Ajax primer » Computer internet security  
Computer and internet security news
computer and networking security portal
 
|
|
|
News
|
Advertise
|
|
Products
|
Contact

Ajax primer



Tuesday, September 11, 2007, 1:03
This news item was posted in Ajax security category and has 0 Comments so far.

Regular web applications work on a synchronous model, where one web request is followed by a response that causes some action in the presentation layer. For example, clicking a link or the submit button makes a request to the web server with the relevant parameters. This traditional “click and wait” behavior limits the interactivity of the application. This problem has been mitigated by the use of Ajax (Asychronous Javascript and XML) technologies. For the purposes of this article, we will define Ajax as the method by which asynchronous calls are made to web servers without causing a full refresh of the webpage. This kind of interaction is made possible by three different components: a client-side scripting language, the XmlHttpRequest (XHR) object and XML.

Let’s briefly discuss these components individually. A client-side scripting language is used to initiate calls to the server and then used to programmatically access and update the DOM within the client’s browser, in response to the request. The most popular choice on the client is JavaScript because of its ubiquitous adoption by well-known browsers. The second component is the XHR object, which is really the heart of it all. Languages such as JavaScript use the XHR object to send requests to the web server behind the scenes, using HTTP as the transport medium. Then we have the third component, the use of which isn’t necessarily set in stone: XML is the data format for messages being exchanged.

Many sites use JSON (JavaScript Object Notation) in place of XML because it’s easier to parse and it has less overhead. When using JavaScript to parse JSON, it’s as simple as passing it to the eval() function. On the other hand, one might use XPath to parse the returned XML. Also, there are many “Ajax sites” out there which don’t use XML or JSON at all, and instead just send snippets of plain old HTML which are dynamically inserted into the page.

Related posts:

  1. Examining ASP.NET AJAX JavaScript source code
  2. Ajax security wholes
  3. Requirement for Ajax fingerprints and filtering
  4. Ajax and security trouble
  5. Ajax vulnerabilities
  6. How ajax is different

Related posts brought to you by Yet Another Related Posts Plugin.





Tagged with: , , ,

You can leave a response, or trackback from your own site.

Leave a Reply

XOR encryption is a trivially simple symmetric cipher
Cross site scripting




:::: Recent entries


 
Join My Community at MyBloglog!



My BlogCatalog BlogRank

Computers Blogs - Blog Top Sites