Forms

Question 1

What does the action attribute in a <form> specify?

Answer 1

The URL where the form data will be sent after submission.

Question 2

What is the purpose of the method attribute in a <form>?

Answer 2

Specifies how to send the form data (GET for retrieving data, POST for submitting changes).

Question 3

What is the role of the id attribute in an <input> element?

Answer 3

Provides a unique identifier for the input, often used with <label> for accessibility.</label>

Question 4

How is the name attribute used in an <input></input> element?

Answer 4

Specifies the key that will pair with the input value when form data is submitted.

Question 5

What does the disabled attribute do in an <input></input> element?

Answer 5

Prevents the input from being edited or submitted.

Question 6

What does the value attribute do in an <input> element?

Answer 6

Sets the default value of the input field.

Question 7

How does the required attribute work in an <input></input> element?

Answer 7

Forces the user to fill out the input before submitting the form.

Question 8

What do the min and max attributes do in an <input></input> element?

Answer 8

Set the numeric or date range allowed for the input.

Question 9

What do the minlength and maxlength attributes do in an <input></input> element?

Answer 9

Define the minimum and maximum number of characters allowed.

Question 10

What does the accept attribute in an <input> element do?

Answer 10

Specifies the file types allowed when the input type is file.

Question 11

How can you style valid or invalid input fields using CSS?

Answer 11

Use :valid and :invalid pseudo-classes.

Question 12

Write an input element that requires a number between 1 and 10.

Answer 12

<input type=”number” min=”1” max=”10” required>

Question 13

How would you make a text input required with a maximum of 50 characters?

Answer 13

<input type=”text” required maxlength=”50”>

Question 14

How do you access form data submitted via POST in a Django view?

Answer 14

Use request.POST.

Question 15

How do you handle file uploads in a Django view?

Answer 15

Use request.FILES to access the uploaded file.

Question 16

How do you catch ValueError when parsing numbers in Django?

Answer 16

Use a try-except block.

Question 16

How do you catch DoesNotExist errors in Django?

Answer 16

Use a try-except block and raise Http404 if the object isn’t found.

Question 17

What are some risks of handling file uploads in web applications?

Answer 17

1. Large files may consume server storage or memory.

2.Malicious files may execute harmful code.

3. Files might overwrite existing files.
4. Files might masquerade as safe types (e.g., .jpg but actually executable).
5. Improper permissions may expose uploaded files to unauthorized access.

Question 18

When should you use GET for form submission?

Answer 18

Use GET for requests that don’t change server state, such as search forms.

Question 19

When should you use POST for form submission?

Answer 19

Use POST for requests that create, update, or delete data.

Question 20

How do you describe a simple security policy?

Answer 20

By specifying which users can perform which actions (e.g., “Only admins can delete users”).

Question 21

Define authentication.

Answer 21

The process of verifying a user’s identity (e.g., via a username and password).

Question 22

Define authorization.

Answer 22

The process of determining what actions an authenticated user is allowed to perform.

Question 23

What is the purpose of a cookie in web security?

Answer 23

A cookie stores data in the user’s browser, often used to maintain session identity.

Question 24

How do sessions work with cookies for user logins?

Answer 24

After login, the server generates a session ID, stores it in a cookie, and uses it to track the user’s state across requests.

Question 25

How do you log in a user in Django?

Answer 25

Use authenticate to verify credentials and login to start the session.

user = authenticate(request, username=”user”, password=”pass”)
if user:
login(request, user)

Question 26

How do you log out a user in Django?

Answer 26

Use the logout function.

logout(request)

Question 27

How can you check if a user is in a specific group?

Answer 27

if not user.groups.filter(name=”GroupName”).exists():
raise PermissionDenied

Question 28

What is an injection vulnerability?

Answer 28

A security flaw where untrusted input is used to manipulate or execute unintended commands in queries or scripts.

Question 29

What are the risks of using |safe

Answer 29

|safe: Bypasses auto-escaping, risking XSS if used on untrusted data.

Question 30

What are the risks of using .raw()

Answer 30

.raw(): Executes raw SQL queries, risking SQL injection.

Question 31

What is CSRF?

Answer 31

Cross-Site Request Forgery occurs when an attacker tricks a user into performing actions on a site without their consent.

Question 32

What does {% csrf_token %} output?

Answer 32

A hidden input field with a unique token that validates the authenticity of form submissions.

Question 33

What are the risks of using @csrf_exempt in Django?

Answer 33

It disables CSRF protection, making the application vulnerable to CSRF attacks.

Question 34

What is an open redirect?

Answer 34

A vulnerability where an application redirects users to an external URL without validation, enabling phishing attacks.

Question 35

What should you check to avoid open redirects in your code?

Answer 35

Validate redirect URLs using Django’s url_has_allowed_host_and_scheme.

Question 36

What is a CVE?

Answer 36

A record in the Common Vulnerabilities and Exposures database that documents known security flaws.

Question 37

What is OWASP?

Answer 37

The Open Web Application Security Project, an organization that identifies and educates about common web security vulnerabilities.

Question 38

What is the benefit of using |safe in Django templates?

Answer 38

It allows rendering HTML or JavaScript from variables without escaping, enabling trusted content to display as intended (e.g., rendering preformatted HTML snippets or rich text).

Question 39

What is the benefit of using .raw() in Django queries?

Answer 39

It enables executing custom SQL queries that cannot be achieved with Django’s ORM, providing flexibility for complex or optimized queries.

Question 40

What does the defer attribute in a <script> tag do?

Answer 40

Delays execution of the script until the HTML document is fully parsed.

Question 41

What does type=”module” in a <script> tag enable?

Answer 41

Allows the use of ES6 modules for importing/exporting and creates a separate namespace for the script.

Question 42

What is progressive enhancement in web development?

Answer 42

A design approach where basic functionality is provided for all users, with additional features added for users with more advanced browsers or capabilities.

Question 43

What are some common pitfalls to avoid in JavaScript?

Answer 43

1. Type mixing (e.g., comparing numbers and strings).
2. Declaring variables without let, const, or var (accidental globals).
3. Using var instead of let or const.
   4.Using for/in loops on arrays.
   Improper use of this.

Question 44

How does Array.from() differ from arrays?

Answer 44

It converts array-like objects (e.g., NodeLists) to true arrays with array methods.

Question 45

How do you wrap, select, or create elements in jQuery?

Answer 45

Use the $() function:

Wrap: $(“<div>content</div>”)
Select: $(“#id”) or $(“.class”)
Create: $(“<tag>").</tag>

Question 46

How do you manipulate elements in jQuery using append?

Answer 46

append: Adds content as the last child of the selected element.

Question 47

How do you manipulate elements in jQuery using prepend?

Answer 47

prepend: Adds content as the first child.

Question 48

How do you manipulate elements in jQuery using before?

Answer 48

before: Inserts content before the selected element.

Question 49

How do you manipulate elements in jQuery using after?

Answer 49

after: Inserts content after the selected element.

Question 50

How do you modify an element’s class using jQuery?

Answer 50

addClass(“className”)
removeClass(“className”)

Question 51

What does the val() function do in jQuery?

Answer 51

Gets or sets the value of input elements.

Question 52

How do you traverse elements in jQuery using children?

Answer 52

children(): Selects direct child elements.

Question 53

How do you traverse elements in jQuery using parent?

Answer 53

parent(): Selects the parent of the current element.

Question 54

How do you traverse elements in jQuery using find?

Answer 54

find(): Selects descendants matching a selector.

Question 55

How do you attach an event handler in jQuery?

Answer 55

Use the on method

$(“selector”).on(“event”, function(event) {
// Handle event
});

Question 56

What does the preventDefault() method do?

Answer 56

Prevents the default action of the event (e.g., form submission).

Question 57

How can you access the element that triggered an event in jQuery?

Answer 57

Use event.target.

Question 58

What is the purpose of the $.ajax method in jQuery?

Answer 58

To make asynchronous HTTP requests.

Question 59

What do the method and data options in $.ajax specify?

Answer 59

• method: HTTP method (e.g., GET, POST).
• data: Data to be sent with the request.

Question 60

How do you handle errors in $.ajax?

Answer 60

Use the error callback:

$.ajax(url, {
error: function(xhr, status, error) {
console.error(“Error:”, error);
}
});

Question 61

How do you handle a successful $.ajax response?

Answer 61

Use the success callback:

$.ajax(url, {
success: function(data) {
console.log(“Data:”, data);
}
});

Question 62

How can you use $.ajax with await for asynchronous requests?

Answer 62

let data = await $.ajax({
method: “GET”,
url: “/api/example”
});
console.log(data);

Question 63

How do you enable more parallelism with await?

Answer 63

Move the await call later in the code by creating multiple Promise objects and resolving them later. Example:

let promises = [];
urls.forEach(url => {
promises.push($.ajax({ url }));
});
let results = await Promise.all(promises);