Client-side scripting allows web-based programs to run on a user’s computer, creating dynamic web pages based on user data. It is an alternative to server-side scripting, but has security implications due to the potential for code to access data on the user’s computer.
Client-side scripting is the process by which a web-based computer program runs on a user’s computer rather than on the computer hosting the website. Specifically, it runs via a type of program known as a script, which is managed by the browser User website. The primary reason for client-side scripting is to allow a web page to be created based on user data and options, rather than being a fixed page that always looks the same to all users.
The need for client-side scripting comes from the way web pages work. Originally, the pages were written in standard HTML and were known as static pages; that is, every computer, and in turn every user, has seen exactly the same page. This has made websites very limited in handling large data sets, such as a train timetable. With static pages, the only solution was to print the entire program and let the user look up the relevant details.
This problem has been solved with the development of dynamic web pages. These can adjust to suit a specific situation, such as if a user is looking for a journey between two stations within a specific time frame. The search result is displayed through a dynamic web page, which is automatically created for that query.
There are two ways to do the processing needed to generate the dynamic web page. Server-side scripting means that the computer hosting the website, known as the server, does all the work and then generates an HTML page to send to the user’s computer. One method of doing this is known as VBScript, which is why occasionally users may perform a search or other dynamic request on a website and retrieve a page listing a “VBScript database error”.
The second method, client-side scripting, involves embedding special code into the web page. The user’s web browser then uses this code to do the necessary processing, such as searching a behind-the-scenes database of the website and producing a page from the results. The best-known type of code used in this way is called Javascript.
The biggest disadvantage of client-side scripting is the security implications. In theory, the code could instruct the browser to perform all sorts of actions, including accessing data on the computer itself. Web browsers use a variety of security measures to prevent abuse, such as limiting code to access only the browser. Flaws in these security measures are a major source of opportunity for virus writers.
Protect your devices with Threat Protection by NordVPN