Durga js window objects api

[Saidurgasatturi]

Terms and Conditions

• I Accept losing points if my PR does not follow the best practices mentioned below, which will impact my overall performance in training

HTML Best Practices

• File Naming Convention:

• Follow consistent and descriptive naming (e.g., dashboard.html, user-profile.html).

• Use lowercase letters and hyphens instead of spaces.

• Page Title:

• Ensure the <title> tag is descriptive and aligns with the page content.

• Include meaningful keywords for SEO if applicable.

• Semantic Markup:

• Use appropriate tags like <header>, <footer>, <section>, <article> for better readability and accessibility.

• Accessibility Standards:

• Ensure the use of alt attributes for images and proper labels for form elements.

• Use ARIA roles where necessary.

• Validation:

• Ensure the code passes HTML validation tools without errors or warnings.

• Structure and Indentation:

• Maintain consistent indentation and proper nesting of tags.

• Attributes:

• Ensure all required attributes (e.g., src, href, type, etc.) are correctly used and not left empty.

CSS Best Practices

• File Organization:

• Use modular CSS files if applicable (e.g., base.css, layout.css, theme.css).

• Avoid inline styles unless absolutely necessary.

• Naming Conventions:

• Use meaningful class names following BEM or other conventions (e.g., block__element--modifier).

• Code Reusability:

• Avoid duplicate code; use classes or mixins for shared styles.

• Responsive Design:

• Ensure proper usage of media queries for mobile, tablet, and desktop views.

• Performance Optimization:

• Minimize the use of unnecessary CSS selectors.

• Avoid overly specific selectors and ensure selectors are not overly deep (e.g., avoid #id .class1 .class2 p).

• Consistency:

• Follow consistent spacing, indentation, and use of units (rem/em vs. px).

• Maintain a single coding style (e.g., always use double or single quotes consistently).

Javascript Best Practices

• File Organization:

• Ensure scripts are modular and logically separated into files if needed.

• Avoid mixing inline JavaScript with HTML.

• Logic Optimization:

• Check for redundancy and ensure the code is optimized for performance.

• Avoid unnecessary API calls or DOM manipulations.

• Solution Approach:

• Confirm that the code solves the given problem efficiently.

• Consider scalability for future enhancements.

• Readability:

• Use clear variable and function names.

• Add comments for complex logic or algorithms.

• Error Handling:

• Ensure proper error handling for API calls or user input validation.

• Code Quality:

• Check for potential bugs (e.g., missing await, mishandling of null/undefined values).

• Avoid unnecessary console.log statements in production code.

• Security:

• Avoid hardcoding sensitive data.

• Sanitize user input to prevent XSS and other vulnerabilities.

• Best Practices:

• Use const and let instead of var.

• Follow ES6+ standards where applicable.

[gemini-code-assist]

Summary of Changes

Hello @Saidurgasatturi, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly expands the codebase by adding a series of new assignments and examples designed to illustrate core client-side web development concepts. The primary focus is on practical applications of the JavaScript window object's diverse APIs, such as controlling browser navigation, querying window and screen dimensions, managing page scrolling, and implementing timers. Furthermore, it provides hands-on demonstrations of browser storage solutions like cookies, localStorage, and sessionStorage, alongside examples of cross-window communication using iframes. The PR also includes new CSS assignments that explore responsive design principles and animations, offering a well-rounded set of learning resources.

Highlights

• JavaScript Window Object APIs: Introduced multiple assignments demonstrating various functionalities of the JavaScript window object, including navigation, dimension retrieval, scrolling, and timer management.
• Browser Storage Mechanisms: Added examples for interacting with browser storage, specifically managing cookies via document.cookie and utilizing localStorage and sessionStorage.
• Cross-Window Communication: Implemented assignments showcasing inter-window communication using postMessage for parent-iframe and nested iframe scenarios.
• Browser Control: Included an assignment demonstrating how to programmatically open, resize, and close new browser windows using JavaScript.
• Advanced CSS Layouts and Animations: Added two CSS-focused assignments covering responsive layouts with flexbox and media queries, as well as CSS animations.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds a comprehensive set of assignments demonstrating various features of the browser's window object and storage APIs. The examples cover navigation, dimensions, scrolling, timers, cookies, local/session storage, and inter-window communication. My review focuses on improving code quality, security, and maintainability. Key areas for improvement include adhering to best practices by separating HTML, CSS, and JavaScript; enhancing user experience by replacing alert() calls with non-blocking UI feedback; fixing a critical bug in cookie parsing; and addressing significant security vulnerabilities in the use of postMessage by specifying target origins and verifying message origins.

[gemini-code-assist]

Security Vulnerability: Using "*" as the targetOrigin for postMessage is dangerous. You must specify the exact origin of the iframe to prevent malicious sites from intercepting your messages.

[gemini-code-assist]

Security Vulnerability: The onmessage handler must validate the sender's origin via event.origin. Without this check, your page is vulnerable to receiving and processing malicious data from any website.

[gemini-code-assist]

Security Risk: The onmessage handler is missing an origin check. You must verify event.origin to ensure that you are only processing messages from the expected parent window.

[gemini-code-assist]

Security Risk: postMessage is being used with a wildcard targetOrigin ("*"). This is unsafe. You should specify the exact origin of the top window to ensure messages are not exposed to other sites.

[gemini-code-assist]

Using "*" as the targetOrigin for postMessage is a significant security risk. It allows any website to listen for the message you're sending. You should always specify the exact origin of the window you intend to communicate with to prevent data from being intercepted by malicious sites.

[gemini-code-assist]

To follow best practices, CSS should be placed in external files rather than in an inline <style> block. This helps with code organization and reusability.

[gemini-code-assist]

This inline script should be extracted into its own .js file to maintain a clean separation between your page's structure (HTML) and its behavior (JavaScript).

[gemini-code-assist]

Using inline onclick attributes mixes HTML structure with JavaScript logic, which goes against modern web development best practices and the guidelines in your PR description. It's better to attach event listeners in your JavaScript file using addEventListener. This improves separation of concerns and makes the code easier to maintain.

[gemini-code-assist]

The CSS for this page is embedded within a <style> tag in the HTML file. According to the best practices outlined in the PR description, it's better to move CSS to external files. This improves code organization, reusability, and maintainability by separating concerns.

[gemini-code-assist]

Using a global variable (newWindow) can lead to issues in larger applications, such as naming conflicts. It's a better practice to encapsulate state within a module or an object to avoid polluting the global scope.