13th. JAVASCRIPT1 in the Web browser embed the client in the HTML document4 Methods of JS codeA inline mode, placed between <script> tags B placed in the <script> tag src attribute specified in the external file C placed in the HTML event handler D placed in the URL, "javascript:" Protocol 2 in X In HTML, the contents of the script tag will be treated as other content, and if the JS code contains "<" or "&" characters, then these characters will be interpreted as XML tags. Therefore, if you want to use XHTML, it is best to put JS in a CDATA section:<script><! [cdata[JS code]]></script>3When you use the SRC attribute, any content between the script tags will be ignored。 4 forInline Script, specifies a script type that is not recognized, and does not attempt to display or execute. ForThe script of the outer Union, specifies the type of script that cannot be recognized, and the script is ignored and no content is downloaded from the specified URL. 5 Script tags can have defer and async attributes, and if you have two properties at the same time, browsers that support both defer the async attribute and ignore the defer property. Note that deferred scripts are executed in the order in which they appear in the document, and asynchronous scripts execute after they are loaded, meaning that they may execute in an unordered sequence. 6 JS program execution Timeline: A creates a Document object and begins parsing the Web page, adding element, text node to the document. At this timeThe value of the Document.readystate property is "Loading"。 b When the parser encounters a script tag with no async or defer attributes, it adds the elements to the document and executes inline or external scripts. The script executes synchronously, and when the script is downloaded and executed, the parser pauses. SuchThe script can use document.write () to insert text into the input stream. When the parser resumes, the text becomes part of the document。 Synchronization scripts can see their own script elements and their previous document contents. C When the parser encounters the async attribute script tag, it begins to download the script text and parse the document. The script executes as soon as he has finished downloading, but the parser does not stop waiting for it to be downloaded. By using document.write (), you can see your own script element and all of its previous document elements, and may or might not be able to access other document content. Dwhen the document finishes parsing, the Document.readystate property becomes "interactive"。 Eall scripts with defer attributes are executed in the order in which they appear in the document。asynchronous scripts may also be executed at this time。 The deferred script can access the entire document tree and prohibits the use of the document.write () method. FThe browser triggers the Domcontentloaded event on the Document object. This marks the execution of the program from synchronous script execution to the asynchronous event-driven phase. Note, however, that there may be asynchronous scripts that do not complete at this time. G When all other content (pictures, etc.) is loaded and completed, and all asynchronous scripts are loaded and executed,The Document.readystate property is changed to "complete" and the Web browser triggers the Load event on the Window object。 h from now on, asynchronous events are invoked to respond asynchronously to user input, network events, timer expiration, and so on. 7 Web browsers are the operating systems of Web applications, but the Web is an environment in which there are various differences. (Different operating systems, different browser developers) 8 methods of handling compatibility Class A library (jquery, etc.) b rating browser supports C functional testing (if (Element.addeventlistener) detection supports AddEventListener ) d quirks Mode (IE4, 5) and Standard mode Document.compatmode ("Css1compat backcompat") e-browser test (navigator.useragent) 9 JS Accessibility is an important principle that the design of the generation The code can be used normally even in browsers that disable the JS interpreter. 10homologous Policy:The script can only read the properties of Windows and documents that belong to the same source as the document, and the XMLHttpRequest is the only server that allows the generated HTTP request script to belong to the document. The source of the document includes the Protocol, the host, and the port on which the document is loaded. 11non-strict homologous strategyA with multiple subdomains, the domain property of the Document object is set to no longer be constrained by the same Origin policy, B cross-domain resource sharing (cross-origin Resource sharing), with the new "Origin" request header, and the new " Access-control-allow-origin "Response header to extend HTTP, c cross-document messages, call the PostMessage () method on the Window object, and listen for the OnMessage event for processing. 12 Security a cross site scripting XSS, an attacker injects HTML tags and scripts to the target Web site. Defense: Remove HTML tags from any untrusted data before dynamically creating the content of the document; B denial-of-service attack, access to a malicious site, the site may use an infinite loop or meaningless calculation of CPU consumption;C CSRF (cross site request forgery), multi-site requests forgery , defense: For any important request, you need to re-authenticate the user's identity, or create a unique token (tokens), In the session of the server and in the client's cookie, check the consistency of the two for any request. 14th. Window Object 1 for historical reasons, the first parameter of settimeout and setinterval can be passed in as a string, which is equivalent to performing eval () after a specified time. The 2 Document object has a URL property that isDocument first load (decision of different document)The URL static string after the document is saved.If you navigate to a fragment identifier in a document, the Location object will be updated accordingly, while document. The URL property does not change. The ToString () method of the 3 Location object returns the value of the Location.href property. The Assign () method of the 4 Location object allows the window to load and display the document in the URL you specify. 5History ObjectA back () Backward B forward () Forward C go receives an integer parameter that can skip any number of pages forward or backward in the history list. 6 Navigator Important Property A Appname:web the full name of the browser B appversion: This property usually starts with a number and follows the details of the browser manufacturer and version information Cuseragent: The string that the browser sends in its USERAGENTHTTP header. D Platform: The string of the operating system on which the browser is running. E OnLine: Indicates whether the browser is currently connected to the network. F geolocation: The interface used to determine the user's location information. The OnError property of the 7 window object is an event handler that fires when an uncaught exception is propagated to the call stack. 8 The Open method of the Window object returns the Window object representing the newly created windows, andThis new window has the opener property, the Awakening can open its original window. 9 A form can use the Parent property to reference a Window object that contains its windows or forms. 10The IFRAME element has a Contentwindow property that references the Window object of the form.
JS Authoritative guide Reading notes (Fri)
