AngularJS - MVC Architecture
Majority of javascript developers use AngularJs MVC pattern, because its offers architectural benefits over standard javascript.
It decouples the model and view which leads to effortless maintenance in the project.
Model
Model represents the current state of the application data.
Model is primarily concerned with business data.
Model consistently notifies its observers (e.g views) that a change has occurred so that views reacts accordingly.
For... An Introduction to the AngularJS Basics Directives Part1
ngApp
The first ngApp found in the document is used to define the root element to auto-bootstrap an application. ngapp is typically placed near the root element of the page like in the body or html tag.
ng-app executes at priority level 0.
ngInit
This directive is used to initialize the application data.
ng-init executes at priority level 450.
ngRepeat
This directive is used to iterate over the properties of an object.
ng-repeat executes... Two way data binding vs Traditional Approach in AngularJS with example
Two-way data-binding
Two way data binding means automatic synchronization of data between the model and view components.
Whenever the model changes,angular will cause the view to automatically update leading to no explicit DOM (Document Object Model) manipulation and vice versa.
Two way binding example in AngularJS
<script src="http://ajax.googleapis.com/ajax/libs/angularjs/1.3.14/angular.min.js">
</script>
<div ng-app="">
Name:... Advantages and Disadvantages of AngularJS
Key Features of AngularJS
Two-way data-binding
Two way data binding means automatic synchronization of data between the model and view components.
Whenever the model changes,angular will cause the view to automatically update leading to no explicit DOM (Document Object Model) manipulation and vice versa.
READ MORE
Minimal Code
AngularJS reduces the number of LOCs when compared to Javascript/JQuery.
Directives
At a high level, directives are... How to resolve VeraCode Improper Resource Shutdown or Release
Description
The application fails to release (or incorrectly releases) a system resource before it is made available for re-use.
This condition often occurs with resources such as database connections or file handles.
Most unreleased resource issues result in general software reliability problems,
but if an attacker can intentionally trigger a resource leak, it may be possible to launch a denial of service attack by depleting the resource pool.
Recommendations
When a resource is created or allocated, the developer is responsible for properly... Eligible Object for Garbage Collection when all the references of that parent object explicitly assigning to null
Overview
JVM will reclaim the unused object from heap memory for future use.Unused Object means no longer referenced by any part of your program pointer to that object.
To demonstrate unused object is reclaim by garbage collector by calling System.gc() function.System.gc() method provides just a "hint" to the JVM that garbage collection should run.
But It is not guaranteed!!
Parent object set to null
If an object holds reference of another object and when you set container object's reference null, child or contained object automatically becomes... What is AngularJS?
Open Source Javascript Framework.
AngularJS is a structural framework for dynamic web application.
Perfect for Single Page Application (SPA).
It was developed in 2009 by Misko Hevery.
It is now officially supported by Google.
It extends HTML with new attributes.
There is no need of any server side Script like jsp,asp etc.
It can run anywhere where javascript can run because angularjs is completely written in javascript framework.... Eligible Object for Garbage Collection when the references of that object or instance lifetime will expire
Overview
JVM will reclaim the unused object from heap memory for future use.Unused Object means no longer referenced by any part of your program pointer to that object.
To demonstrate unused object is reclaim by garbage collector by calling System.gc() function.System.gc() method provides just a "hint" to the JVM that garbage collection should run.
But It is not guaranteed!!
Instance lifetime or Scope of Object
Object References is vanishes at the end of the scope.No way to access the object, because the only reference to it is out of scope.
But... Eligible Object for Garbage Collection when all the references of that object explicitly assigning to Circular Link
Overview
JVM will reclaim the unused object from heap memory for future use.Unused Object means no longer referenced by any part of your program pointer to that object.
To demonstrate unused object is reclaim by garbage collector by calling System.gc() function.System.gc() method provides just a "hint" to the JVM that garbage collection should run.
But It is not guaranteed!!
Circular Nature
Object References is Circular Nature means initially Object is created on own memory address on heap memory and later more than one objects pointing to... Eligible Object for Garbage Collection when all the references of that object explicitly assigning to null
Overview
JVM will reclaim the unused object from heap memory for future use.Unused Object means no longer referenced by any part of your program pointer to that object.
To demonstrate unused object is reclaim by garbage collector by calling System.gc() function.System.gc() method provides just a "hint" to the JVM that garbage collection should run.
But It is not guaranteed!!
Below Example - Garbage Collector is called before object assigning to null value
public class EligibleSetNull {
protected void finalize(){
System.out.println("Unused... How to fix VeraCode Improper Output Neutralization for Logs
Description
A function call contains an HTTP response splitting flaw. Writing unsanitized user-supplied input into an HTTP header allows an attacker to manipulate the HTTP response rendered by the browser, leading to cache poisoning and crosssite scripting attacks.
Recommendations
Avoid directly embedding user input in log files when possible. Sanitize user-supplied data used to construct log entries by using a safe logging mechanism such as the OWASP ESAPI Logger, which will automatically remove unexpected carriage returns and line feeds and... How to fix VeraCode Improper Neutralization of CRLF Sequences in HTTP Headers
Description
A function call contains an HTTP response splitting flaw. Writing unsanitized user-supplied input into an HTTP header allows an attacker to manipulate the HTTP response rendered by the browser, leading to cache poisoning and crosssite scripting attacks.
Recommendations
Remove unexpected carriage returns and line feeds from user-supplied data used to construct an HTTP response. Always validate user-supplied input to ensure that it conforms to the expected format, using centralized data validation routines when possible.
For More detail... How to fix VeraCode Improper Neutralization of CRLF Sequences Injection
Description
A function call contains a CRLF Injection flaw. Writing unsanitized user-supplied input to an interface or external application that treats the CRLF (carriage return line feed) sequence as a delimiter to separate lines or records can result in that data being misinterpreted. FTP and SMTP are examples of protocols that treat CRLF as a delimiter when parsing commands.
Recommendations
Sanitize CRLF sequences from user-supplied input when the data is being passed to an entity that may incorrectly interpret it. For More detail -
CWE-93:... How to fix VeraCode URL Redirection to Untrusted Site Open Redirect
Description
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link to generate
a redirect.
Recommendations
Always validate user-supplied input to ensure that it conforms to the expected format, using centralized data validation routines when possible. Check the supplied URL against a whitelist of approved URLs or domains before redirecting.
For More detail - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Issue Code
url = "/myapp/"+reqNo+"/view";
((HttpServletResponse)response).sendRedirect(url);
Fixed...
Subscribe to:
Posts (Atom)
|
