Web
Table of Contents
Web is subset of internet consisting of a "web" of interconnected documents, specifically through hyperlinks.
1. HTML
HyperText Markup Language
<!DOCTYPE html> <!-- indicate this is HTML5 -->
<html>
<head>
<!-- a section for metadata -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="<uri>">
<script defer>
<!-- this javascript runs after all the elements are loaded -->
</script>
<script src="<uri>"></script>
<style>
/* css */
</style>
</head>
<body>
<!-- a section for content -->
</body>
</html>
1.1. Head
1.1.1. meta
This tag defines key-value pairs that the browsers and other sites find useful.
viewport- The mobile browser often has a large render space, and zoom in the content for the user. This variable controls how the site should be rendered.
widthcontrols the top level width for the relatively positioned blocks.- Be warned that for the fixed and absolutely positioned blocks it does not apply.
initial-scalesets how much the page is zoomed in.maximum-scale,minimum-scalesets the boundary of zooming.minimum-scaleaffects the top-level width for the fixed and absolutely positioned blocks.
1.2. Symbol and Marker Entities
| Char | Number | Entity | Description |
|---|---|---|---|
‎, ‏ |
Implicit directional marks |
2. JavaScript
2.1. Closure definition
(function () {
var ready = new Promise(...);
function sendNativeRequest(request, sendResponse) {
ready.then(...);
}
return {
sendNativeRequest: sendNativeRequest,
...
};
})();
- It creates single runtime object and its contents are all truely private.
2.2. Anonymous Function
sum = function (a, b) { return a + b };
// arrow function
sum = (a, b) => a + b;
// currying
sum = a => b => a + b;
2.3. Others
- Javascript code can be executed by clicking a bookmark entry, simply
by adding
javascript:prefix to the url as a protocol.
2.4. JSON
- JavaScript Object Notation
3. HTTP
- Hypertext Transfer Protocol
It is protocol that are sent encapsulated within TCP packets
3.1. Protocols
HTTP/0.9
- No status code, only GET
HTTP/1
- The TCP handshake and TLS is made every request.
HTTP/1.1
- Persistent Connection: the connection not closed unless it is explicitly told so.
- Pipelining: Multiple request over one TCP connection without
waiting for the response.
- Problem with Head-of-Line Blocking: The later requests has to wait for the delaying previous response.
- Pipelining was not widely used. Instead, Domain Sharding was employed.
- Chucked Transfer Encoding: Sever transfer data in chunk for large and dynamic contents.
- Cache-Control: The age of data can be specified for it to be cached.
- ETag: Conditionally request data. For example, if it has changed since last visit.
HTTP/2
- The header and body of a message is framed within Binary Framing
Layer, instead of the previous plain text format.
- Multiple independent request can be made through a single TCP connection using the Binary Framing Layer.
- Stream Prioritization: Set the priority of loading certain data.
- Server Push: Server can send multiple response.
- HPACK Compression: Header is now compressed. Repeated tags are compressed.
HTTP/3
- Use QUIC instead of TCP
- It is connectionless, and the handshake is much faster. It uses connection ID that is independent of IP addresses.
- It handles network changes better.
3.2. Web Procedure
- Initial Browser Request
- Browser cannot assume which protocol is available from the server.
Therefore it use the lowest possible protocol, often HTTP/1.1 or
HTTP/2.
- The protocol informations can also be provided by the DNS server.
- Some servers just refuse to connect when the protocol is not matched.
- Modern browser uses HTTPS by default for security reasons, unless the IP address is directly specified.
- Browser cannot assume which protocol is available from the server.
Therefore it use the lowest possible protocol, often HTTP/1.1 or
HTTP/2.
- Initial Server Response
- The server can replies with which protocols are available using
the
Alt-Svcfield.- e.g.
h3for HTTP/3.
- e.g.
- The server can also redirect the HTTP, port 80, to HTTPS, port 443.
- The domain name the user used is passed as the
:authority:(pseudo) field in the request header, so that it can be checked whether it is the case of cross-origin, when using HTTPS.- The
strict-origin-when-cross-originpolicy.
- The
- In the case of HTTPS, the browser blocks the initial connection if
the returned certificate does not match:
- Common Name: the url user used
- …
- The server can replies with which protocols are available using
the
- Renewed Browser Request
- Browser reconnect (when available) with the specified protocol.
3.3. CORS
Cross origin access is the behavior of an web page from a domain accessing the resources of the different domain. The cross-origin is allowed in a restricted manner by default.
A request to cross-origin is checked, by the browser and the server whether it is valid.
The browser preflight the HTTP OPTIONS request and gets
approval from the server with Access-Control-Allow-Origin (ACAO).
The actual request by the web page is then made.
3.4. Ajax
- Asynchronous JavaScript and XML
- The decoupled data interchange form the display of the web page.
4. Security
4.1. TLS
- Let's Encrypt provides free TLS certificates that can be easily installed with
certbot.
4.2. OAuth
- Open Authorization
Figure 1: flow
This is used for a limited access by third-party through HTTP by issuing an access token to them.
It can
- Granting partial authorizations with a special access tokens.
- Connect accounts.
- Login with other accounts.
5. Browser
5.1. Local Storage
- Simple Per-page key-value storage that is persistent.
- Set with
localStorage.setItem(string key, string value)and get withlocalStorage.getItem(string key) -> string valuein 2.
6. Examples
6.1. Excalidraw
Based on React
6.1.1. Export
exportCavas(type, elements, appState, fijles, {...})
in excalidraw.com/packages/excalidraw/data/index.ts is the function that
handles all exports.
The type of elements is hidden in the excalidraw.com/packages/element/types
which is not visible to the user.