How websites work

Question 1

What role does the browser play in accessing a website?

• It serves as a server to host the website content.
• It renders the website based on the data received from the server.
• It acts as the internet, transferring data across the world.
• It generates content for the website internally without contacting a server.

Answer 1

It renders the website based on the data received from the server.

Explanation: The browser, also known as the client, sends requests to a web server and receives data in response. The browser then interprets this data (such as HTML, CSS, and JavaScript) and renders the website for the user to interact with.

Question 2

What is the primary function of a web server in the context of website interaction?

• To render web pages for the client.
• To store and process requests from the browser and send the appropriate data back.
• To act as a user interface for website navigation.
• To provide a secure connection between different browsers.

Answer 2

To store and process requests from the browser and send the appropriate data back.

Explanation: A web server’s main function is to store website files and process incoming requests from clients (browsers). When a request is received, the server retrieves the requested data and sends it back to the client for rendering.

Question 3

When visiting a website, what does the browser request from the server?

• The server’s physical location and specifications.
• The entire database of the website for local processing.
• Specific information about the page you’re visiting to render it for you.
• Permanent storage of the website’s data on the client’s computer.

Answer 3

Specific information about the page you’re visiting to render it for you.

Explanation: When you visit a website, the browser sends a request to the web server for specific data about the page you want to view. The server responds with this data, which typically includes HTML, CSS, and JavaScript files that the browser uses to render the page.

Question 4

What are the two major components that make up a website?

• Internet and Server
• Browser and Operating System
• Front End (Client-Side) and Back End (Server-Side)
• Database and User Interface

Answer 4

Front End (Client-Side) and Back End (Server-Side)

Explanation: A website consists of two main components: the front end, or client-side, which is what the user interacts with directly in the browser; and the back end, or server-side, which includes the server and its software that process requests, access databases, and serve website data.

Question 5

How does the ‘Internet’ component fit into the process of accessing a website?

• It is the physical computer that the browser runs on.
• It is the software that renders the web pages.
• It is the network that facilitates the transfer of data between the browser and the server.
• It is the coding language that websites are written in.

Answer 5

It is the network that facilitates the transfer of data between the browser and the server.

Explanation: The Internet is a global network that connects computers all over the world. In the context of accessing a website, it is the medium through which data is transferred from the web server to the user’s browser and vice versa.

Question 6

What is the purpose of the <!DOCTYPE html> declaration in an HTML document?

• To link a CSS stylesheet to the HTML page.
• To define a comment within the HTML code.
• To declare the character encoding of the HTML document.
• To specify the HTML version being used to the browser.

Answer 6

To specify the HTML version being used to the browser.

Explanation: The <!DOCTYPE html> declaration is used to inform the browser that the document is an HTML5 document. It is not an HTML tag; rather, it is an instruction to the web browser about what version of HTML the page is written in.

Question 7

What does the <html> tag represent in an HTML document?

• The title of the webpage.
• The root of an HTML document that contains all other elements.
• The main content that is displayed in the browser window.
• A reference to an external JavaScript file.

Answer 7

The root of an HTML document that contains all other elements.

Explanation: The <html> tag is the root element of an HTML document. All other HTML elements must be descendants of this element.

Question 8

What is contained within the <head> element of an HTML document?

• The content that is displayed in the main part of the browser window.
• Metadata about the document, such as its title and links to scripts and stylesheets.
• A declaration of the document type and version.
• The navigation links for the website.

Answer 8

Metadata about the document, such as its title and links to scripts and stylesheets.

Explanation: The <head> element contains metadata about the HTML document, which includes the title of the page, links to CSS files, scripts, and other information that is not displayed directly on the web page.

Question 9

What does the <body> tag in an HTML document define?

The main content of the HTML document that is visible to the user.
The background information and configuration settings for the webpage.
The connection settings for the server.
The scripts and algorithms for client-side interactions.

Answer 9

The main content of the HTML document that is visible to the user.

Explanation: The <body> tag defines the body of the HTML document and contains all the contents of an HTML document, such as text, hyperlinks, images, tables, lists, etc., that are displayed on the web page.

Question 10

What is the function of the <h1> element in an HTML document?

• To create a hyperlink to another document.
• To define a top-level heading in the HTML document.
• To insert an image into the webpage.
• To emphasize a section of text.

Answer 10

To define a top-level heading in the HTML document.

Explanation: The <h1> element is used to define the most important heading in an HTML document. There are six levels of headings in HTML, with <h1> being the highest, or most important, level.

Question 11

How is a paragraph represented in HTML?

• Using the <h1> tag.
• Using the <p> tag.
• Using the <body> tag.
• Using the <div> tag.

Answer 11

Using the <p> tag.

Explanation: The <p> tag defines a paragraph in an HTML document and is used to group together related sentences into a block of text separated from adjacent blocks by vertical whitespace and, optionally, a first line indentation.

Question 12

What is the purpose of attributes in HTML elements?

• To specify the version of HTML used.
• To define the character set for the document.
• To provide additional information about elements, such as style, location, or identification.
• To comment out sections of code for documentation purposes.

Answer 12

To provide additional information about elements, such as style, location, or identification.

Explanation: Attributes in HTML elements are used to provide additional information about the element. Attributes are always specified in the start tag and usually come in name/value pairs like name="value".

Question 13

If you want to style a paragraph element with a unique style, which attribute should you use?

• class
• src
• id
• href

Answer 13

id

Explanation: The id attribute is used to assign a unique identifier to an HTML element. It is commonly used for styling with CSS and for manipulation with JavaScript. Unlike the class attribute, which can be used on multiple elements, each id value must be unique within the HTML document.

Question 14

What is the primary use of JavaScript in web development?

• To define the structure of a webpage.
• To style HTML elements on a page.
• To create interactive elements on a webpage that can respond to user actions.
• To specify the protocol for how the page communicates with the server.

Answer 14

To create interactive elements on a webpage that can respond to user actions.

Explanation: JavaScript is primarily used to add interactivity to web pages. It can respond to user actions like clicks, form submissions, and mouse movements, and can dynamically update the content, style, and functionality of a webpage without the need for a full page refresh.

Question 15

Where can you include JavaScript in an HTML document?

• Only at the top of an HTML document.
• Inside <style> tags.
• Within <script> tags or remotely using the src attribute in a <script> tag.
• As an attribute of any HTML tag.

Answer 15

Within <script> tags or remotely using the src attribute in a <script> tag.

Explanation: JavaScript can be embedded directly into HTML using <script> tags or included as an external file through the src attribute of the <script> tag. This flexibility allows the developer to organize and maintain JavaScript code effectively.

Question 16

How does JavaScript update the content of an HTML element?

• By using CSS selectors to change the element’s style.
• By modifying the innerHTML property of an HTML element selected by its ID.
• By refreshing the entire webpage.
• By sending a request to the server to update the content.

Answer 16

By modifying the <innerHTML> property of an HTML element selected by its ID.

Explanation: JavaScript can dynamically change the content of an HTML element by accessing and modifying its <innerHTML> property. This allows the script to update the content without needing to reload the page.

Question 17

What does the document.getElementById("demo").innerHTML = "Hack the Planet"; JavaScript line do?

• It retrieves the content of the element with the ID “demo” from the server.
• It changes the content of the HTML element with the ID “demo” to the text “Hack the Planet”.
• It sends the text “Hack the Planet” to the server for processing.
• It creates a new HTML element with the ID “demo”.

Answer 17

It changes the content of the HTML element with the ID “demo” to the text “Hack the Planet”.

Explanation: The document.getElementById("demo") method gets the HTML element with the specified ID, and the innerHTML property sets or returns the HTML content (inner HTML) of that element. In this case, it sets the content to “Hack the Planet”.

Question 18

What is the function of the onclick attribute in an HTML button element?

• It defines a CSS click effect for the button.
• It specifies the URL to which the button click should navigate.
• It executes a JavaScript function when the button is clicked.
• It sends the button’s information to the server upon clicking.

Answer 18

It executes a JavaScript function when the button is clicked.

Explanation: The onclick attribute in an HTML element defines JavaScript code that runs when the element is clicked. For a button, it typically triggers a JavaScript function that defines what should happen on the click event.

Question 19

What is the effect of the onclick code in <button onclick='document.getElementById("demo").innerHTML = "Button Clicked";'>Click Me!</button>?

• It directs the browser to a new webpage labeled “Button Clicked”.
• It changes the content of the element with the ID “demo” to “Button Clicked” when the button is clicked.
• It downloads a file named “Button Clicked” when the user clicks the button.
• It creates a new HTML element with the ID “demo” and text “Button Clicked”.

Answer 19

It changes the content of the element with the ID “demo” to “Button Clicked” when the button is clicked.

Explanation: This code snippet sets the innerHTML of the element with the ID “demo” to “Button Clicked” upon the user clicking the button. This is a direct way to change the content of an element using inline event handling.

Question 20

What is the security risk evident in the HTML comment within the form element?

• Exposing API keys
• Hardcoded test credentials in a comment
• Insecure form submission method
• Lack of input validation

Answer 20

Hardcoded test credentials in a comment

Explanation: The HTML comment contains test credentials (admin:password123), which is a significant security risk. Comments in HTML can be viewed by anyone who inspects the page source, and leaving credentials in comments could lead to unauthorized access if these credentials are valid.

Question 21

What type of security vulnerability is demonstrated by leaving sensitive data like credentials in the HTML source code?

• Cross-Site Scripting (XSS)
• Sensitive Data Exposure
• SQL Injection
• Cross-Site Request Forgery (CSRF)

Answer 21

Sensitive Data Exposure

Explanation: Sensitive Data Exposure occurs when an application does not adequately protect sensitive information from being disclosed to attackers. In this case, credentials left in HTML comments could be used by an attacker to gain unauthorized access.

Question 22

What HTML element is used to capture a username in a form?

• <input type='text' name='username'>
• <input type='password' name='username'>
• <button>Login</button>
• <form>

Answer 22

<input type='text' name='username'>

Explanation: The <input type='text'> element is used for text input and, in this case, is specified to capture a username with name=’username’.

Question 23

Why should developers avoid leaving TODO comments with sensitive information in the HTML source code?

• It can be indexed by search engines.
• It makes the webpage load slower.
• It can potentially expose sensitive information to unauthorized users.
• It uses extra bandwidth.

Answer 23

It can potentially expose sensitive information to unauthorized users.

Explanation: TODO comments can inadvertently expose sensitive information to anyone who views the page source. Comments in code can be read easily by any user, and leaving sensitive data in them can lead to security vulnerabilities.

Question 24

When assessing a web application for security issues, why is it important to review the page source code?

• To evaluate the visual design of the web application.
• To check for exposed sensitive information or hidden links.
• To verify the correctness of the HTML syntax.
• To improve the website’s SEO.

Answer 24

To check for exposed sensitive information or hidden links.

Explanation: Reviewing the page source code is a critical step in assessing a web application’s security. It can reveal exposed sensitive information, such as login credentials or hidden links to restricted parts of the website that could be exploited by attackers.

Question 25

What should a developer do to prevent sensitive data exposure in HTML comments?

• Use stronger encryption methods for data.
• Implement client-side validation for all inputs.
• Ensure that all sensitive information is removed from the production code.
• Minimize the use of external JavaScript files.

Answer 25

Ensure that all sensitive information is removed from the production code.

Explanation: To prevent sensitive data exposure, developers should ensure that sensitive information such as credentials, API keys, or internal links are never included in the production code, including within HTML comments or JavaScript files.

Question 26

What is HTML Injection?

• A server-side technique for improving page load times.
• A type of vulnerability that allows attackers to insert HTML into a webpage.
• A method used by web developers to dynamically update content.
• A security feature that prevents user input from being misused.

Answer 26

A type of vulnerability that allows attackers to insert HTML into a webpage.

Explanation: HTML Injection is a type of security vulnerability that occurs when a website includes user input in its pages without proper sanitization, allowing an attacker to inject HTML or JavaScript code into the webpage. This can result in various malicious activities, such as script execution, page defacement, or phishing attacks.

Question 27

Why is input sanitization crucial for web security?

• To increase the website’s performance by filtering out unnecessary user data.
• To prevent attackers from exploiting vulnerabilities by injecting malicious code.
• To ensure that all user input is saved to the database without modification.
• To allow users to customize the appearance and functionality of the website.

Answer 27

To prevent attackers from exploiting vulnerabilities by injecting malicious code.

Explanation: Input sanitization is a security measure used to ensure that user input cannot be used to inject malicious code into a web application. It typically involves stripping out or encoding potentially dangerous content, such as HTML tags or JavaScript code, before it’s rendered by the browser or processed by the server.

Question 28

What could happen if a user inputs HTML code into a form field that lacks proper sanitization?

• The form will automatically convert the HTML into plain text.
• The website’s performance will improve due to enhanced HTML content.
• The inserted HTML code could be rendered by the browser, potentially causing security issues.
• The server will reject the form submission automatically.

Answer 28

The inserted HTML code could be rendered by the browser, potentially causing security issues.

Explanation: If user input that includes HTML code is not properly sanitized before being included in a webpage, the browser will render it as part of the page’s HTML. This could lead to security issues such as cross-site scripting (XSS), where attackers can execute scripts in the context of the user’s session, potentially leading to data theft or other malicious activities.

Question 29

In the context of the image provided, what is the purpose of the sayHi JavaScript function?

• To redirect users to a greeting page.
• To store user input into the server’s database.
• To output the user’s name to the page with a welcome message.
• To authenticate the user’s input against the server’s records.

Answer 29

To output the user’s name to the page with a welcome message.

Explanation: The sayHi function takes the user’s input from the form field and appends it to the page, creating a personalized welcome message. However, without proper sanitization, this function could also inadvertently render malicious HTML or JavaScript.

Question 30

What general rule should developers follow to prevent HTML Injection vulnerabilities?

• Always use the latest JavaScript libraries.
• Never trust user input and always sanitize it before use.
• Only allow authenticated users to input data into forms.
• Keep the form data hidden using CSS styles.

Answer 30

Never trust user input and always sanitize it before use.

Explanation: The general rule to prevent HTML Injection and other related vulnerabilities is to never trust user input. All user input should be sanitized before it is used or displayed on the webpage. This means removing or neutralizing any potentially malicious code that could be used for HTML or JavaScript Injection.