Comments on: AJAX Without XML HTTP Requests http://blog.softlayer.com/2011/ajax-without-xml-http-requests/ A Behind the Scenes Look at the Best Hosting Provider in the World Mon, 20 May 2013 22:26:24 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: Kevin http://blog.softlayer.com/2011/ajax-without-xml-http-requests/comment-page-1/#comment-27216 Kevin Mon, 25 Jul 2011 17:19:24 +0000 http://blog.softlayer.com/2011/#comment-27216 I see JSON as better for small amounts of data, like cookies or scripts, and XML for larger amounts of data, like fully fledged documents. If I were to make a blog site, I would save the actual blogs in XML or XHTML, that way I could include a bit of formatting in the blog itself, for comments on the blog or forum posts I would be more apt to using JSON. I feel that most APIs run better in JSON or JSONP, because you are usually receiving small snipets of data saved as variables, rather than full documents. Another advantage of JSON is that the format is naturally compatible with the browser, there is no need to translate the information client-side. I see JSON as better for small amounts of data, like cookies or scripts, and XML for larger amounts of data, like fully fledged documents. If I were to make a blog site, I would save the actual blogs in XML or XHTML, that way I could include a bit of formatting in the blog itself, for comments on the blog or forum posts I would be more apt to using JSON. I feel that most APIs run better in JSON or JSONP, because you are usually receiving small snipets of data saved as variables, rather than full documents. Another advantage of JSON is that the format is naturally compatible with the browser, there is no need to translate the information client-side.

]]> By: michael http://blog.softlayer.com/2011/ajax-without-xml-http-requests/comment-page-1/#comment-27042 michael Tue, 05 Jul 2011 13:14:11 +0000 http://blog.softlayer.com/2011/#comment-27042 It will be interesting to see how the battle between JSON and XML will play out as the defacto choice for web serices, I noticed twitter and Amazon have migrated their API's from xml to json as well, mainly because xml is so bloated. It will be interesting to see how the battle between JSON and XML will play out as the defacto choice for web serices, I noticed twitter and Amazon have migrated their API’s from xml to json as well, mainly because xml is so bloated.

]]> By: Kevin http://blog.softlayer.com/2011/ajax-without-xml-http-requests/comment-page-1/#comment-12904 Kevin Mon, 31 Jan 2011 15:29:26 +0000 http://blog.softlayer.com/2011/#comment-12904 This method is commonly used with JSON data, and is called "Script Injection" or "JSON Injection" or "JSONP". See this wikipedia for more information: http://en.wikipedia.org/wiki/JSON#JSONP This method is commonly used with JSON data, and is called “Script Injection” or “JSON Injection” or “JSONP”. See this wikipedia for more information: http://en.wikipedia.org/wiki/JSON#JSONP

]]> By: Kevin http://blog.softlayer.com/2011/ajax-without-xml-http-requests/comment-page-1/#comment-12612 Kevin Fri, 28 Jan 2011 20:41:47 +0000 http://blog.softlayer.com/2011/#comment-12612 I agree, this method is not for sending secure data, but I think it does have some place in your web programming arsenal. Think of it as a remote procedure call. The client requests information from a remote server using the GET method, this information is stored in a cookie and can be accessed by any program that knows how to process them. The remote server can then respond with data which can be parsed by JavaScript once received. I agree, this method is not for sending secure data, but I think it does have some place in your web programming arsenal. Think of it as a remote procedure call. The client requests information from a remote server using the GET method, this information is stored in a cookie and can be accessed by any program that knows how to process them. The remote server can then respond with data which can be parsed by JavaScript once received.

]]> By: George http://blog.softlayer.com/2011/ajax-without-xml-http-requests/comment-page-1/#comment-11722 George Wed, 19 Jan 2011 20:12:15 +0000 http://blog.softlayer.com/2011/#comment-11722 If we're talking about viable best-practice alternatives to XmlHttpRequest(), I'd like to suggest the jQuery javascript library, and specifically jQuery ajax: http://api.jquery.com/jQuery.ajax/. It acts as a wrapper for XmlHttpRequest() and can handle a variety of usage scenarios with various data types. My personal favorite is JSON, which is more lightweight and human-readable than xml. Passing variables or data via the querystring in the URL is standard practice for GET requests, but represents a security risk when transmitting sensitive information. Since the script is hitting a URL, that hit would be recorded on a webserver's access logs, so by extension, any data in the query string would also get recorded. This is not a big deal if the data is something like a record ID, but could be a big deal if transmitting data like passwords, bank accounts, ssn's etc. The proper way to send data in these scenarios is to use a POST request instead, which jQuery can handle. To my knowledge, there is no way to initiate an HTTP POST with the above approach. I would not recommend placing javascript code in a server-side script in this fashion because it is a poor separation of concerns with regards to code maintainability. Most web developers expect to both find and work with javascript on the client side of things. As a practical example, suppose the above script is more complicated than simply changing the HTML string of a particular DOM element. A sufficiently complicated script will take time to develop and debug properly, and this process would be made unnecessarily more complicated by having the code reside on a server-side script. My recommendation would be to keep all client code defined on the client side, and have the server scripts do only what they are required to do--in this case, to return a string based on an input string. Then, the client side parses the return data and acts accordingly. If we’re talking about viable best-practice alternatives to XmlHttpRequest(), I’d like to suggest the jQuery javascript library, and specifically jQuery ajax: http://api.jquery.com/jQuery.ajax/. It acts as a wrapper for XmlHttpRequest() and can handle a variety of usage scenarios with various data types. My personal favorite is JSON, which is more lightweight and human-readable than xml.

Passing variables or data via the querystring in the URL is standard practice for GET requests, but represents a security risk when transmitting sensitive information. Since the script is hitting a URL, that hit would be recorded on a webserver’s access logs, so by extension, any data in the query string would also get recorded. This is not a big deal if the data is something like a record ID, but could be a big deal if transmitting data like passwords, bank accounts, ssn’s etc. The proper way to send data in these scenarios is to use a POST request instead, which jQuery can handle. To my knowledge, there is no way to initiate an HTTP POST with the above approach.

I would not recommend placing javascript code in a server-side script in this fashion because it is a poor separation of concerns with regards to code maintainability. Most web developers expect to both find and work with javascript on the client side of things. As a practical example, suppose the above script is more complicated than simply changing the HTML string of a particular DOM element. A sufficiently complicated script will take time to develop and debug properly, and this process would be made unnecessarily more complicated by having the code reside on a server-side script. My recommendation would be to keep all client code defined on the client side, and have the server scripts do only what they are required to do–in this case, to return a string based on an input string. Then, the client side parses the return data and acts accordingly.

]]>