Ans: The Content Security Policy (CSP) is an HTTP header that gives site owners fine-grained control over where their site's resources can be loaded from. Using this header is the most effective way to avoid cross-site scripting (XSS) vulnerabilities. Because retrofitting CSP into existing websites is challenging, CSP is required for all new websites and is strongly recommended for all existing high-risk sites.
The major advantage of CSP is that it prevents the usage of dangerous inline JavaScript. Inline JavaScript – whether reflected or saved – implies that incorrectly escaped user inputs can create code that the web browser interprets as JavaScript. You may easily remove virtually all XSS attacks against your site by utilizing CSP to block inline JavaScript.
Ans: ClickJacking is a type of security attack in which the user is tricked into clicking on something when they want to click on something else. HTML frames are the most commonly used method of attack.
It is sometimes referred to as user interface redressing. It gives the user the impression that they are using a standard user interface in the web page, but there is an invisible user interface in control; you might say that the user interface has been redressed. When users click something, believing it to be secure and safe, the hidden user interface takes another action.
Ans: Cross-origin resource sharing (CORS) allows several resources (for example, JavaScript, typefaces, and so on) on a web page to be requested from a domain name other than the one from which the resource was originated. It is stated to be an HTML5-supported instrument that controls XMLHttpRequest access to a separate domain.
CORS also adds new HTTP headers that allow access to authorized domains. Except for GET (or POST with specific types of MIME), the requirement requires browsers to use the HTTP OPTIONS request header to obtain a list of available HTTP methods from the server. A genuine request can be made. Customers can be informed by servers if “credentials” (containing HTTP and Cookies Verification data) must be displayed with requests.
Ans: If no attribute is present, the script is synchronously downloaded and performed, and it will not stop studying the document until it has completed the execution of the script (default behavior). Scripts are run and downloaded in the order in which they are encountered.
The defer attribute downloads the script while the file is still processing it and waits for the file to finish parsing before running it, which is equivalent to executing in a DOMContentLoaded event auditor. The deferred scripts will be performed in the correct sequence.
During document parsing, the script is downloaded under the async attribute, however, the parser will stop for script execution before it is finished parsing. The async scripts will not run in chronological sequence.
Ans: Node provides programmers with a single thread that allows them to create code easily and without bottlenecks. A node within employs a slew of POSIX threads for a variety of input and output activities, such as network calls, DNS, file operations, and so on.
When Node receives an input and output request, it utilizes or creates a thread to do that input and output operation, and when the operation is finished, it pushes the result to the event queue. As a result, the event loop executes and checks the queue, and if the Node's execution stack is empty, it adds the queue's result to execute the stack. Concurrency is controlled in the Node in this manner. S, it can be stated that an A front-end developer should be well-versed in HTML, CSS, and JQuery. A front-end developer must understand OPP and PHP. Web sites should be designed with the user in mind. The usage of code structure and commenting should be discussed with the front-end developer. CoffeeScript helps you to express your application in less code than JavaScrip.
|
|
