Server-side programming

CH 7 server side programming

What is a well-known software system used to write web servers in JavaScript?

Node.js is a well-known software system used for writing web servers in JavaScript.

What is a key advantage of writing server-side code in JavaScript?

Using JavaScript on the server side allows for a single programming language to be used for an entire web app, since it is the most popular client-side language.

Name two examples of modules supplied with Node.js.

1. HTTP module

2. File System (fs) module

What keyword is used in CommonJS (CJS) style for importing modules?

The keyword 'require' is used in CommonJS (CJS) style.

What keyword is used in ESM (ECMAScript Modules) style for importing modules?

The keyword 'import' is used in ESM (ECMAScript Modules) style.

What foundational Node.js module provides functionality for creating a web server?

The HTTP module provides functionality for creating a web server.

What common event causes the callback in the HTTP module's createServer() function to be called?

The callback is called when an incoming HTTP request is received.

What arguments are passed to the callback function of createServer() in Node.js?

The callback function receives two arguments: the request object (req) and the response object (res).

What is the purpose of the body of the callback in the createServer() function?

The body of the callback is used to handle the incoming request and send a response.

What are the possible first digits of HTTP response status codes and what does each signify?

1xx: Informational
2xx: Success
3xx: Redirection
4xx: Client Error
5xx: Server Error.

What does the end() method of a ServerResponse object do?

The end() method signals that the response is complete and that no further data will be sent.

What are the two primary methods of the JavaScript JSON built-in object and their purposes?

1. JSON.stringify() - Converts a JavaScript object into a JSON string.

2. JSON.parse() - Parses a JSON string and converts it into a JavaScript object.

What is the purpose of the listen() method of a Server object in Node.js?

The listen() method is used to make the server start accepting incoming connections on a specified port.

Explain what a JavaScript destructuring assignment is.

Destructuring assignment allows unpacking values from arrays or properties from objects into distinct variables.

Give an example of a URL containing a query (search) string.

Example URL: http://example.com/page?name=John&age=30.
Parameters: name = John, age = 30.

What is URL encoding and why is it used?

URL encoding replaces unsafe ASCII characters with a '%' followed by two hexadecimal digits. It is used to ensure that special characters are preserved in a query string.

Where is a query string located in an HTTP GET request?

The query string is located in the URL, following the '?' character.

What Node.js property provides access to the request-URI of an incoming HTTP request?

The property 'url' of the IncomingMessage object provides access to the request-URI.

What Node.js module extracts various components from a URL?

The URL module provides functionality for easily extracting components from a URL.

How to retrieve the value of a query parameter named 'name' from a URL object?

Use the URL class from the node:url module and access the searchParams property:
const name = urlObject.searchParams.get('name');

Where is a query string located in an HTTP POST request?

In an HTTP POST request, query strings can be included in the URL, similar to GET requests, or in the body of the request.

What is a cross-site scripting (XSS) attack?

A cross-site scripting (XSS) attack is a security vulnerability that allows an attacker to inject malicious scripts into web pages viewed by users.

What type of information must be treated with care to avoid XSS attacks?

User-supplied data must be treated with care to avoid XSS attacks.

What characters must be 'escaped' to avoid XSS attacks?

The characters &,

Describe the type of 'character escaping' used to avoid XSS attacks.

Character escaping involves replacing special characters with their HTML character references before they are displayed in web pages.

Give an example of a query string that incorporates URL encoding.

Example query: name=John%20Doe&age=30 (where '%20' represents a space). URL encoding is used here to ensure the spaces are correctly represented in the URL.

What is one benefit of adding type information to a file that accesses Node.js modules such as the HTTP module?

VS Code can then provide in-line documentation about the Node.js classes and methods that are used within the file.

How can a JavaScript function be asynchronous even if it is not defined using the async keyword?

A function that explicitly returns a Promise is asynchronous.

What happens if a JavaScript program is changed while it is being run by Node.js?

Nothing happens until the program is restarted.

What problem can occur if long-running Node.js server code is written synchronously rather than asynchronously?

Long-running synchronous code can block the event loop, preventing other incoming requests from being processed promptly, leading to performance issues.

How to modify code containing a synchronous callback function written using arrow notation to make it asynchronous?

Convert the function to return a Promise or use setTimeout or setImmediate to yield control back to the event loop.

Write a destructuring import to obtain a specified function from a specified JavaScript file (module).

Example: const { specifiedFunction } = require('./specified-module');

Compare and contrast event-loop (Node.js) web servers with single- and multi-threaded (Java) web servers.

Event-loop web servers handle I/O operations asynchronously using a single thread, making them efficient for handling many connections without blocking. In contrast, single-threaded web servers block on I/O, while multi-threaded servers create new threads for each request, which can utilize multiple CPU cores but consume more memory and resources.

Describe the process used in a simple Node.js web server to obtain a parameter value from the query string of an HTTP GET request.

Construct a URL object using the url property of the IncomingMessage (req) object of the request, then call searchParams.get(), passing a string that is the name of the parameter.

How does the process for obtaining a parameter value from a POST request differ from that for GET?

For a POST request, the body of the request must be obtained asynchronously, using this to construct a URLSearchParameters object, and then call get() on this object.

Describe the process used in a simple Node.js web server to obtain the body of a request.

Process 'data' events to construct the body and an 'end' event to complete processing once the entire body has been constructed.

What are two advantages of using Node.js asynchronous processing to obtain the body of an HTTP request over using callback methods?

Asynchronous code is more readable and more amenable to refactoring to eliminate duplicate code.

Given a security-flawed HTML page that will incorporate user-supplied data, how to construct user data that demonstrates specified XSS attacks on that page?

Example: Injecting a link: <a href='http://malicious-site.com'>Click here</a>. To modify behavior, inject: <script>document.getElementById('target').innerHTML = 'Malicious Content';</script>.