The standard collection of web technologies that enable the incorporation of AJAX in a web application according to Acunetix.com
- XHTML or HTML and Cascading Style Sheets (CSS) providing the standards for representing content to the user.
- Document Object Model (DOM) that provides the structure to allow for the dynamic representation of content and related interaction. The DOM exposes powerful ways for users to access and manipulate elements within any document.
- XML and XSLT that provide the formats for data to be manipulated transferred and exchanged between server and client.
- XML HTTP Request: The main disadvantages of building web applications is that once a particular webpage is loaded within the user’s browser, the related server connection is cut off. Further browsing (even) within the page itself requires establishing another connection with the server and sending the whole page back even though the user might have simply wanted to expand a simple link. XML HTTP Request allows asynchronous data retrieval or ensuring that the page does not reload in its entirety each time the user requests the smallest of changes.
Two simple uses for Ajax in Modern Web Applications
One simple way to incorporate AJAX in to a web application is through the use of a simple notification system. Notification systems could take on many forms but I have found it very useful to create an enterprise error logging notification system based on the number of recent errors the system receives. This way a user can be be notified by the system when an abnormal amount of errors start occurring. An easy way to create this would be to log all of the server errors into a database or some other data source and then poll it for the number of errors that have occurred based on a certain number of minutes or seconds. If the polling request discovers that a large amount of errors have occurred over a specified period of time, then I would notify the users via message box or some sort of built in notification place holder. The system could use AJAX to poll the data every 10 seconds so that all notices are send in real-time.
User input validation would also be another good idea to implement AJAX in to a web application. Simply put, if your data is bad then your entire web application is worthless.
A simple example of user input validation with AJAX can be demonstrated by validating a new username or email address that a user enters in to a form. When the user enters a new value, the system then checks to see if any other record contains the same value in the database. The server then sends a response back to the browser to indicate the existence of the data. This information is then interpreted by the client side code to indicate based on the returned results that the data the user just entered is valid based on the previous nonexistence of the data.
According to Acunetix.com, the advent of AJAX applications has raised considerable security issues due to a broadened threat window brought about by the very same technologies and complexities developed. With an increase in script execution and information exchanged in server/client requests and responses, hackers have greater opportunity to steal data thereby costing organizations thousands of dollars in lost revenue, severe fines, diminished customer trust and substantial damage to your organization's reputation and credibility.
One key issue is that AJAX opens up Cross Site Scripting (XSS) vulnerabilities because websites can be injected with devious code with the hope of being parsed and/or executed.
As web-browsers and their technological capabilities continue to evolve, so does malicious use reinforcing the old and creating new security concerns related to JS and AJAX. This technological advancement is also occurring at a time when there is a significant shift in the ultimate goal of the hacker whose primary goal has changed from acts of vandalism (e.g., website defacement) to theft of corporate data (e.g., customer credit card details) that yield lucrative returns on the black market, also noted by Acunetix.com.
With any technology or collection of technologies there will always be specific issues that could arise. One common issue with AJAX is browser compatibility. Not every browser implements every technology the same. With this in mind, when coding your AJAX functionality you must take in to account the browser type, version and compatibilities to ensure that correct objects and functionality based on the users browser are loaded. The issue of browser compatibility is one key reason why jQuery was invented and is so popular. The developers wanted a simple way to code client-side scripts that will work with all browsers. Fortunately for us, jQuery does have AJAX functionality built in to its framework so that this issue can be avoided for the most part.