Servlet eg.

<h2>Table of Square Roots</h2>

<table border=2>
<tr>
<td><b>Number</b></td>
<td><b>Square Root</b></td>
</tr>
<%
for (int n=0; n<=100; n++)
{
%>
<tr>
<td><%=n%></td>
<td><%=Math.sqrt(n)%></td>
</tr>
<%
}
%>
</table>

Illustrate the principle of exchanging E-mail

(7) May 15

Explain the Email process? (7) May13

From an email client, youll typically compose a message, attach any necessary files, and
send it to the recipient

What is an Email?
Till 1971, people were able to send messages to other people working on same system
only. In 1971, the first e-mail message was sent by Ray Tomlinson. Though that was a
very simple message based communication but it formed the basis of how advanced
e-mails have become today.
The main components of an e-mail system that facilitate sending and receiving of emails on Internet are :

An e-mail client

An e-mail server (SMTP server)

POP and IMAP servers.

An Email Client

If you use e-mails for online communication the you would definitely be using an email client. An e-mail client provides you with the following capabilities :

Provides a list of messages that people have sent to you. Each entry in the list
contains the name of sender, a subject, a few words from the message body and the
time/date on which it was received.

Provides the ability to read a complete message, reply to it or forward it to other

people.

Provides the ability to compose a new message and send it to the desired recipients.

Delete a message.

The e-mail clients could be standalone (like Microsoft Outlook, Pegasus etc) or could
be web based (like gmail, yahoo etc). There could be many advanced abilities that email clients may provide but whatever the type of e-mail client be, the core abilities
described above are provided by all type of clients.

An Email Server
Whenever you send a message from your e-mail client, it goes to an e-mail server.
The e-mail server manages the messages received by it. It forwards the message to a
POP or IMAP service if the message is to be sent to a recipient on the same subnet
else it follows the standard procedure to send the message over Internet to the
destined person.
An e-mail server comes into the picture twice if e-mail is sent over Internet to a
remote destination. First its the senders e-mail server that sends the e-mail over the
Internet and second is the receivers e-mail server that receives the e-mail and makes
sure that it is delivered to the recipients system. On the other hand, an E-mail server
comes into picture only once when the recipient is on the same subnet.
SMTP servers are widely used as e-mail servers all over the internet. An SMTP server
is also known as Mail Transfer Agent (MTA).
You also may want to read Journey of a Data Packet in Internet, which explains how
packets traverse on Internet.

POP and IMAP Servers

As already explained, these servers come into the picture when a message is received
by SMTP server and it needs to be forwarded to the actual recipient. Lets discuss
both these servers one by one :
POP
POP stands for Post Office Protocol. A POP (or POP3) server in its simplest form
stores the messages for a particular user in a text file. The file for a particular user is
appended with information each time an e-mail is received by a POP server. If your
e-mail client is configured to use a POP3 protocol then whenever you try to fetch emails through your e-mail client then a request is sent to your POP server for the
same.
A POP server requires the log-in credentials of a user that are sent through e-mail
client. Once a user is authenticated, the POP server provides access to users e-mails.
As with any client server architecture, the e-mail client interacts with the POP server
through a predefined set of commands.
Here is a list of common commands used to interact with POP server :

USER For User-ID

PASS For Password

LIST Provide message list

DELE To delete a message

QUIT To end the interaction

Please note that the e-mail client connects to port 110 on the server where POP
service is running. After connecting the e-mail client issues the commands (as
described above) to the POP server to authenticate, fetch e-mail, list e-mails etc.
One small problem with POP servers is that once an e-mail client fetches the e-mails
from this server on client machine, it gets difficult to access the same e-mails from
any other device or system as they get downloaded on client machine and are
removed from the server. Though there exists and option Keep a copy on server
through which e-mail clients can tell the server not to delete the e-mails. But, this
leads to multiple copies of your mailbox on clients as well as on server and so it
makes the management of e-mails difficult.

IMAP
IMAP stands for Internet message access protocol. This protocol is also used to
access e-mails but it is far more capable than POP. One of the most prominent
feature an IMAP server provides is the central access to e-mails. Unlike POP server,
an IMAP server keeps the e-mails on the server itself and so you can access e-mails
from any machine or device.
This server also provides easy management of e-mails like searching, categorizing the
e-mails and placing them into various sub-folders etc. The only problem that one
could imagine with IMAP server is that you always need an Internet connection so
that the e-mail client is able to fetch e-mails from the IMAP server. But today, almost
all of the e-mail clients have the capability to cache the e-mails so that you can even
view them when you are offline.
To interact with IMAP server, the e-mail client connects to server machine on port
143. As with POP, IMAP server also understands a set of commands which the e-mail
client uses to connect with the server.

An e-mail client like Gmail, yahoo, outlook etc is used to create or reply to an
e-mail.

Once the e-mail is drafted successfully, it is sent using the e-mail client.

This e-mail first goes to the SMTP server (also known as MTA (Mail transfer
agent) ) to which the e-mail client is connected.

The e-mail server looks out for the recipients address. The address is of the
form <name>@domain.com

The e-mail server first uses the DNS technique to resolve the domain name
into a valid IP address.

Next it sends the e-mail to to this IP address over the Internet.

Now the e-mail traverses over the Internet in a series of IP packets and
reaches the destination SMTP server or the MTA.

This server collects all the e-mails and places them to appropriate location so
that these are accessible to your e-mail clients through POP or IMAP services.

Discuss in detail about servlet life cycle? (9) Nov-12

Explain the servlet API? (15) May-13

What is Servlet ?: A Servlet is a Java program that runs within a servlet container. Servlets
receive and respond to requests from Web clients. Servlets could in principle communicate
over any clientserver protocol, but they are most often used with the HTTP protocol. Thus
"servlet" is often used as shorthand for "HTTP servlet". As every object is having a life-cycle
so as of servlet instance.
The life-cycle of a servlet is controlled by the container in which the servlet has been
deployed. Life cycle of servlet can be broadly divided into three stages :
1. Initialization stage - init() Executed only once
2. Service stage service() - For each request
3. Destroy stage. destroy() - Executed only once
We can represent all three method executing in servlet container as follows :

Diagram taken from : http://www3.ntu.edu.sg/

1. Initialization phase : In this stage web-container initializes the servlet instance by calling
the init() method and ONE instance per JVM for each servlet is created. It is important to
note that init() method can be invoked in either of two ways :
1. On demand basis - On arrival of first HTTP request for the given servlet .
2. On Servlet container start: - When servlet container start,it reads the web.xml ,finds the
declared servlets in the classpath and if <load-on-startup> is configured with an integer value
0 or more then for the given servlet one instance of that servlet will be created and are stored
in memory and reused every time the request arrives. (Always remember
REUSED !!).Sample code for servlet config of load-on-startup:
<servlet>
<servlet-name>controlServlet</servlet-name>
//Mapping details .....
<load-on-startup> 1 </load-on-startup>
</servlet>
Note : load-on-startup can specify an (optional) integer value. If the value is greater than 0, it
indicates an order for servlets to be loaded, servlets with higher numbers get loaded after
servlets with lower numbers.
Please note, init(ServletConfig) is being called by the servlet container to indicate a servlet
that the servlet is being placed into service.We can override this init() method see this for
reference.
public void init(ServletConfig config) throws ServletException
{
//some initialization - like getting database connection,
// resource management etc.

}
Here is a visual explanation of Instantiation phase, in layman terminology.
Notes :
init() is not the entry point of a servlet. servlet constructor is executed before
execution of init() but it is not recommended to use constructor for any Servlet. why?
Find here
The container would decide how many instances of servlet would be instantiated
upfront to cater the requests.This is container implementation..(Confused !! But it's
fact)
2. Service phase : In this stage for every new request a new thread is created or allocated
from a pool to invoke that servlet instance which was created in earlier stage . The
HttpRequest and HttpResponse objects will be new for each new request.
How HTTP request coming from web client is served by servlet ?
On request arrival web container(servlet container) calls service() method of servlet and the
service() method determines the kind of request and calls the appropriate method (doGet() or
doPost() for handling the request and sends response to the client using response object.
HttpServlet(javax.servlet.http.HttpServle) class reads the HTTP request(coming from client),
and determines if the request is an HTTP GET, POST, PUT, DELETE, HEAD etc. and calls
one the corresponding method.
Notes :
It is important to note that each request is served by a new thread if and only if our
servlet is not implementing SingleThreadModel interface. It is not recommended to
use SingleThreadModel interface.
Is servlet threadsafe ? Answer is : No, but we can make by it thread-safe by following
some standard so that it can serve multiple request in thread safe manner.
3. Destroy phase : When a servlet is unloaded by the servlet container, its destroy()
method is called. It is executed only once in servlet life cycle. A servlet is unloaded by the
container if the container shuts down, or if the container reloads the whole web
application at run-time.

What is servlet? Explain the various merits of it over CGI (8)- Nov-12
Servlets are server side components that provides a mechanism for developing
server web applications for server side.

Earlier CGI was developed to provide server side Capabilities to the web
applications, But due to its Performance, Scalability and Reusability issues, Servlets
are preferred.

Java Servlets overcome all the issues of CGI ( Common Gateway Interface ).

Servlets are built from ground up using Sun's Write one run
anywheretechnology, java servlets provide excellent framework for server side
processing.

Web Developers can create fast & efficient server side applications using java
servlets and can run it on any web server which is servlet compatible.

servlets run entirely inside the java Virtual Machine.

since servlets runs on server side, it does not check for Browser Compatibility.

Advantages of Servlets over CGI

Servlets mainly have 5 Advantages over CGI, they are

1) Platform Independent
Platform Independence plays a major in the field where there are numerous
number of web servers available to choose from.

Servlets are written entirely in java, due to which they are platform
independent.

Servlets can run on any servlet enabled web-server.

Ex: web applications developed in windows machine running java web server, can
easily run the same on apache web server ( if Apache server is installed ), without
any modification or compilation of code.

2) Performance
Due to interpreted nature of java, programs written in java are slow. But java
servlets run very fast. it is because the way servlets run on web server.

For any program Initialization takes significant amount of time in its life
cycle. But in case of servlets initialization takes place only once when it receives the
first request & remains in memory till times out or server shuts down's.

Once servlet is initialized & loaded, to handle a new request it simply creates
a new thread and runs service method of servlet.

In case of CGI scripts, always a new process should be created to serve a

request.
3) Extensibility

Servlets are developed in java which is robust, well-designed & Object

oriented language which can be extended or polymorphed into a new object

java servlets take all java's advantages to provide the ideal solution.
4) Safety

Java provides very good safety feature's like Memory management, Exception
handling etc.

Servlets inherit all these features & had emerged as a very powerful web
server extension.
5) Security

Since servlets are server side Components, it inherits the security of server.
Servlets are also benefited with java security manager, provided by web

server.

2. (a) Write short notes on Protocol tunneling.

(8) may 15

Tunneling, also known as "port forwarding," is the transmission of data intended for use only
within a private, usually corporate network through a public network in such a way that the
routing nodes in the publicnetwork are unaware that the transmission is part of a
private network.

Information that flows over the Internet, or between any two digital devices, does so using protocols.
These protocols divide the message into different parts (usually two): One containing the actual data
being transmitted, and one containing information regarding the rules of the transmission. In order
for a connection to be established, both sides have to understand and use the same communication
protocol. A tunneling protocol is one that encloses in its datagram another complete data packet that uses a
different communications protocol. They essentially create a tunnel between two points on a network that
can securely transmit any kind of data between them.
Generally, these types of protocols are used to send private network data over a public network, usually
when creating a virtual private network (VPN), but can also be used to increase the security of unencrypted
data when it is sent over a public network. There are a number of popular tunneling protocols, such as
Secure Socket (SSH), Point-to-Point Tunneling (PPTP) and IPsec, with each being tailored for a different
specific tunneling purpose.

Layer 2 Tunneling Protocol (L2TP)

Layer 2 tunneling technologies: A tunnel is similar to a session; both of the tunnel
endpoints must agree to the tunnel and must negotiate configuration variables, such as
address assignment or encryption or compression parameters. In most cases, data
transferred across the tunnel is sent using a datagram-based protocol. A tunnel
maintenance protocol is used as the mechanism to manage the tunnel.

Layer 2 Tunneling Protocols

Layer 2 protocols correspond to the data-link layer and use frames as their unit of
exchange. PPTP and L2TP and Layer 2 Forwarding (L2F) are Layer 2 tunneling
protocols; both encapsulate the data in a PPP frame to be sent across an Internet.
L2TP Access Concentrator (LAC): An LAC device is attached to the switched
network fabric, such as Public Switched Telephone Network (PSTN) or ISDN or
collocated with a PPP end system capable of handling the L2TP protocol
L2TP Network Server (LNS): LNS operates on any platform capable of PPP termination.

Because tunneling protocols hide a complete packet within the datagram, there is the potential for misuse.
Tunneling is often used to get past unsophisticated or poorly configured firewalls by enclosing blocked
protocols within protocols that the firewall allows through. The use of tunneling protocols also makes it
difficult to complete tasks such as deep packet inspection, where network infrastructure looks at the
datagram for suspicious data, or ingress/egress filtering, which sanity-checks data destination addresses to
help ward off potential attacks. There are even reports of malware being transmitted using the new IPv6
technology, which has to use tunneling to transmit to or through devices that aren't IPv6-ready.
As a potential threat, tunneling protocols only need to be on the radar of networking or IT professionals, who
have to ensure their systems can block unwanted tunnels and are configured to apply security protocols to
data sent in using a known tunnel, like data sent through a VPN.

(b) Why is web maintenance is required? Explain the methods of maintaining the web. (7)
may-15

The World Wide Web (WWW) is a system for exchanging information over the
Internet. At the most basic level, the Web can be divided into two principal
components: Web servers, which are applications that make information
available over the Internet (in essence, publish information), and Web browsers
(clients), which are used to access and display the information stored on the Web
servers
Unfortunately, Web servers are often the most targeted and attacked hosts on organizations networks.
As a result, it is essential to secure Web servers and the network infrastructure that supports them. The
following are examples of specific security threats to Web servers:
Malicious entities may exploit software bugs in the Web server, underlying operating system, or
active content to gain unauthorized access to the Web server. Examples of this unauthorized
access include gaining access to files or folders that were not meant to be publicly accessible
(e.g., directory traversal attacks) and being able to execute commands and/or install software on
the Web server.
Denial of service (DoS) attacks may be directed to the Web server or its supporting network
infrastructure, denying or hindering valid users from making use of its services.
Sensitive information on the Web server may be read or modified without authorization.

Sensitive information on backend databases that are used to support interactive elements of a Web
application may be compromised through command injection attacks (e.g., Structured Query
Language [SQL] injection, Lightweight Directory Access Protocol (LDAP) injection, cross-site
scripting [XSS]).
Sensitive information transmitted unencrypted between the Web server and the browser may be
intercepted.
Information on the Web server may be changed for malicious purposes. Web site defacement is a
commonly reported example of this threat.
Malicious entities may gain unauthorized access to resources elsewhere in the organizations
network via a successful attack on the Web server.
Malicious entities may attack external entities after compromising a Web server host. These attacks
can be launched directly (e.g., from the compromised host against an external server) or indirectly
(e.g., placing malicious content on the compromised Web server that attempts to exploit
vulnerabilities in the Web browsers of users visiting the site).
The server may be used as a distribution point for attack tools, pornography, or illegally copied
software.
These indirect attacks occur in two forms:
Phishing, where attackers use social engineering to trick users into logging into a fake site
Pharming, where Domain Name System (DNS) servers or users host files are compromised to
redirect users to a malicious site in place of the legitimate site.
The following key guidelines are recommended to Federal departments and agencies for maintaining
a secure Web presence.
Organizations should carefully plan and address the security aspects of
the deployment of a public Web server.
Organizations should implement appropriate security management
practices and controls when maintaining and operating a secure Web
server.
Organizations should ensure that

Web server operating

systems

are deployed, configured, and managed to meet the security

requirements of the organization.
Organizations should ensure that the Web server application
is deployed, configured, and managed to meet the security
requirements of the organization.
Organizations should take steps to ensure that only appropriate
content is published on a Web site.
Organizations should ensure appropriate steps are taken to protect
Web content from unauthorized access or modification.
Organizations should use active content judiciously after balancing the
benefits gained against the associated risks.

Organizations must use authentication and cryptographic technologies

as appropriate to protect certain types of sensitive data.
Organizations should employ their network infrastructure to help
protect their public Web servers.
Organizations should commit to the ongoing process of maintaining the
security of public Web servers to ensure continued security.
Methods :

Planning and Managing Web Servers

Plan the configuration and deployment of the Web server
Choose appropriate OS for Web server
Choose appropriate platform for Web server

Securing the Web Server Operating System

Patch and upgrade OS
Remove or disable unnecessary services and applications
Configure OS user authentication
Configure resource controls appropriately
Install and configure additional security controls
Test the security of the OS

Securing the Web Server

Securely install the Web server
Configure OS and Web server access controls
Configure a secure Web content directory

Securing Web Content

Ensure that none of the following types of information are available on or through a public Web
server

Establish an organizational-wide documented formal policy and process for approving public
Web content that
Identifies information that should be published on the Web
Maintain Web user privacy
Mitigate(ie avoid) indirect attacks on content
Client-side active content security considerations
Maintain server-side active content security

Using Authentication and Encryption Technologies for Web Servers

Configure Web authentication and encryption technologies
Configure SSL/TLS
Protect against brute force attacks

Implementing a Secure Network Infrastructure

Identify network location
Assess firewall configuration
Evaluate intrusion detection and prevention systems
Assess network switches
Evaluate load balancers
Evaluate reverse proxies

Administering the Web Server

Perform logging
Perform Web server backups
Recover from a compromise
Test security
Conduct remote administration and content updates

Demilitarized Zone
A demilitarized zone (DMZ) describes a host or network segment inserted as a neutral zone
between an organizations private network and the Internet. It prevents outside users of the Web server
from gaining direct access to an organizations internal network (intranet). A DMZ mitigates the risks
of locating a Web server on an internal network or exposing it directly to the Internet. It is a
compromise solution thatoffers the most benefits with the least amount of risk for most organizations.
The DMZ allows access to the resources located within it to both internal and external users. There
are a wide variety of DMZ configurations, each with its own strengths and weaknesses.
Creating a DMZ involves placing a firewall between an organizations border router and its internal
network, and creating a new network segment that can only be reached through the DMZ device. The
Web server is placed on the new segment, along with other network infrastructure components and
servers that need to be externally accessible. In some configurations, the border router itself may act
as a basic firewall. Figure 8-1 illustrates an example of this simple DMZ using a router with access
control lists (ACL) to restrict certain types of network traffic to and from the DMZ.
Figure 8-

A single-firewall DMZ is a low-cost approach because the organization needs only to add a single
firewall and use its existing border router to provide protection to the DMZ. It is usually appropriate
only for small organizations that face a minimal threat. The basic weakness in the approach is that
although the router is able to protect against most network attacks, it is not aware of the Web server

application layer protocols (e.g., HTTP) and thus cannot protect against application layer attacks
aimed at the Web server. A superior approach is to add a second firewall between the Internet and the
DMZ, as shown in Figure 8-2.
Figure 8-2. Two-Firewall DMZ

A two-firewall DMZ configuration improves protection over a router-firewall DMZ

because the dedicated firewalls can have more complex and powerful security
rule sets. In addition, because a dedicated firewall is often able to analyze
incoming and outgoing HTTP traffic, it can detect and defend against application
layer attacks aimed at the Web server. Depending on the rule sets of the
firewalls and the level of traffic the DMZ receives, this type of DMZ may result in
some performance degradation.

Discuss basic data types available in javascript? (8) (nov-13)

Dynamic typing
JavaScript is a loosely typed or a dynamic language. That means you don't have to declare the
type of a variable ahead of time. The type will get determined automatically while the program
is being processed. That also means that you can have the same variable as different types:
var foo = 42; // foo is now a Number
var foo = "bar"; // foo is now a String
var foo = true; // foo is now a Boolean

Data types

o
o
o
o
o
o

Six data types that are primitives :

Boolean
Null
Undefined
Number
String
Symbol
and Object

Primitive values
All types except objects define immutable values (values, which are incapable of being
changed). For example and unlike to C, Strings are immutable. We refer to values of these
types as "primitive values".

Boolean type
Boolean represents a logical entity and can have two values: true, and false.

Null type
The Null type has exactly one value: null. See null and Null for more details.

Undefined type
A variable that has not been assigned a value has the value undefined.
See undefined and Undefinedfor more details.

Number type
According to the ECMAScript standard, there is only one number type: the double-precision
64-bit binary format IEEE 754 value (number between -(253 -1) and 253 -1). There is no
specific type for integers. In addition to being able to represent floating-point numbers, the
number type has three symbolic values: +Infinity, -Infinity, and NaN (not-a-number).
To check for larger or smaller values than +/-Infinity, you can use the
constants Number.MAX_VALUE or Number.MIN_VALUE and starting with ECMAScript 6, you
are also able to check if a number is in the double-precision floating-point number range
using Number.isSafeInteger() as well
asNumber.MAX_SAFE_INTEGER and Number.MIN_SAFE_INTEGER . Beyond this range,
numbers in JavaScript are not safe anymore.
The number type has only one integer that has two representations: 0 is represented as -0 and
+0. ("0" is an alias for +0). In the praxis, this has almost no impact. For example +0 ===
-0 is true. However, you are able to notice this when you divide by zero:
> 42 / +0
Infinity
> 42 / -0
-Infinity

Although a number often represents only its value, JavaScript provides some binary operators .
These can be used to represent several Boolean values within a single number using bit
masking. This is usually considered a bad practice, however, JavaScript offers no other means
to represent a set of Booleans (like an array of Booleans or an object with Boolean values
assigned to named properties). Bit masking also tends to make code more difficult to read,
understand, and maintain. It may be necessary to use such techniques in very constrained
environments, like when trying to cope with the storage limitation of local storage or in extreme
cases when each bit over the network counts. This technique should only be considered when
it is the last measure that can be taken to optimize size.

String type

JavaScript's String type is used to represent textual data. It is a set of "elements" of 16-bit
unsigned integer values. Each element in the String occupies a position in the String. The first
element is at index 0, the next at index 1, and so on. The length of a String is the number of
elements in it.
Unlike in languages like C, JavaScript strings are immutable. This means that once a string is
created, it is not possible to modify it. However, it is still possible to create another string based
on an operation on the original string. For example:

A substring of the original by picking individual letters or using String.substr() .

A concatenation of two strings using the concatenation operator ( +) or String.concat() .

Beware of "stringly-typing" your code!

It can be tempting to use strings to represent complex data. Doing this comes with short-term
benefits:

It is easy to build complex strings with concatenation.

Strings are easy to debug (what you see printed is always what is in the string).

Strings are the common denominator of a lot of APIs (input fields , local
storage values,XMLHttpRequest responses when using responseText, etc.) and it can be
tempting to only work with strings.
With conventions, it is possible to represent any data structure in a string. This does not make
it a good idea. For instance, with a separator, one could emulate a list (while a JavaScript array
would be more suitable). Unfortunately, when the separator is used in one of the "list"
elements, then, the list is broken. An escape character can be chosen, etc. All of this requires
conventions and creates an unnecessary maintenance burden.
Use strings for textual data. When representing complex data, parse strings and use the
appropriate abstraction.

Symbol type
Symbols are new to JavaScript in ECMAScript Edition 6. A Symbol is
a unique and immutable primitive value and may be used as the key of an Object property
(see below). In some programming languages, Symbols are called atoms. You can also
compare them to named enumerations (enum) in C. For more details see Symbol and
the Symbol object wrapper in JavaScript.

Objects
In computer science, an object is a value in memory which is possibly referenced by
an identifier.

Properties
In JavaScript, objects can be seen as a collection of properties. With the object literal syntax , a
limited set of properties are initialized; then properties can be added and removed. Property
values can be values of any type, including other objects, which enables building complex data

structures. Properties are identified using key values. A key value is either a String or a Symbol
value.
There are two types of object properties which have certain attributes: The data property and
the accessor property.

Data property
Associates a key with a value and has the following attributes:
Attributes of a data property
Attribute

Type

Description

[[Value]]

Any JavaScript The value retrieved by a get access of the

type
property.

[[Writable]]

Boolean

Default value
undefined

If false, the property's [[Value]] can't be changed. false

If true, the property will be enumerated

[[Enumerable]] Boolean

in for...in loops. See also Enumerability and

ownership of properties

false

If false, the property can't be deleted and

[[Configurable]] Boolean

attributes other than [[Value]] and [[Writable]]

false

can't be changed.
Obsolete attributes (as of ECMAScript 3, renamed in ECMAScript 5)
Attribute

Type

Description

Read-only

Boolean

Reversed state of the ES5 [[Writable]] attribute.

DontEnum Boolean

Reversed state of the ES5 [[Enumerable]] attribute.

DontDelete Boolean

Reversed state of the ES5 [[Configurable]] attribute.

Accessor property
Associates a key with one or two accessor functions (get and set) to retrieve or store a value
and has the following attributes:
Attributes of an accessor property
Description

Default

Attribute

Type

[[Get]]

The function is called with an empty argument list

Function object
and retrieves the property value whenever a get undefined
or undefined
access to the value is performed. See also get.

value

The function is called with an argument that

[[Set]]

Function object contains the assigned value and is executed

undefined
or undefined
whenever a specified property is attempted to be
changed. See also set.

[[Enumerable]] Boolean

[[Configurable]] Boolean

If true, the property will be enumerated

in for...in loops.
If false, the property can't be deleted and can't be
changed to a data property.

false

false

How to avoid getting computer virus

through e-mail
E-mail is one of the primary ways to exchange information among Internet users; it is also a
common method for spreading viruses. Below are some tips for avoiding viruses or passing
them on to others.

Beware of unexpected or unsolicited e-mail attachments

It is the attachment to the e-mail that contains the potential hazard. If the attachment came
from an unknown sender either unexpected or unsolicited, the best decision would be to
delete the e-mail without opening it. If the e-mail is from a known and trusted source, but did
not expect an attached file from that source, you may want to contact the sender to confirm
that the attachment is legitimate.

Avoid forwarding e-mail attachments unless you first scan the attachment for
viruses

If you have an anti-virus program that scans all incoming e-mail attachments, or if you can
scan the attachment after it arrives, then it is probably safe to forward the attachment.
Otherwise, do not forward the attachment.

Look for an unexpected file extension on any attachment

If the subject line or the body of an e-mail states that the attachment is a certain type of file or
the file icon implies a certain type of file and the file extension does not match, delete the
file.
If you trust the sender, contact that person to determine what you were supposed to have
received.

Back up your date files on a regular basis

In a worst case scenario, a virus may corrupt or destroy data on one or more files. Regular
backups will allow you to recover more easily in the event that a virus damages your files.

Data files will not carry viruses

A file that contains only data will not carry a virus since a virus has to have some kind of
executable code. For example, files ending with the extension .txt, .csv, .gif, .jpg, .mp3, .wav
are common data files that would not have executable code.
Files ending in .doc, .xls, .exe, and even .htm may have executable code and could potentially
carry a virus.

1: Install quality antivirus

Many computer users believe free antivirus applications, such as those included with an
Internet service provider's bundled service offering, are sufficient to protect a computer from
virus or spyware infection. However, such free anti-malware programs typically don't provide
adequate protection from the ever-growing list of threats.
Instead, all Windows users should install professional, business-grade antivirus software on
their PCs. Pro-grade antivirus programs update more frequently throughout the day (thereby
providing timely protection against fast-emerging vulnerabilities), protect against a wider
range of threats (such as rootkits), and enable additional protective features (such as custom
scans).

2: Install real-time anti-spyware protection

Many computer users mistakenly believe that a single antivirus program with integrated
spyware protection provides sufficient safeguards from adware and spyware. Others think
free anti-spyware applications, combined with an antivirus utility, deliver capable protection
from the skyrocketing number of spyware threats.
Unfortunately, that's just not the case. Most free anti-spyware programs do not provide realtime, or active, protection from adware, Trojan, and other spyware infections. While many
free programs can detect spyware threats once they've infected a system, typically
professional (or fully paid and licensed) anti-spyware programs are required to prevent
infections and fully remove those infections already present.

3: Keep anti-malware applications current

Antivirus and anti-spyware programs require regular signature and database updates. Without
these critical updates, anti-malware programs are unable to protect PCs from the latest
threats.
In early 2009, antivirus provider AVG released statistics revealing that a lot of serious
computer threats are secretive and fast-moving. Many of these infections are short-lived, but
they're estimated to infect as many as 100,000 to 300,000 new Web sites a day.

Computer users must keep their antivirus and anti-spyware applications up to date. All
Windows users must take measures to prevent license expiration, thereby ensuring that their
anti-malware programs stay current and continue providing protection against the most recent
threats. Those threats now spread with alarming speed, thanks to the popularity of such social
media sites as Twitter, Facebook, and My Space.

4: Perform daily scans

Occasionally, virus and spyware threats escape a system's active protective engines and infect
a system. The sheer number and volume of potential and new threats make it inevitable that
particularly inventive infections will outsmart security software. In other cases, users may
inadvertently instruct anti-malware software to allow a virus or spyware program to run.
Regardless of the infection source, enabling complete, daily scans of a system's entire hard
drive adds another layer of protection. These daily scans can be invaluable in detecting,
isolating, and removing infections that initially escape security software's attention.

5: Disable autorun
Many viruses work by attaching themselves to a drive and automatically installing
themselves on any other media connected to the system. As a result, connecting any network
drives, external hard disks, or even thumb drives to a system can result in the automatic
propagation of such threats.
Computer users can disable the Windows autorun feature by following Microsoft's
recommendations, which differ by operating system. Microsoft Knowledge Base articles
967715 and 967940 are frequently referenced for this purpose.

6: Disable image previews in Outlook

Simply receiving an infected Outlook e-mail message, one in which graphics code is used to
enable the virus' execution, can result in a virus infection. Prevent against automatic infection
by disabling image previews in Outlook.
By default, newer versions of Microsoft Outlook do not automatically display images. But if
you or another user has changed the default security settings, you can switch them back
(using Outlook 2007) by going to Tools | Trust Center, highlighting the Automatic Download
option, and selecting Don't Download Pictures Automatically In HTML E-Mail Messages Or
RSS.

7: Don't click on email links or attachments

It's a mantra most every Windows user has heard repeatedly: Don't click on email links or
attachments. Yet users frequently fail to heed the warning.
Whether distracted, trustful of friends or colleagues they know, or simply fooled by a crafty
email message, many users forget to be wary of links and attachments included within email
messages, regardless of the source. Simply clicking on an email link or attachment can,
within minutes, corrupt Windows, infect other machines, and destroy critical data.

Users should never click on email attachments without at least first scanning them for viruses
using a business-class anti-malware application. As for clicking on links, users should access
Web sites by opening a browser and manually navigating to the sites in question.

8: Surf smart
Many business-class anti-malware applications include browser plug-ins that help protect
against drive-by infections, phishing attacks (in which pages purport to serve one function
when in fact they try to steal personal, financial, or other sensitive information), and similar
exploits. Still others provide "link protection," in which Web links are checked against
databases of known-bad pages.
Whenever possible, these preventive features should be deployed and enabled. Unless the
plug-ins interfere with normal Web browsing, users should leave them enabled. The same is
true for automatic pop-up blockers, such as are included in Internet Explorer 8, Google's
toolbar, and other popular browser toolbars.
Regardless, users should never enter user account, personal, financial, or other sensitive
information on any Web page at which they haven't manually arrived. They should instead
open a Web browser, enter the address of the page they need to reach, and enter their
information that way, instead of clicking on a hyperlink and assuming the link has directed
them to the proper URL. Hyperlinks contained within an e-mail message often redirect users
to fraudulent, fake, or unauthorized Web sites. By entering Web addresses manually, users
can help ensure that they arrive at the actual page they intend.
But even manual entry isn't foolproof. Hence the justification for step 10: Deploy DNS
protection. More on that in a moment.

9: Use a hardware-based firewall

Technology professionals and others argue the benefits of software- versus hardware-based
firewalls. Often, users encounter trouble trying to share printers, access network resources,
and perform other tasks when deploying third-party software-based firewalls. As a result, I've
seen many cases where firewalls have simply been disabled altogether.
But a reliable firewall is indispensable, as it protects computers from a wide variety of
exploits, malicious network traffic, viruses, worms, and other vulnerabilities. Unfortunately,
by itself, the software-based firewall included with Windows isn't sufficient to protect
systems from the myriad robotic attacks affecting all Internet-connected systems. For this
reason, all PCs connected to the Internet should be secured behind a capable hardware-based
firewall.

10: Deploy DNS protection

Internet access introduces a wide variety of security risks. Among the most disconcerting may
be drive-by infections, in which users only need to visit a compromised Web page to infect
their own PCs (and potentially begin infecting those of customers, colleagues, and other
staff).

Another worry is Web sites that distribute infected programs, applications, and Trojan files.
Still another threat exists in the form of poisoned DNS attacks, whereby a compromised DNS
server directs you to an unauthorized Web server. These compromised DNS servers are
typically your ISP's systems, which usually translate friendly URLs such as yahoo.com to
numeric IP addresses like 69.147.114.224.
Users can protect themselves from all these threats by changing the way their computers
process DNS services. While a computer professional may be required to implement the
switch, OpenDNS offers free DNS services to protect users against common phishing,
spyware, and other Web-based hazards.
.How will you add audio and video in a web page? (7) Nov- 13

Sound Files
You can also link sound files to your web page. You can either
record your own sound file (using a program like SoundEdit--),
or link to a sound file at another web site
Example 1: This is a <a href="willkommen.au"> greeting</a> in
German!
Example 2: Another <a href="http://www.dfki.unisb.de/imedia/herzog/noise/willkommen.au"> German greeting!</a>

To find sounds in German to which you can link, go to the

following site
(http://de.altavista.com/searchaud?stype=saudio) and conduct a
search for the word or words you would like to include on your
page. We have to make sure that we have the appropriate plug-in
available to play the sound files!
The bgsound element is used to add background sounds to a webpage.
The properties are
as follows

1.
2.
3.
4.

src - URL
loop no of times the audio will play
balance balance b/w left & right speakers (-10000 to 10000)
volume volume of the audio clip (-10000 to 0)

Using <img> element dynsrc property we can add video files to a web
page by specifying
URL of video file to the dynsrc property, the other properties are

1. loop - no of times the video will play

2. start when the video should start playing
i.file open start playing when the page is loaded
ii. mouse over - start playing when the mouse is over the region
In its most basic form, adding a video player to your webpage with the
HTML5 video element is done with a single line of HTML. Add the controlsattribute, and

users can control the video playback. Other attributes enable you to set the source file,
add a placeholder image, or start playing the video automatically. Like most HTML
elements, you can use Cascading Style Sheets (CSS) to style and position the element.
The syntax for the HTML5 element is:
HTML
<video src="demo.mp4" controls autoplay >HTML5 Video is required for this
example</video>

For a single line of code, this example enables you to accomplish several things.
The src attribute points to the video file to play. The src attribute provides one of two
ways to specify content for the video element. To play your video, assign
the src attribute to the URL of a video file.
The controls attribute tells the browser to display the built-in playback controls. The
built-in controls can differ in function and look between browsers. At a minimum, you
should see Play and Pause controls, a progress bar or buttons that skip forward or
backward in the video, and a time counter. While a video is playing, the controls are
usually hidden and then reappear when the user hovers their mouse over the player.
Finally, the autoplay is a Boolean attribute that causes the video to play as soon as it
loads.

What attributes can I use with a video element?

The video element supports a number of attributes to control video playback and display.
This table highlights the basic video attributes. The Boolean attributes are considered
"true" by their presence and "false" by their absence as attributes of the video element.

Attrib
ute

Description

src

A string that represents a URL that points to a video file.

contro Boolean attribute that turns on a set of built-in playback controls. This
ls
typically includes play, pause, seek, and set volume. Internet Explorer 10
also displays a control for choosing multiple audio and text tracks.

poster A string that represents a placeholder image that is displayed in the

video player. The poster image is displayed only when a video isn't
available, either because the source isn't set at that point, or the content
is still loading.

loop

Boolean attribute that replays the video repeatedly until the pause
button on the controls is pressed, or the pause method is called from
script.

muted Boolean attribute that plays video with the audio track turned off.

autopl Boolean attribute that starts playing the video automatically after the
ay
player has enough content buffered.

preloa Boolean attribute that defines a hint to how much buffering is needed.
d

height Sets the height of the video player in pixels.

width

Sets the width of the video player in pixels.

Note If you set only one dimension of the video player, height for example, the video
player sizes the video to that dimension and scales the other dimension based on the
aspect ratio of the video content. If you set both dimensions to an aspect ratio that
doesn't match the video content, the player scales the closest dimension to fit, but it
maintains its aspect ratio. The video will be centered either horizontally or vertically with
blank space on either side.

This next example plays a video, displays a poster until content is loaded, repeatedly
plays a video with playback controls.
HTML
<video src="demo.mp4" controls autoplay loop muted preload="auto"
poster="demo.jpg" >
HTML5 Video is required for this example
</video>

What is a CGI Script? Why is PERT used for CGI? Explain how a CGI script
Is written and executed in PERL (15)

What Is CGI?

As you traverse the vast frontier of the World Wide Web, you will come across
documents that make you wonder, "How did they do this?" These documents could
consist of, among other things, forms that ask for feedback or registration
information, imagemaps that allow you to click on various parts of the image,
counters that display the number of users that accessed the document, and utilities
that allow you to search databases for particular information. In most cases, you'll
find that these effects were achieved using the Common Gateway Interface,
commonly known as CGI.
One of the Internet's worst-kept secrets is that CGI is remarkably simple. That is,
it's trivial in design, and anyone with an iota of programming experience can write
rudimentary scripts that work. It's only when your needs are more demanding that
you have to master the more complex workings of the Web. In a way, CGI is easy
the same way cooking is easy: anyone can toast a muffin or poach an egg. It's only
when you want a Hollandaise sauce that things start to get complicated.
CGI is the part of the Web server that can communicate with other programs
running on the server. With CGI, the Web server can call up a program, while
passing user-specific data to the program (such as what host the user is connecting
from, or input the user has supplied using HTML form syntax). The program then
processes that data and the server passes the program's response back to the Web
browser.
CGI isn't magic; it's just programming with some special types of input and a few
strict rules on program output. Everything in between is just programming. Of
course, there are special techniques that are particular to CGI, and that's what this
book is mostly about. But underlying it all is the simple model shown in Figure 1.1.
Figure 1.1: Simple diagram of CGI

What is a CGI Script? Why is PERT used for CGI? Explain how a CGI script
Is written and executed in PERL (15) Nov- 11

Each word in the acronym, "Common Gateway Interface," helps to understand the
interface:

Common - interacts with many different operating systems.

Gateway - provides users with a way to gain access to
different programs, like databases or picture generators.
Interface - uses a well-defined method to interact with a
web server.

CGI applications can perform nearly any task that your imagination can think up.
For example, you can create web pages on-the-fly, access databases, hold telnet
sessions, generate graphics, and compile statistics.
The basic concept behind CGI is pretty simple, however, actually creating CGI
applications is not. That requires real programming skills. You need to be able to
debug programs and make logical connections between one idea and another. You
also need to have the ability to visualize the application that you'd like to create.
This chapter and the next, "Form Processing," will get you started with CGI
programming. If you plan to create large applications, you might want to look at
Que's "Special Edition, Using CGI".
Why use Perl for CGI?
Perl is the de facto standard for CGI programming for a number of
reasons, but perhaps the most important are:

Socket Support - create programs that interface

seamlessly with Internet protocols. Your CGI program can
send a web page in response to a transaction and send a
series of email messages to inform interested people that
the transaction happened.
Pattern Matching - ideal for handling form data and
searching text.
Flexible Text Handling - no details to worry. The way that
Perl handles strings, in terms of memory allocation and
deallocation, fades into the background as you program. You
simply can ignore the details of concatenating, copying and
creating new strings.

The advantage of an interpreted language in CGI applications is its simplicity in

development, debugging and revision. By removing the compilation step, you and

I can move more quickly from task to task, without the frustration that can
sometimes arise from debugging compiled programs. Of course not any interpreted
language will do. Perl has the distinct advantage of having an extremely rich and
capable functionality.
Note : Give any eg program in PERL
Listing 19.1-19LST01.PL - A Very Small CGI Program

#!/usr/local/bin/perl -w
use strict;

print "Content-type: text/plain\n\n";

print "Hello, World.\n";

Write a program using CGI script to display current date and explain how CGI works.
May-15

(15)

This Perl CGI script will print the current date on a web page. The script can be
called using SSI. Example:
<!--#exec cgi="/cgi-bin/script.cgi"-->
Or:
<!--#include virtual="/cgi-bin/script.cgi"-->
The Perl CGI script below will print the day of the week and the month name as part
of the date. Example: Saturday, May 5, 2016

#!/usr/bin/perl
use strict;

print "Content-type:text/html\n\n";
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,
$isdst) = localtime;
my @weekday = qw(Sunday Monday Tuesday Wednesday
Thursday Friday Saturday);
my @month = qw(January February March April May
June July August September October November
December);
$year += 1900;
print "$weekday[$wday], $month[$mon] $mday, $year";
exit;

This Perl CGI script will print the date in m/d/y format. Change the output order and
delimiting characters to suit your own date format preferences. Example: 5/7/2016

#!/usr/bin/perl
use strict;
print "Content-type:text/html\n\n";
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,
$isdst) = localtime;
$year += 1900;
$mon++;
print "$mon/$mday/$year";

exit;

The output of this Perl CGI script is similar to the above except it will print the day
and month as two digits, prepended with a 0 (zero) if necessary. It will print the date
in mm/dd/yyyy format. Change the output order and delimiting characters to suit your
own date format preferences. Example: 05/07/2016

What is the Common Gateway Interface (CGI)?

The CGI connects Web servers to external applications.
CGI can do two things.
- It can gather information sent from a web browser to a web server,
and make the information available to an external program.
- CGI can send the output of a program to a Web browser that request it.

Advantages of CGI:
- Platform independence: Most web servers support CGI, including
Unix: Apache, Netscape, NCSA, and CERN
Windows NT: Netscape, Microsoft IIS, and OReilly WebSite
Macintosh: WebStar
- Language independence: (Perl, TCL, C, C++ Visual Basic, AppletScript,
Java)
- Scalability: The simplicity of the CGI interface means that it is extremely
scalable.

What is CGI and How Does it Work? May -15

CGI (Common Gateway Interface) is a standard way of running programs from a
Web server. Often, CGI programs are used to generate pages dynamically or to
perform some other action when someone fills out an HTML form and clicks the
submit button. Basically, CGI works like this:
A reader sends a URL that causes the server to use CGI to run a
program. The server passes input from the reader to the program
and output from the program back to the reader. CGI acts as a
"gateway" between the server and the program you write.
The program run by CGI can be any type of executable file on the server platform.
For example, you can use C, C++, Perl, Unix shell scripts, Fortran, or any other
compiled or interpreted language. You may want to use CGI for existing,
shareware, or freeware programs that use the standard CGI input, output, and
environment variables. Since CGI is a standard interface used by many Web
servers, there are lots of example programs and function libraries available on the
World Wide Web and by ftp. This chapter describes the interface and points you to
locations where you can download examples.
Here is a diagram of how a CGI program runs:

For example, suppose you have a form that lets people comment on your Web
pages. You want the comments emailed to you and you want to automatically
generate a page and send it back to your reader.
1. The reader fills out your form and clicks the "Submit" button.
The <FORM> tag in your page might look like this:
<FORM METHOD="POST" ACTION="/cgi-bin/myprog">

The METHOD controls how the information typed into the form is
passed to your program. It can be "GET" or "POST"
The ACTION determines which program should be run

Other ways for a reader to run a program are by providing a

direct link to the program without allowing the reader to
supply any variables through a form, or by using
the <ISINDEX> tag
When AOLserver gets a request for a URL that maps to a CGI
directory or a CGI file extension (as defined in the
configuration file), it starts a separate process and runs the
program within that process. The AOLserver also sets up a
number of environment variable within that process. These
environment variables include some standard CGI variables
and optionally any variables you define in the configuration
file for this type of program.
2. The program runs. The program can be any type of
executable program. For example, you can use C, C++, Perl,
Unix shell scripts, or Fortran.
In this example, the program takes the comments from the
form as input and sends them to you as email. If the form
method is "GET", it gets the input from an environment
variable. If the form method is "POST", it gets the input from
standard input. It also assembles a HTML page and sends it
to standard output Any information the program passes to
standard output is automatically sent to the AOLserver when
the program finishes running.
3. The server adds any header information needed to identify
the output and sends it back to the reader's browser, which
displays the output.

Note : These points are for disadvantages of CGI, if asked you write
otherwise you leave it
The limitation and problems of CGI
Problems:
- Performance
Every time a user requests a CGI script, the server must launch the
CGI program, which takes processor time.
When the CGI program is written in an interpreted language like Perl,
then the program must run the entire Perl interpreter, and compile

the program before it can be run, which takes even more processor time.
For busy web sites running complex applications, the performance
problem become critical issue.
- It is free. --> not easy to sell the web server products with free software.
- Not good to interact with database.(connecting issue)
- Not flexible or powerful to generate dynamic HTML pages.
Explain how XML parser works. Write a XML document for displaying the contact details
(address,e-mail, mobile no, etc)? (15) Nov 13
XML parser
It is a software library (or a package) that provides methods (or interfaces)
for client applications to work with XML documents
It checks the well-formattedness
It may validate the documents
It does a lot of other detailed things so that a client is shielded from that
complexities

DOM: Document Object Model

SAX: Simple API for XML
A DOM parser implements DOM API
A SAX parser implement SAX API
Most major parsers implement both DOM and SAX APIs

Dom Parsers
A DOM document is an object containing all the information of an XML
document
It is composed of a tree (DOM tree) of nodes , and various nodes that are
somehow associated with other nodes in the tree but are not themselves
part of the DOM tree
There are 12 types of nodes in a DOM Document object
Document node
Element node
Text node
Attribute node
Processing instruction node
.
Sample XML document ( here you have to give . Write a XML document for

displaying the contact details (address,e-mail, mobile no, etc))

<?xml version="1.0"?>
<?xml-stylesheet type="text/css" href=test.css"?>
<!-- It's an xml-stylesheet processing instruction. -->
<!DOCTYPE shapes SYSTEM shapes.dtd">
<shapes>

<squre color=BLUE>
<length> 20 </length>
</squre>

</shapes>

main features of DOM parsers

Advantage:
(1) It is good when random access to widely
separated parts of a document is required
(2) It supports both read and write operations

Disadvantage:
(1) It is memory inefficient
(2) It seems complicated, although not really
SAX parsers
It does not first create any internal structure
Client does not specify what methods to call
Client just overrides the methods of the API and place his own code inside
there
When the parser encounters start-tag, end-tag,etc., it thinks of them as
events
Advantage:
(1) It is simple
(2) It is memory efficient
(3) It works well in stream application
Disadvantage:
The data is broken into pieces and clients never have all the information as a
whole unless they create their own data structure

Explain about XML, Style sheet in brief (5) Nov-12

XML Style Sheets

XML focus on the content of the document and gives no clue on the appearance or
presentation. Style sheets can be used to provide styling information for displaying
XML documents. Different style sheets can be applied to the same XML document for
display on different platform or devices (desktop browser, PDA, mobile phone).
W3C has developed two style sheet standards, that can be used with XML
documents:

Cascading Style Sheet (CSS): originally used to support HTML, has been
extended to support XML.

XML Style Language (XSL): supports advanced styling for XML documents,
such as creating a table of contents. XSL is organized in two parts: XSLT (XSL
Transformation) and XSLFO (XSL Formatting Objects).

XSL Transformation (XSLT)

XSL Transformation (XSLT) is a text-based transformation process that merges a
textual XML source document with a XSL style sheet to procedure a target
document.

XSL Style Sheet

An
XSL
style
sheet
is
a
well-formed
XML
document.
The
root
element <xsl:stylesheet> declares two namespaces: xsl for the XSL vocabulary and
default for the target HTML (note: w3 and not w3c!), as follows:
<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet

xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns="http://www.w3.org/TR/REC-html40"
version="1.0">
......
</xsl:stylesheet>

The bulk of the style sheet is a list of XSL template for matching with the source
element and produce the target document. For example,
<xsl:template match="address-book/person">
<H2><xsl:apply-templates/></H2>
</xsl:template>

An XSL template consists of two parts:

A matching PATH in the match attribute, and

The action to be taken upon a successful match in the content of the

template.

Discuss on XML links in detail.

XML linking specification (XLL)

a link expresses a relationship between resources. A resource is any location (an
element identified with an ID or the content of a linking element, for example) that
is addressed in a link. The exact nature of the relationship between resources
depends on both the application that processes the link and semantic information
you supplied.
Some highlights of XLL are:

XLL gives you control over the semantics of the link.

XLL introduces Extended Links. Extended Links can involve more than two
resources.
XLL introduces Extended Pointers (XPointers). XPointers provide a
sophisticated method of locating resources.

Since XML does not have a fixed set of elements, the name of the element cannot
be used to locate links. Instead, XML processors identify links by recognizing
the XML-LINK attribute. Other attributes can be used to provide additional
information to the XML processor. An attribute renaming facility exists to work
around name collisions in existing applications.

Two of the attributes, SHOW and ACTUATE allow you to exert some control over the
linking behavior. The SHOW attribute determines whether the document linked-to is
embeded in the current document, replaces the current document, or is displayed in
a new window when the link is traversed.ACTUATE determines how the link is
traversed, either automatically or when selected by the user.
Some applications will require much finer control over linking behaviors. For
those applications, standard places are provided where the additional semantics
may be expressed.

Simple Links

A Simple Link strongly resembles an HTML A link:

<LINK XML-LINK="SIMPLE" HREF="locator">Link Text</LINK>

A Simple Link identifies a link between two resources, one of which is the content
of the linking element itself. This is an in-line link.
The locator identifies the other resource. The locator may be a URL, a query, or
an Extended Pointer.
Extended Links

Extended Links allow you to express relationships between more than two
resources:
<ELINK XML-LINK="EXTENDED" ROLE="ANNOTATION">
<LOCATOR XML-LINK="LOCATOR" HREF="text.loc">The Text</LOCATOR>
<LOCATOR XML-LINK="LOCATOR" HREF="annot1.loc">Annotations</LOCATOR>
<LOCATOR XML-LINK="LOCATOR" HREF="annot2.loc">More Annotations</LOCATOR>
<LOCATOR XML-LINK="LOCATOR" HREF="litcrit.loc">Literary Criticism</LOCATOR>
<ELINK>

This example shows how the relationships between a literary work, annotations,
and literary criticism of that work might be expressed. Note that this link is
separate from all of the resources involved. The semantics of extended links
depend on the application, but another example following the discussion of
Extended Pointers will demonstrate how extended links can be used to add links to
read-only resources.
Extended Links can be in-line, so that the content of the linking element other than
the locator elements, participates in the link as a resource, but that is not

necessarily the case. The example above is an out-of-line link because it does not
use its content as a resource.

Develop a program in XML to create three buttons and link them to a web page
(www.google.com),xml file (create_links.xml), and word document (market_planning.doc).
(15) - May -15

<!DOCTYPE html>
<html>
<body>

<a id="myAnchor">A Link: www.google.com </a>

<p>Click the button to create a "class" attribute with the value "www.google.com"
and insert it to the a element above.</p>

<button onclick="myFunction()">Try it</button>

<script>
function myFunction() {
var anchor = document.getElementById("myAnchor");
var att = document.createAttribute("href");
att.value = "http:// www.google.com ";
anchor.setAttributeNode(att);
}
</script>
<a id="myAnchor2">A Link: create_links.xml </a>

<p>Click the button to create a "class" attribute with the value " create_links.xml "
and insert it to the a element above.</p>

<button onclick="myFunction2()">Try it</button>

<script>
function myFunction2() {
var anchor = document.getElementById("myAnchor2");
var att = document.createAttribute("href");
att.value = "http:// create_links.xml ";
anchor.setAttributeNode(att);
}
</script>
<a id="myAnchor3">A Link: www. market_planning.doc </a>

<p>Click the button to create a "class" attribute with the value "www.
market_planning.doc " and insert it to the a element above.</p>

<button onclick="myFunction3()">Try it</button>

<script>
function myFunction3() {
var anchor = document.getElementById("myAnchor3");
var att = document.createAttribute("href");

att.value = "http:// market_planning.doc ";

anchor.setAttributeNode(att);
}
</script>

</body>
</html>

Before creating the attribute:

After inserting the attribute: