Where are the arguments for a GET request placed? What about the arguments for a POST request?
For a GET request: the parameters in the URL.
For a POST request: in the body of the HTTP request.
Webpage Elements
(True/False) The web server sends HTML, CSS, and Javascript to the browser using HTTP.
True. HTTP is the networking protocol that lets the browser send and receive data from the web server.
HTML, CSS, and Javascript are data formats that the browser interprets to display a webpage to the user (see the next video for more details). You could use HTTP to send unformatted text files if you wanted, but HTML, CSS, and Javascript are file formats that make webpages look nicer.
Webpage Rendering
Javascript
(True/False) Javascript code is executed on the web server.
False. Javascript is executed in your browser.
Frames
Is there an example of a frame anywhere on this webpage? What does frame isolation mean for the frame(s) on this webpage?
The Youtube lecture videos are embedded using frames. Frame isolation means that CS161 course staff can’t change what the Youtube frame displays, and the Youtube frame can’t change the outer CS161 page.
Intro to Web Security
Does TLS/HTTPS guarantee confidentiality and integrity of your computer or your information on other websites?
No. TLS/HTTPS is end-to-end secure, which means that it guarantees confidentiality and integrity between you and the web server. However, it doesn’t do anything to protect you against a malicious web server.
Same-Origin Policy
(True/False) Suppose https://wikipedia.org loads a child frame https://google.com. Under the same-origin policy, the parent frame can modify the contents of the child frame.
False. The child frame still has the origin of https://google.com, which is not the same origin as https://wikipedia.org.
CS 161 Summer 2021