Web Flashcards
Node
Chunk of information corresponding to a semantic unit e.g. a page
Link
Association between nodes that may be navigable
Endpoint
Component of a link that points to anchor
Anchor
Representation of a link on a node
Embedded/Web Links
Embedded in source code.
One-way.
Connect only a pair of nodes (binary).
Explicitly defined nodes.
Usually no additional information regarding link relationship
First Class Links
Links separate from nodes in link-bases.
Multiple overlays (Personalisation).
Can be bidirectional.
Can be N-ary.
Can be generic (based on value).
Can be functional (destination is a function of the source)
Typed Links
Contain additional information about relationship.
Rel (Relationship),
Rev (Reverse Relationship).
Rarely used
HTTP URIs
http: //〈host〉〈:port〉〈/path〉?〈query〉#〈fragment〉
HTTP Requests
GET / HTTP/1.1
HOST: example.org
HTTP 1.0
Separate TCP connection for every request so 3-way TCP Handshake (SYN, SYN-ACK, ACK) for each TCP open and a 4-way handshake for each TCP close (Latency issues).
HTTP 1.1
Keep-alive introduced. Same TCP connection used for multiple HTTP requests (One TCP open/close).
Pipelining introduced allowing multiple requests without waiting for response (Responses sent in same order of requests).
Compressible Body
HTTP 2
Multiplexed Requests (Asynchronous requests, each with their own stream, with responses returned in any order)
Stream Prioritisation (Data in high priority streams sent before low priority).
Compressible Headers.
Server Push (Server pre-emptively sends resources to a client in response to a single request)
HTTP 3
Replaces TCP with QUIC on UDP addressing HTTP 2 issue where multiplexes are not visible to TCP loss recovery mechanism, causing stalls when packets are lost.
UDP is unreliable but QUIC has error correction with retransmission.
Why was HTML5 developed?
Developed in response to
* The increased use of the web for web applications using client-side JavaScript (XHR, AJAX etc)
* Concerns about Adobe Flash in relation to openness, reliability, security, and performance
* Concerns about the inconsistency of handling invalid markup across browsers
* Overuse of semantic-light markup (div, span) which go against the semantic intent of HTML
HTML5 Design Principles
Compatibility (Support old content).
Utility (Separate content and presentation).
Interoperability (Well-defined behaviour with graceful error handling).
Universal Access (Work on all platforms)
XSL
Extensible Stylesheet Language. Family of XML technologies to define how XML data should be presented.
XSLT
Extensible Stylesheet Language Transformations
Transform one XML language into another e.g. HTML
XPath
Navigate XML documents
E Selects all nodes with name E
/ Selects from the root node
// Selects nodes anywhere under current node
. Selects current node
.. Selects parent of current node
@ Selects attributes
CSS vs XSL
CSS is simple and cascading (consideration of needs) but cannot modify document structure.
XSL is able to transform document structure but is complex and cumbersome with no consideration for needs of users, authors, implementers (c.f. cascading)
Internet Engineering Task Force (IETF)
Practical standards organisation
IESG
Internet Engineering Steering Group.
Manage and oversee standards process, Approves RFCs
IESG Areas
Categories of interest overseen by an area director
IETF Working Groups
Collaborative groups to develop and standardise practices
IAB
Internet Architecture Board
Provide architectural advice and oversight ensuring all proposals from IESG areas function together
IRTF
Internet Research Task Force.
Research for topics that may need standards in the future
IETF Internet Drafts
Preliminary technical specifications valid for only 6 months
IETF Requests for Comments (RFC)
Documents produced by working groups that describe specifications, guidelines and best practices.
STD describe standards.
BCP describe Best Current Practice with policies and procedures.
W3C
Corporate membership standards organisation (companies, universities, etc.)
W3C Roles
Director.
Team (Support workings of W3C).
Advisory Committee (AC) (Contains a representative from each member organisation. Reviews director’s proposals).
Advisory Board (AB) (Guide W3C in non-technical matters i.e. policy).
Technical Architecture Group (TAG) (Oversight ensuring all standards work together, like IAB)
W3C Working Group
Chartered for a specific duration to deliver a standard. May invite non-member experts
W3C Interest Group
Chartered discussion form
W3C Community Group
Discussion forum open to non-members
First Public Working Draft
Draft made public signifying beginning of work on a specification
Working Draft
Document actively being worked on by a Working Group
Last Call Working Draft
Document that the Working Group believes is ready to be publish, open for review by others
Candidate Recommendation
Demonstrates the standard has multiple independent implementations
Proposed Recommendation
Awaiting director approval
Recommendation
Formally approved, has become a W3C recommendation
Member Notes
From a member of a working group detailing a technology they want to be considered as part of a Working Group deliberation
Working Group Notes
Document decisions made
Cross-Site Request Forgery (CSRF)
Web security vulnerability. Malicious origin tricks browser into making unauthorised requests to trusted sites and carrying out actions on the users behalf without consent
Same-Origin Policy (SOP)
Restricts how resources from different origins interact. Blocks all cross-origin reads except embedded resources (Scripts cant make requests)
Cross-Origin Resource Sharing (CORS)
Selectively relaxes the Same-Origin Policy
CORS Response Headers
Specify allowed origins, methods and headers
Cross-Site Scripting (XSS)
User input allows malicious code (XSS Vector) injection.
Non-persistent has malicious code in parameters of a GET request which gets executed.
Persistent has malicious code in the state of a resource that is displayed to all users
Content Security Policy
Describes what a resource is allowed to access with
Fetch Directives (controls the places from which resources can be loaded).
Document Directives (Controls properties of a document).
Navigation Directives (Controls where a user can navigate to).
Reporting Directives (Controls where violations are reporting to).