Application Security Testing: An Integral Part of DevOps
This script is short, making it easy to see the mistake. However, in longer scripts it's sometimes hard to figure out what's wrong. I've added Y, Z, and [ in this example to help diagnose the problem. Each of these statements puts a variable into an alert box. The alert on Y will say seconds_per_minute is: 60. The alert on [ will say hours_per_day is: 0, or, depending on your browser, the alert won't appear at all. Either way, you'll know there's a problem with the hours_per_day variable. If you can't figure out the mistake by reading the script, you'll find this type of information very valuable. Alerts are very useful debugging tools.
prompt()Another helpful built-in function is prompt(), which asks your visitor for some information and then sets a variable equal to whatever your visitor types. Figure 2-10 shows how you might use prompt() to write a form letter.
Notice that prompt() in X has two strings inside the parentheses: "What's your name?" and "put your name here". If you run the code in Figure 2-10, you'll see a prompt box that resembles Figure 2-11. (I've used the Opera browser in this illustration; prompt boxes will look somewhat different in IE and other browsers.) If you type Rumpelstiltskin and click OK, the page responds with
Dear Rumpelstiltskin, Thank you for coming to my web page.The text above the box where your visitors will type their name ("What's your name?") is the first string in the prompt function; the text inside the box ("put your name here") is the second string. If you don't want anything inside the box, put two quotes ("") right next to each other in place of the second string to keep that space blank:
Nifty, eh?The prompt() function is handy because it enables your visitor to supply the variable information. In this case, after the user types a name into the prompt box in Figure 2-10 (thereby setting the variable the_name), your script can use the supplied information by calling that variable.
ParametersThe words inside the parentheses of functions are called parameters. The document.write() function requires one parameter: a string to write to your web page. The prompt() function takes two parameters: a string to write above the box and a string to write inside the box.
Parameters are the only aspect of a function you can control; they are your means of providing the function with the information it needs to do its job. With a prompt() function, for example, you can't change the color of the box, how many buttons it has, or anything else; in using a predefined prompt box, you've decided that you don't need to customize the box's appearance. You can only change the parameters it specifically provides-- namely, the text and heading of the prompt you want to display. You'll learn more about controlling what functions do when you write your own functions in Chapter 6.
var now = new Date();The first part of this line, var now =, should look familiar. It sets the variable now to some value. The second part, new Date(), is new; it creates an object.
var now = new Date(); var the_year = now.getYear();
Date and Time MethodsIn the code above, the variable now is a Date object, and the function getYear() is a method of the Date object. Methods are simply functions that are built in to objects. For example, the getYear() function is built in to the Date object and gets the object's year. Because the function is part of the Date object, it is called a method. To use the getYear() method to get the year of the date stored in the variable now, you would write:
now.getYear()Table 2-1 lists commonly used date methods. (You can find a complete list of date methods in Appendix C.)
NOTE: Notice that getMonth() returns a number between 0 and 11; if you want to show the month to your site's visitors, to be user-friendly you should add 1 to the month after using getMonth() as shown in Y in Figure 2-12.
Internet Explorer and various versions of Netscape deal with years in different and strange ways:
- Some versions of Netscape, such as Netscape 4.0 for the Mac, always return the current year minus 1900. So if it's the year 2010, getYear() returns 110.
- Other versions of Netscape return the full four-digit year except when the year is in the twentieth century, in which case they return just the last two digits.
- Netscape 2.0 can't deal with dates before 1970 at all. Any date before January 1, 1970 is stored as December 31, 1969.
- In Internet Explorer, getYear() returns the full four-digit year if the year is after 1999 or before 1900. If the year is between 1900 and 1999, it returns the last two digits.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...