Joey Javas

var LoopNumber = 5;
for (i=1;i<=LoopNumber;i++)
{
alert(i);
}

The preceding codes works as follows:

The loop variable (i) is initiated at a certain number – in this case 1.

A condition is set for when the loop should end – in this case it is when the loop variable has been incremented to a number greater than 5.

The loop variable is incremented. The loop variable could alternatively be decremented here by using two minus signs (–).

I heard about Jitko today on Security Now, a podcast I listen to regularly. On March 24, 2007, at the ShmooCon Hacker’s Conference, Billy Hoffman gave a presentation titled “JavaScript Malware for a Grey Goo Tomorrow.” As part of this presentation, Hoffman demonstrated a piece of software he’d written called Jitko. Jitko uses JavaScript to inject itself into a web browser via web forms. It does this by attaching non-standard characters to the data being passed by the form. These non-standard characters cause the browser to execute JavaScript which invokes cross-site scripting. Once it’s running in the browser, Jitko can search other sites, determine which sites have JavaScript vulnerabilities and report those sites back to a third party.

Unfortunately, one of the attendees at the conference quickly noted the URL from which the JavaScript was being served, went to the URL in the brief time it was available during the conference and posted the code for public consumption. It has since been removed by the conference attendee but the code was picked up by others and is believed to be available on the Internet.

There is a lot to this and as I come to understand it better, I will post another blog. For now, please reference the following:

Security Now Episode #85: Intro to Web Code Injection
JavaScript botnet code escapes ShmooCon, leaks to Web
JavaScript Flaw Causes Con-Sternation

In JavaScript numbers can be validated to be of a certain length. For example, the following regular expression can be used to validate that a numeric value is two digits in length:

document.write(/^\d\d$/.test(22));

This simply calls the \d character class twice. Using curly braces {} this statement can be made even simpler:

document.write(/^\{2}$/.test(22));

The curly braces specify that exactly the number of occurrences specified should be matched. The curly braces can be further expanded to include a comma to specify that the number of digits must match between the length specified in the first and second arguments.

document.write(/^\d{2,4}$/.test(22));

The preceding will match any digit that is between two and four digits in length.

Related articles:
JavaScript Regular Expressions
JavaScript Regular Expression Special Characters: $ ^
JavaScript Number Validation (Integer)
JavaScript Regular Expression Backslash

The asterisk (*) special character is used in JavaScript regular expressions to match zero or more occurrences of the previous item.

var StringToTest = 'abc1';
var IsFound = /^\w{3}\d*$/.test(StringToTest);
alert(IsFound);

The preceding code will return true for any three-character string, followed by zero or more digits.

Related articles:
JavaScript Regular Expressions
JavaScript Regular Expression Special Characters: $ ^

The backslash (\) has special meaning in JavaScript regular expressions. It’s used before certain characters as a way to provide a special meaning. For example, the /t/ as a regular expression matches itself literally. If it is preceded by the backslash character in the regular expression, such as /\t/, the regular expression would match a tab.

The general regular expression backslash usages are listed below:

\t = tab
\n = newline
\f = form feed
\r = carriage return
\w = any ASCII word character
\W = any character that is not an ASCII word character
\d = any ASCII digit
\D = any character that is not an ASCII digit
\s = any whitespace character
\S = any character that is not a whitespace character

The backslash character can also be used in front of characters that are used specially in regular expressions as a way to match those characters literally. For example, the dollar sign ($) is used in regular expressions to specify the end of a pattern. To match it literally, precede it with a backslash, such as /\$/.

Related Articles:
JavaScript Regular Expressions

The Plus Sign (+) special character is used in JavaScript regular expressions to match one or more occurrences of the previous item.

var NumberToTest = '1234';
var IsFound = /^\d+$/.test(NumberToTest);
alert(IsFound);

The preceding code will return true for any length of digits that begin and end with a digit.

Related articles:
JavaScript Regular Expressions
JavaScript Regular Expression Special Characters: $ ^

The Question Mark (?) special character is used in JavaScript regular expressions to match zero or one occurrences of the previous item.

document.write(/^\d{2}\d?$/.test(123));

The preceding code will return true for exactly two digits, with an optional third digit. If the test number is updated to 1234, the code will return false.

Related articles:
JavaScript Regular Expressions
JavaScript Regular Expression Special Characters: $ ^

Decimals can be validated in JavaScript using a regular expression:

document.write(/^-?\d+(\.\d+)?$/.test('15.22'));

Broken down into sections:

^-?\d+ - The string being tested must begin with an optional minus sign, followed by 1 or more digits
(\.\d+)? - Followed by an optional period, which, if present must be followed by 1 or more digits.

Related Articles:
JavaScript Regular Expressions
JavaScript Regular Expression Special Characters: $ ^
JavaScript Number Validation (Integer)
JavaScript Regular Expression Plus Sign

JavaScript does not have a native trim function. Creating a trim function for use in JavaScript is not difficult, however.

Example:

function trim(value)
{
//Takes any spaces at the front of the string (^)
//or (‘|’) at the end of the string ($)
//and replaces them with an empty string
var strValue = value.replace(/^\s+|\s+$/,'');
return strValue;
}

var TrimThis = ' JavaScript trim ';
//Before trim is applied on the string,
//the character at position 0 is a space
document.write(TrimThis.charAt(0));

var TrimmedString = trim(TrimThis);
//After the trim is applied,
//the character at position 0 is J
document.write(TrimmedString.charAt(0));

The JavaScript replace function takes two arguments:

The first is a regular expression (or a string)
The second is a replacement string

var StartString = 'Rub';
var ReplacedString = StartString.replace(/[rb]/gi,'n');
document.write(ReplacedString);//Result is nun

The 'gi' makes it a global (g), case-insensitive (i) replacement.

Related articles:
JavaScript Regular Expressions
JavaScript Regular Expression Case-Sensitivity
JavaScript Regular Expression Square Brackets