Tuesday, April 3rd, 2007
Category: JSON, Remoting
, Security
Ajax pioneer Brent Ashley has written a Developerworks article about making Ajax mashup secure. It looks at where it’s at today and where it’s all headed. He begins by surveying current techniques for calling external servers, such as the popular On-Demand Javascript technique. This has well-known security issues. The scalability benefit of the <script> tag Read the rest…
Thursday, March 15th, 2007
Category: JavaScript, Library
, Remoting
UED is a tiny library that takes a hash and converts it into a URL. Instead of passing a JSON string, for example, you could just construct a URL containing the transfer object. Update: I should mention that this is more about the format than the library…UED is a proposal for a standard way to Read the rest…
Wednesday, January 31st, 2007
Category: JavaScript, Programming
, Remoting
Plaxo’s Joseph Smarr has been playing with on-demand javascript, i.e. downloading extra JS code after the page has already loaded. When you grab the code via a remote call and eval() it, it doesn’t get into global scope. So here’s how he dealt with it. Here’s a simplified version of the situation we faced: function Read the rest…
Tuesday, November 7th, 2006
Category: Books, Editorial
, Remoting
, Security
, Testing
, The Ajax Experience
Often when you hear discussions regarding Ajax and security, its said that the issues remain the same as they were ten years ago: don’t trust user input, don’t expose sensitive data without encryption, code for security from day one, never display system errors messages, etc. While that is all true and good, one thing I Read the rest…
Friday, August 25th, 2006
Category: Ajax, Books
, Google
, Remoting
Dave Thomas over at the Pragmatic Programmer let us know about a new Friday (i.e., short book that can be read entirely in a Friday afternoon) that they’ve published: Google Web Toolkit, by Ed Burnette. Dave was kind enough to provide us with an excerpt for distribution to our readers: Chapter 5 — Remote Procedure Read the rest…
Thursday, July 13th, 2006
Comet is mostly considered a server-to-browser thing, but how about a permanent connection in the opposite direction, from browser to server? I’ve been talking about this on my blog and received some interesting thoughts from Alex Russell. There are two key issues: (1) Server needs to start outputting before incoming request is finished. With a Read the rest…
Friday, July 7th, 2006
A new PHP component by Adnan Siddiqi accepts a MySQL result set and converts it into a JSON message. MySQL To JSON: This class can be used to convert data from MySQL query results into a JavaScript expression in JavaScript Object Notation. It takes a MySQL query result handle and retrieves the query result column Read the rest…
Thursday, June 22nd, 2006
Category: Remoting, Scriptaculous
, Toolkit
, Yahoo!
Cheng Guangnan reports on a potential issue with the autocompletion/suggestion support offered by both Yahoo UI and Scriptaculous libraries. The problem involves parallel calls – there’s the potential for an initial list of suggestions to be displayed after a subequent list. His screencasts show what’s going on. 1. “2006†is typed. 2. A request of Read the rest…
Tuesday, June 13th, 2006
“A” may stand for Asynchronous, but PPK recently asked his readers if people are really exploiting the asynchronous nature of Ajax. Are there really situations where the user can do something while a request takes place? For instance, GMail makes an asynchronous call to grab some mail data – do you actually play around with Read the rest…
Wednesday, May 24th, 2006
Category: Comet, Java
, Remoting
More and more, Ajax apps are using various techniques to keep content fresh in the browser. Essentially, we’re talking about reversing the usual communication flow- the server notices something’s happened, and wants to tell the browser about it. Server “calls” browser, not browser calls server. The popular Java Ajax framework, DWR, recently released milestone 2 Read the rest…
Monday, April 17th, 2006
King Ping provides a similar service to sites like Ping-O-Matic, which accept a blog URL and notify sites like Technorati that an update has occurred. Not everyone needs these services anymore as the process is often automated, but for those who do, King Ping gives you a nice Ajax interface for it. The application uses Read the rest…
Wednesday, April 12th, 2006
Some of you will be familiar with TheDailyWTF.com, a website showcasing code in the wild that is, well, less than professional. A recent forum item illustrates the ultimate Ajax antipattern: uploading arbitrary code to be executed on the server. Gustavo Carvalho discovered what happens when XMLHttpRequest and the Eval() function in PHP are combined. I’ll Read the rest…
Saturday, March 11th, 2006
Category: JavaScript, Remoting
Douglas Crockford, creator of JSON, has proposed that browsers include a new “JSONRequest” service to allow for safe cross-domain calls. JSONRequest is a service which encodes a JavaScript value as a JSON text, does an HTTP POST of that text, gets the response, and parses the response into a JavaScript value. If the parse was Read the rest…
Wednesday, March 8th, 2006
Category: Comet, Programming
, Remoting
Alex Russell has posted slides for his ETech presentation on Comet. Comet (which we mentioned the other day) is Alex’s new term for push-style server-to-browser communication. ETech Comet Presentation – PDF Version ETech Comet Presentation – Flash Version The presentation motivates Comet largely in terms of social and multi-user concerns, before moving onto the nuts Read the rest…
Saturday, March 4th, 2006
Category: Comet, Dojo
, Programming
, Remoting
Alex Russell has coined a term for a flavour of Ajax that’s been getting more attention of late. Comet describes applications where the server keeps pushing – or streaming – data to the client, instead of having the browser keep polling the server for fresh content. Alex identifies several buzzworthy examples: GMail’s GTalk integration Jot Read the rest…
Wednesday, February 15th, 2006
Category: JavaScript, Remoting
Like it or not, there’s plenty of people who want to do cross-domain remoting. The typical technique is via script tags, and since this means the response must be valid Javascript, JSON is usually the message format. But what if you want to grab some XML instead of a JSON-formatted object? Dave Johnson explains how Read the rest…
In Episode 25, we chat about IE 8, standards, Acid3, server side JavaScript, and more.
