AJAX: Rich Internet Applications

Similar documents
Developing Ajax Web Apps with GWT. Session I

AJAX ASYNCHRONOUS JAVASCRIPT AND XML. Laura Farinetti - DAUIN

Lesson 12: JavaScript and AJAX

,

An Introduction to AJAX. By : I. Moamin Abughazaleh

10.1 Overview of Ajax

Part of this connection identifies how the response can / should be provided to the client code via the use of a callback routine.

Introduction to Ajax. Sang Shin Java Technology Architect Sun Microsystems, Inc.

Credits: Some of the slides are based on material adapted from

Term Paper. P r o f. D r. E d u a r d H e i n d l. H o c h s c h u l e F u r t w a n g e n U n i v e r s i t y. P r e s e n t e d T o :

ASP.NET AJAX adds Asynchronous JavaScript and XML. ASP.NET AJAX was up until the fall of 2006 was known by the code-known of Atlas.

Web 2.0 Käyttöliittymätekniikat

2/6/2012. Rich Internet Applications. What is Ajax? Defining AJAX. Asynchronous JavaScript and XML Term coined in 2005 by Jesse James Garrett

CITS1231 Web Technologies. Ajax and Web 2.0 Turning clunky website into interactive mashups


A.A. 2008/09. What is Ajax?

AJAX. Lab. de Bases de Dados e Aplicações Web MIEIC, FEUP 2010/11. Sérgio Nunes

Web 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007

XMLHttpRequest. CS144: Web Applications

AJAX. Introduction. AJAX: Asynchronous JavaScript and XML


Tooling for Ajax-Based Development. Craig R. McClanahan Senior Staff Engineer Sun Microsystems, Inc.

Using Development Tools to Examine Webpages

Ajax HTML5 Cookies. Sessions 1A and 1B

AJAX Workshop. Karen A. Coombs University of Houston Libraries Jason A. Clark Montana State University Libraries

8/19/2018. Web Development & Design Foundations with HTML5. Learning Objectives (1 of 2) Learning Objectives (2 of 2) What is JavaScript?

Outline. AJAX for Libraries. Jason A. Clark Head of Digital Access and Web Services Montana State University Libraries

AJAX Basics. Welcome to AJAX Basics presentation. My name is Sang Shin. I am Java technology architect and evangelist from Sun Microsystems.

Module7: AJAX. Click, wait, and refresh user interaction. Synchronous request/response communication model. Page-driven: Workflow is based on pages

AJAX and PHP AJAX. Christian Wenz,

Fall Semester (081) Module7: AJAX

Web 2.0, AJAX and RIAs

Web Application with AJAX. Kateb, Faris; Ahmed, Mohammed; Alzahrani, Omar. University of Colorado, Colorado Springs

Web Development & Design Foundations with HTML5, 8 th Edition Instructor Materials Chapter 14 Test Bank

AJAX: From the Client-side with JavaScript, Back to the Server

Programming for Digital Media. Lecture 7 JavaScript By: A. Mousavi and P. Broomhead SERG, School of Engineering Design, Brunel University, UK

HTML 5 and CSS 3, Illustrated Complete. Unit L: Programming Web Pages with JavaScript

CNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies

Contents. Demos folder: Demos\14-Ajax. 1. Overview of Ajax. 2. Using Ajax directly. 3. jquery and Ajax. 4. Consuming RESTful services

Chapter 10 Web-based Information Systems

AJAX Programming Overview. Introduction. Overview

Browser code isolation

THE NEW ERA OF WEB DEVELOPMENT. qooxdoo. Andreas Ecker, Derrell Lipman

Ajax. Ronald J. Glotzbach

JSON is a light-weight alternative to XML for data-interchange JSON = JavaScript Object Notation

RKN 2015 Application Layer Short Summary

Copyright Descriptor Systems, Course materials may not be reproduced in whole or in part without prior written consent of Joel Barnum

GRITS AJAX & GWT. Trey Roby. GRITS 5/14/09 Roby - 1

Web 2.0 and Security

INDEX SYMBOLS See also

8/19/2018. Web Development & Design Foundations with HTML5. Learning Objectives (1 of 2) Learning Objectives (2 of 2) Helper Applications & Plug-Ins

Web 2.0 Attacks Explained

User Interaction: jquery

Introduction to AJAX Bringing Interactivity & Intuitiveness Into Web Applications. By : Bhanwar Gupta SD-Team-Member Jsoft Solutions

COPYRIGHTED MATERIAL. Part I: Getting Started. Chapter 1: Introducing Flex 2.0. Chapter 2: Introducing Flex Builder 2.0. Chapter 3: Flex 2.

Ajax- XMLHttpResponse. Returns a value such as ArrayBuffer, Blob, Document, JavaScript object, or a DOMString, based on the value of

Networking & The Web. HCID 520 User Interface Software & Technology

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

Rico AjaxEngine Tutorial

Web Security, Summer Term 2012

Web Security, Summer Term 2012

dotnettips.com 2009 David McCarter 1

AJAX Programming Chris Seddon

IBM JZOS Meets Web 2.0

Information Security CS 526 Topic 8

Lecture 17 Browser Security. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422

Working with Javascript Building Responsive Library apps

Group 1. SAJAX: The Road to Secure and Efficient Applications. - Final Project Report -

CSC Javascript

COMET, HTML5 WEBSOCKETS OVERVIEW OF WEB BASED SERVER PUSH TECHNOLOGIES. Comet HTML5 WebSockets. Peter R. Egli INDIGOO.COM. indigoo.com. 1/18 Rev. 2.

Ajax. David Matuszek's presentation,

COURSE OUTLINE MOC 20480: PROGRAMMING IN HTML5 WITH JAVASCRIPT AND CSS3

Project 3 Web Security Part 1. Outline

Abstract. 1. Introduction. 2. AJAX overview

JSON as an XML Alternative. JSON is a light-weight alternative to XML for datainterchange

REST AND AJAX. Introduction. Module 13

Attacking Web2.0. Daiki Fukumori Secure Sky Technology Inc.

AJAX(Asynchronous Javascript + XML) Creating client-side dynamic Web pages

CSC309: Introduction to Web Programming. Lecture 11

Like It Or Not Web Applications and Mashups Will Be Hot

TIME SCHEDULE MODULE TOPICS PERIODS. HTML Document Object Model (DOM) and javascript Object Notation (JSON)

JavaScript Programming

Web Programming. Lecture 11. University of Toronto

ThingLink User Guide. Andy Chen Eric Ouyang Giovanni Tenorio Ashton Yon

Web Programming Step by Step

Module 5 JavaScript, AJAX, and jquery. Module 5. Module 5 Contains 2 components

Introduction Haim Michael. All Rights Reserved.

s642 web security computer security adam everspaugh

Module 5 JavaScript, AJAX, and jquery. Module 5. Module 5 Contains an Individual and Group component

RIA Security - Broken By Design. Joonas Lehtinen IT Mill - CEO

It is highly recommended that you are familiar with HTML and JavaScript before attempting this tutorial.

Information Security CS 526 Topic 11

Working with Database. Client-server sides AJAX JSON Data formats Working with JSON data Request Response Bytes Database

Acknowledgments... xix

REST. Web-based APIs

Etanova Enterprise Solutions

JavaScript Specialist v2.0 Exam 1D0-735

Discussion #4 CSS VS XSLT. Multiple stylesheet types with cascading priorities. One stylesheet type

Computer Security CS 426 Lecture 41

Building Mashups Using the ArcGIS APIs for FLEX and JavaScript. Shannon Brown Lee Bock

Transcription:

AJAX: Rich Internet Applications Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming AJAX Slide 1/27

Outline Rich Internet Applications AJAX AJAX example Conclusion More AJAX Search engine APIs Web Programming AJAX Slide 2/27

Rich Internet Applications A combination of desktop and web applications. Easy to install on the client (just needs browser). Client engine; fat client. Operating system neutral. Asynchronous communication (reload without refresh). Reduced server-client communication. Might even work off-line. (The term Rich Internet Applications was coined by Macromedia in 2002.) Web Programming AJAX Slide 3/27

Examples Google Maps: adjacent maps are pre-fetched. Microsoft Silverlight: programmable plugin for graphics, audio, video. Curl: web programming language uses Curl runtime environment plugin (not to be confused with curl). Adobe Flex: based on Flash and J2EE. JavaFX (Sun Microsystems). Google Web Toolkit: produces AJAX applications from Java code. Browser-based operating systems (EyeOS, G.ho.st,, etc). Web Programming AJAX Slide 4/27

Older similar technologies Remote Scripting (Microsoft, since 1998) Rich web applications/clients Java Applets DHTML: HTML + JavaScript + CSS + DOM; changes content after the page has loaded; eg. rollover buttons, drop-down menus Adobe Flash Web Programming AJAX Slide 5/27

Shortcomings of Rich Internet Applications Network traffic can increase if too much data is pre-fetched. Initial download time can be long. Requires JavaScript (might be disabled, might be slow). Sandboxing : incomplete access to system resources. Traditional http-based network monitoring techniques don t work, because of the asynchronous requests. Web Programming AJAX Slide 6/27

What is AJAX AJAX: Asynchronous JavaScript And XML Used for creating interactive web applications or rich Internet applications. Update pages on the fly. Retrieve data from the server asynchronously in the background. The term AJAX was coined by Jesse J. Garrett in 2005. Possible since 1997 (IFrame in IE and Layers in Netscape). Web Programming AJAX Slide 7/27

What is AJAX NOT AJAX is not... a programming language; a server technology. Because it uses standard programming languages and browser technologies. Web Programming AJAX Slide 8/27

Technologies used XHTML and CSS for presentation DOM for dynamic display of and interaction with data XML and XSLT or JSON etc for interchange and manipulation of data XMLHttpRequest object or IFrames etc for asynchronous communication JavaScript or VBScript etc to bring these technologies together Web Programming AJAX Slide 9/27

How does it work: User triggers an HTML event, such as onclick or onmouseover. JavaScript sends HTTP request to server. Server supplies a file (XML, HTML or text) as normal. JavaScript in the current page selects part of the file for display. JavaScript statement displays the selected part. Web Programming AJAX Slide 10/27

Pros and cons of AJAX Pros: Increase speed, reduce bandwidth. More interactivity. More complex applications (e.g. email clients) Cons: Browser s back button and bookmarking may not work. Not indexed by search engines. Accessibility issues: people who use screen readers and other specialist browsers may not be able to access the content. Will not work if JavaScript disabled. Even more possibilities for errors, browser incompatibility etc. Web Programming AJAX Slide 11/27

The XMLHttpRequest (XHR) API For example: var request = new XMLHttpRequest() request.open("get",url,true) request.send(null) request.onreadystatechange=statechanged() function statechanged() { if (request.readystate == 4) { alert(request.responsetext) } } Web Programming AJAX Slide 12/27

The XMLHttpRequest Methods request = new XMLHttpRequest() : defines new request object request.open( GET,url,true) : true means asynchronous, don t wait for send request.send(null) : send the request request.onreadystatechange : defines the event handler request.readystate : 4 means finished request.responsetext : the response as a string request.responsexml : the response as XML Web Programming AJAX Slide 13/27

Combining with DOM If the response is returned as XML, DOM can be used to extract content: xmldoc = request.responsexml; node = xmldoc.getelementsbytagname(... ).item(0); alert(node.firstchild.data); Web Programming AJAX Slide 14/27

What can JavaScript do with the content? This code shows how replace this is replaced by value when the user clicks (without refreshing the page): <span id= n >replace this</span> onclick="document.getelementbyid( n ).innerhtml= value " For AJAX, the document.getelementbyid... can be placed into the onreadystatechange Event Handler. Web Programming AJAX Slide 15/27

Other means of sending content Apart from sending content as XML, it can also be sent using JSON (JavaScript Object Notation): { "Name": "John Doe", "Age": "25", "address": { "streetaddress": "10 Colinton Road", "postalcode": "EH10 5DT", "city": "Edinburgh" } } Web Programming AJAX Slide 16/27

XML versus JSON XML has more features (validation, many tools and predefined formats). JSON is simpler, smaller, easier to parse. It is supported by other languages (for example, PHP) as well. Web Programming AJAX Slide 17/27

Security: Server-side Transmitting data between client and server always implies security risks! On the server-side: this is mostly the normal security problem. The usual checks for POST/GET data and Query Strings must be performed. If databases are involved, then the requests need to be checked for SQL injection and so on. Web Programming AJAX Slide 18/27

Security: Client-side On the client-side: this depends on the security of JavaScript. Using eval() for parsing JSON is dangerous. There is a danger of cross-site request forgery, etc. If third party advertisements are inserted in a page, then no single developer is in charge of the code. Unfortunately, the user is not in control of the code. The user only has a choice of turning JavaScript on or off and making sure that the latest browser version is installed. Web Programming AJAX Slide 19/27

Summary: JavaScript allows replacing content without refreshing the page (for example, using the <span> tag). The XMLHttpRequest API facilitates retrieving content from server-side files or remote websites. The XMLHttpRequest methods can run in separate threads, without stopping the script asynchronous requests. The requested website can be a server-side script which might access databases or other complex functionality. Complex content can be sent as XML (processed by DOM) or as JSON. Web Programming AJAX Slide 20/27

Javascript development tools In order to develop and debug complicated Javascript (including remote scripts, AJAX, etc), one should use tools: Firefox: Firebug, Web Developer Extension Internet Explorer Developer Toolbar, Visual Web Developer 2008 Express Edition, Visual Studio Safari: Web Inspector Opera: Dragonfly Web Programming AJAX Slide 21/27

Remote content The XMLHttpRequest API allows to include remote content in Javascript. This uses the HTTP protocol and is used for data. Other possibilities: include remote Javascript code (see next slide) or use IFrame. Web Programming AJAX Slide 22/27

Including a remote script <script src= http://servername/username/scriptinclude type= text/javascript ></script> The file scriptinclude contains Javascript functions etc, but no html and no <script> tags. Web Programming AJAX Slide 23/27

Security: cross-site scripting attacks In PHP, htmlentities() should be applied to all requested content. Including content via XMLHttpRequest: remote site could potentially request local page, which is outside sandbox (especially for older IE versions). If malicious URL is embedded in a genuine page and the user clicks on the malicious URL, a script from the malicious page could run as if it came from the genuine page. Web Programming AJAX Slide 24/27

Defence: same origin policy (SOP) Scripts from one IP prevented from accessing data/properties of documents from different IP. But, this does not apply to scripts loaded via <script src=...> which are treated as same origin as the loading page. (Mashups often use <script src=...>.) Web Programming AJAX Slide 25/27

Search engine APIs In order to issue search engine queries from within a program, an API is needed. The program can then display the results in a custom manner or it can use the results to issue more queries. Google s API used to be based on SOAP. But the current version is using AJAX. Other search engines have similar APIs. For example, Yahoo has APIs mostly using REST. Web Programming AJAX Slide 26/27

Google s API <script src= http://www.google.com/jsapi type= text/javasc... google.load( search, 1.0 ); function OnLoad() { var searchcontrol = new google.search.searchcontrol(); searchcontrol.addsearcher(new google.search.websearch()); searchcontrol.draw(document.getelementbyid( searchcontrol ) searchcontrol.execute( VW GTI ); } google.setonloadcallback(onload, true);... <body><div id= searchcontrol >Loading</div></body> Web Programming AJAX Slide 27/27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback