AJAX
AJAX
AJAX short for "Asynchronous JavaScript And XML") is a set of Web development techniques using many web technologies on the client side to create asynchronous Web applications.
With Ajax, web applications can send and retrieve data from a server asynchronously (in the background) without interfering with the display and behavior of the existing page.
By decoupling the data interchange layer from the presentation layer, Ajax allows web pages, and by extension web applications, to change content dynamically without the need to reload the entire page.
In practice, modern implementations commonly utilize JSON instead of XML due to the advantages of JSON being native to JavaScript.
Ajax is not a single technology, but rather a group of technologies. HTML and CSS can be used in combination to mark up and style information.
The webpage can then be modified by JavaScript to dynamically display – and allow the user to interact with — the new information.
The built-in XMLHttpRequest object within JavaScript is commonly used to execute Ajax on webpages allowing websites to load content onto the screen without refreshing the page. Ajax is not a new technology, or different language, just existing technologies used in new ways.
- Ajax uses XHTML for content, CSS for presentation, along with Document Object Model and JavaScript for dynamic content display.
- Conventional web applications transmit information to and from the sever using synchronous requests. It means you fill out a form, hit submit, and get directed to a new page with new information from the server.
- With AJAX, when you hit submit, JavaScript will make a request to the server, interpret the results, and update the current screen. In the purest sense, the user would never know that anything was even transmitted to the server.
- XML is commonly used as the format for receiving server data, although any format, including plain text, can be used.
- AJAX is a web browser technology independent of web server software.
- A user can continue to use the application while the client program requests information from the server in the background.
- Intuitive and natural user interaction. Clicking is not required, mouse movement is a sufficient event trigger.
- Data-driven as opposed to page-driven.
AJAX is Based on Open Standards
AJAX is based on the following open standards −
- Browser-based presentation using HTML and Cascading Style Sheets (CSS).
- Data is stored in XML format and fetched from the server.
- Behind-the-scenes data fetches using XMLHttpRequest objects in the browser.
- JavaScript to make everything happen.
Steps of AJAX Operation
- A client event occurs.
- An XMLHttpRequest object is created.
- The XMLHttpRequest object is configured.
- The XMLHttpRequest object makes an asynchronous request to the Webserver.
- The Webserver returns the result containing XML document.
- The XMLHttpRequest object calls the callback() function and processes the result.
- The HTML DOM is updated.
The XMLHttpRequest object is the key to AJAX. It has been available ever since Internet Explorer 5.5 was released in July 2000, but was not fully discovered until AJAX and Web 2.0 in 2005 became popular.
XMLHttpRequest (XHR) is an API that can be used by JavaScript, JScript, VBScript, and other web browser scripting languages to transfer and manipulate XML data to and from a webserver using HTTP, establishing an independent connection channel between a webpage's Client-Side and Server-Side.
The data returned from XMLHttpRequest calls will often be provided by back-end databases. Besides XML, XMLHttpRequest can be used to fetch data in other formats, e.g. JSON or even plain text.
You already have seen a couple of examples on how to create an XMLHttpRequest object.
Listed below are some of the methods and properties that you have to get familiar with.
XMLHttpRequest Methods
-
abort()
Cancels the current request.
-
getAllResponseHeaders()
Returns the complete set of HTTP headers as a string.
-
getResponseHeader( headerName )
Returns the value of the specified HTTP header.
-
open( method, URL )
-
open( method, URL, async )
-
open( method, URL, async, userName )
-
open( method, URL, async, userName, password )
Specifies the method, URL, and other optional attributes of a request.
The method parameter can have a value of "GET", "POST", or "HEAD". Other HTTP methods such as "PUT" and "DELETE" (primarily used in REST applications) may be possible.
The "async" parameter specifies whether the request should be handled asynchronously or not. "true" means that the script processing carries on after the send() method without waiting for a response, and "false" means that the script waits for a response before continuing script processing.
-
send( content )
Sends the request.
-
setRequestHeader( label, value )
Adds a label/value pair to the HTTP header to be sent.
abort()
Cancels the current request.
getAllResponseHeaders()
Returns the complete set of HTTP headers as a string.
getResponseHeader( headerName )
Returns the value of the specified HTTP header.
open( method, URL )
open( method, URL, async )
open( method, URL, async, userName )
open( method, URL, async, userName, password )
Specifies the method, URL, and other optional attributes of a request.
The method parameter can have a value of "GET", "POST", or "HEAD". Other HTTP methods such as "PUT" and "DELETE" (primarily used in REST applications) may be possible.
The "async" parameter specifies whether the request should be handled asynchronously or not. "true" means that the script processing carries on after the send() method without waiting for a response, and "false" means that the script waits for a response before continuing script processing.
send( content )
Sends the request.
setRequestHeader( label, value )
Adds a label/value pair to the HTTP header to be sent.
XMLHttpRequest Properties
-
onreadystatechange
An event handler for an event that fires at every state change.
-
readyState
The readyState property defines the current state of the XMLHttpRequest object.
The following table provides a list of the possible values for the readyState property −
readyState = 0 After you have created the XMLHttpRequest object, but before you have called the open() method.
readyState = 1 After you have called the open() method, but before you have called send().
readyState = 2 After you have called send().
readyState = 3 After the browser has established a communication with the server, but before the server has completed the response.
readyState = 4 After the request has been completed, and the response data has been completely received from the server.
-
responseText
Returns the response as a string.
-
responseXML
Returns the response as XML. This property returns an XML document object, which can be examined and parsed using the W3C DOM node tree methods and properties.
-
status
Returns the status as a number (e.g., 404 for "Not Found" and 200 for "OK").
-
statusText
Returns the status as a string (e.g., "Not Found" or "OK").
onreadystatechange
An event handler for an event that fires at every state change.
readyState
The readyState property defines the current state of the XMLHttpRequest object.
The following table provides a list of the possible values for the readyState property −
readyState = 0 After you have created the XMLHttpRequest object, but before you have called the open() method.
readyState = 1 After you have called the open() method, but before you have called send().
readyState = 2 After you have called send().
readyState = 3 After the browser has established a communication with the server, but before the server has completed the response.
readyState = 4 After the request has been completed, and the response data has been completely received from the server.
- responseTextReturns the response as a string.
- responseXMLReturns the response as XML. This property returns an XML document object, which can be examined and parsed using the W3C DOM node tree methods and properties.
- statusReturns the status as a number (e.g., 404 for "Not Found" and 200 for "OK").
- statusTextReturns the status as a string (e.g., "Not Found" or "OK").
AJAX Security: Server Side
-
AJAX-based Web applications use the same server-side security schemes of regular Web applications.
-
You specify authentication, authorization, and data protection requirements in your web.xml file (declarative) or in your program (programmatic).
-
AJAX-based Web applications are subject to the same security threats as regular Web applications.
- AJAX-based Web applications use the same server-side security schemes of regular Web applications.
- You specify authentication, authorization, and data protection requirements in your web.xml file (declarative) or in your program (programmatic).
- AJAX-based Web applications are subject to the same security threats as regular Web applications.
AJAX Security: Client Side
-
JavaScript code is visible to a user/hacker. Hacker can use JavaScript code for inferring server-side weaknesses.
-
JavaScript code is downloaded from the server and executed ("eval") at the client and can compromise the client by mal-intended code.
-
Downloaded JavaScript code is constrained by the sand-box security model and can be relaxed for signed JavaScript.
-
- JavaScript code is visible to a user/hacker. Hacker can use JavaScript code for inferring server-side weaknesses.
- JavaScript code is downloaded from the server and executed ("eval") at the client and can compromise the client by mal-intended code.
- Downloaded JavaScript code is constrained by the sand-box security model and can be relaxed for signed JavaScript.
No comments