, Michael Toja (engl.), Rick Schell, it was convinced that Netscape should support the programming language which is built in the HTML-code of the page.

In addition to Brendon Aykh participated in development the co-founder of Netscape Communications Mark Andrisin (engl.) and the co-founder of SUN Microsystems Bill Joy: to manage to finish works on language to release of the browser, the companies signed the agreement on cooperation in development. They set before themselves the purpose to provide "language for pasting" of web resource components: images, plug-ins, Java applets which would be convenient for the web designers and programmers who are not highly qualified.

Originally language was called LiveScript and intended both for programming on client side, and for programming on server side (there it had to be called LiveWire). Languages of Si and Java, and as Java at that time was fashionable word [12][10] had an impact on syntax, on December 4, 1995 LiveScript renamed into JavaScript, having obtained the corresponding license at Sun. The announcement of JavaScript from representatives of Netscape and Sun took place on the eve of release of the second beta of Netscape Navigator. In it it is declared that 28 leading IT companies expressed intention to use in the future products JavaScript as object scripting language with the open standard.

In 1996 the Microsoft company released the JavaScript language analog called JScript. This language was announced on July 18, 1996. Internet Explorer 3.0 was the first browser supporting this implementation.

At the initiative of Netscape company standardization of language by ECMA association was carried out. The standardized version has the name ECMAScript, is described by ECMA-262 standard. To the first version of the specification there corresponded JavaScript of version 1.1 and also the JScript and ScriptEasy languages.

Possibilities of language

JavaScript has a number of properties of an object-oriented language, but the prototyping implemented in language causes differences in work with objects in comparison with traditional object-oriented languages. Besides, JavaScript has a number of the properties inherent in functional languages — functions as objects of the first class, objects as lists, a karring, anonymous functions, short circuits — that gives to language additional flexibility.

Despite syntax, similar to Si, JavaScript in comparison with the Si language has radical differences:

  • objects, with a possibility of an introspektion;
  • functions as objects of the first class;
  • automatic reduction of types;
  • automatic garbage collection;
  • anonymous functions.

In language there are no such useful things as:

  • building block system: JavaScript does not give an opportunity to manage dependences and isolation of areas of visibility;
  • standard library: in particular, there is no application programming interface on work with * the file system, to management of flows of input-output, base types for binary data;
  • standard interfaces to Web servers and databases;
  • the management system for packets which would keep track of dependences and automatically set them.

2017

Any iPhone can be cracked through new "hole" in JavaScript

You monitor fingers

Researchers of security issues from the university of Newcastle in Great Britain published work in the Journal of Infermation Security edition in which described an opportunity to monitor the user gestures on smartphones. For this purpose only the small application on JavaScript which operates program interfaces (API) of sensors of the movement of the structure[1] will be required[2].

According to authors of a research, this application can collect enough information from sensors that in 70% of cases to find out an unblocking combination from the first attempt. From the third attempt the script of PINlogger.js "guesses" PIN in 94% of cases.

"The most part of smartphones, tablets and other wearable devices are equipped a set of sensors, in the range from well-known GPS modules, cameras and microphones to gyroscopes, sensors of range and rotation, accelerometers and also NFC modules today. As mobile applications and websites do not need special permissions to access to most of them, malware can secretly spy on data streams from your sensors and use them for obtaining broad range of important information about you, including, about duration of calls, physical activity and even... about PIN and passwords", said in the publication of researchers.

And there is more to come

As the head of research group doctor Maryam Mehrnezhad noted in the press release, her colleagues managed to find out that in several mobile browsers the malicious code which is built in one page can monitor all actions of the user on all other tabs. So for example, if in one tab the resource containing a harmful script is open, and in another — the page of authorization of bank, then a script all the same can intercept the data entered by the user. Sometimes it will help to prevent closing of a "harmful" tab, sometimes — only closing of the browser entirely.

Gmail blocks JavaScript-investments

Google announced that since February 13 JavaScript-investments in the Gmail mail will not work. In other words: it will be impossible to attach JS files to letters and to send them even if they are enclosed in archives with the.gz expansions,.bz2,.zip or.tgz. The company explains such innovation with security reasons. In attempt to attach such file to the letter a mail service will issue warning "It is blocked for the purpose of security!". "Gmail blocks messages which can send viruses, for example the letters containing executable files or references to them" — the company in the[3] notes[4].

.js is included into the list of the prohibited files which includes also the.ade,.adp,.bat,.chm,.cmd,.com,.cpl,.exe,.ins,.jar,.jse,.lib,.lnk,.mde,.msc,.msp,.mst,.pif,.scr,.sct, shb.sys,.vb,.vbe,.vbs,.vxd,.wsc,.wsf and.wsh expansions. The majority of files of these types are used long ago by cybercriminals for mailing of a malicious code by e-mail.

.js too is operated by malefactors, is especially active in the last two years — it is connected with the fact that thanks to a system component files of JavaScript can be started directly in Windows. Files of JavaScript can serve as loaders for the different malware, in particular, of applications racketeers. Popular racketeers of TeslaCrypt and Locky used this method, and the RAA program is completely written on JavaScript.

The average user will probably not notice any changes in work of Google postal service as the file.js type usually is associated with start of the client JavaScript-code on the web page. Nevertheless, Google all the same offers several ways of a bypass of restriction. In particular, if the user for any reasons needs to send the file with the.js expansion, then he can use for this Google Drive, Google Could Storage or any other cloud platform.

Programming languages

Notes

  1. [http://safe.cnews.ru/news/top/2017-04-12_lyuboj_iphone_mozhno_vzlomat_cherez_novuyu_dyru of CNews
  2.  : Any iPhone can be cracked through new "hole" in JavaScript]
  3. [https://www.pcweek.ru/security/article/detail.php?ID=191901 blog Gmail
  4. will begin to block JavaScript-investments]