Your browser sends an HTTP request to the web server after you enter a URL into the browser and the browser looks up the IP address for the domain name entered.
The HTTP request line has the following form:
Two of the most common methods are GET requests and POST requests. A GET request sends its parameters via the URL (e.g. http://www.example.ca/page.html?var1=value1), while a POST request sends its parameters inthe request body, just under the headers (source).
The request line is followed by a number of headers, which provide information about the request. Headers have the form 'name: value'. The value can contain whitespace, however the name cannot. Some examples of headers are:
The server receives the HTTP request and processes it. This processing step involves server software deciding which request handler should be executed to handle this request.
A request handler is a program that reads the request and generates HTML for the response based on the information in the request.
After handling the HTTP request, the server sends an HTTP response to the browser. This response contains the HTML for the requested web page. The response looks very similar to the request.
The status line is the HTTP request line of the HTTP response. The status line has the form:
The status code is a three-digit integer that tells us whether or not the request was satisfied. The first digit (between 1 and 5) defines the class of the status code, where the following meanings are observed (source):
Like the request line, the status line is followed by a number of headers (e.g. Date, Server (analogous to user agent), Content-Type (e.g. text/html)).
There are two types of responses: static and dynamic. Examples of static responses are pre-written files and images. Dynamic responses are pages built dynamically on the fly by programs called web applications. Web applications live on a web server, speak HTTP, and generate the content that your browser requests.
The browser then renders the HTML contained in the response. This rendering starts before the browser has received the entire HTML document.
Web applications are notorious for taking practically any type of input, assuming that it's valid, and processing it further. Not validating input is one of the greatest mistakes that web application developers can make (source).
Input validation means verifying on the server side that we have received what we expected to receive. After checking the input, the form either points out that the user made an error, or assures that the provided data is accurate.
Malicious users can send parameters with arbitrary junk directly to our server, even if the forms on our page limit user input options (e.g. checkbox or dropdown list). This insertion of malformed data can confuse, crash, or make the web application divulge too much information to the attacker. It is important that our server validates input to diffuse these attacks and protect our information.
This page has detailed information on several types of input attacks and their consequences.
Input validation is important for user experience because it provides a medium for conversation with users and guides them through the difficult times of errors and uncertainty (source).
HTML escaping is also important for user experience to ensure that the visual structure of the web page is maintained.
Templates allow for the separation of HTML code from other code (e.g. Python code). This separation makes the code easier to read and maintain.
Templates allow for the modularization of code. Each part of the page (e.g. the head section, a common header/footer, and the body section) can be defined in separate sections and/or files. This modular approach allows programmers to avoid repetition. andrew_R from the Udacity discussion forum has a great anecdote for why templates are useful:
Templates are like an HTML page skeleton. As mentioned above, a template will define certain parts of the page. Other pages can then inherit or extend from that template. This allows the page to inherit everything that was defined in the template plus the content the page itself defines.
Inside of the template files, we can specify locations in the code that change the resulting HTML page depending on the variables we pass into the template. This feature allows us to 1) pass in lists of variable length using for or while loops and 2) use logical statements to pass in variables in some scenarios but not in others.
The name of the programming game is increasing productivity. Avoiding repetition by using templates is important because: