SitePoint Sponsor |
|
User Tag List
Results 1 to 25 of 33
Thread: Take Command with AJAX
-
Oct 14, 2005, 02:22 #1
Article Discussion
This is an article discussion thread for discussing the SitePoint article, "Take Command with AJAX"
-
Oct 14, 2005, 02:22 #2
- Join Date
- Mar 2003
- Location
- England, UK
- Posts
- 2,906
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
It probably would have been better to use an event listener instead of using inline JS in your source:
http://phrogz.net/JS/AttachEvent_js.txt
-
Oct 14, 2005, 05:49 #3
- Join Date
- May 2003
- Location
- Midwest
- Posts
- 100
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Bad example to use, any small mistake in code could open up a server for exploit!
Last edited by cyberlot; Oct 14, 2005 at 05:58. Reason: Unsure
-
Oct 15, 2005, 00:13 #4
Nice demonstration, did I hear someone call out for thin clients? Such apps would do extremely well on intranets in my opinion.
-
Oct 16, 2005, 19:22 #5JoshuaSitePoint Community Guest
Great article! Really shows the power of AJAX
-
Oct 17, 2005, 09:58 #6VictorSitePoint Community Guest
Thank you for the great tutorial ans source code
-
Oct 21, 2005, 06:07 #7DarrelSitePoint Community Guest
There's a problem with the links in the print version of this article. The links seem to have http://www.sitepoint.com/" tacked onto the beginning of the URL and /" tacked onto the end.
For example, http://www.sitepoint.com/"http://www.w3clubs.com/sp/ajax/httprequest_example.html/"
-
Oct 26, 2005, 04:55 #8KenSitePoint Community Guest
The only thing I don't like is the extent to which javascript is used. Again we are falling back to limited browser support and cross browser compatibility. It seems like a nice new thing but it just doesn't appeal to me.
-
Oct 26, 2005, 14:48 #9
- Join Date
- Oct 2005
- Posts
- 1
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Heres an odd problem I've been having.
Code:/******** ajax.js *******/ // global flag var isIE = false; var XMLFiles = new Array(); function loadDoc(page, xmlAlias) { if (true) { try { XMLFiles[xmlAlias] = new XMLHttpRequest(); } catch (err) { try { XMLFiles[xmlAlias] = new ActiveXObject("Microsoft.XMLHTTP"); } catch (err) { alert("Uh, Broken?\n" + (typeof err == "string") ? err : ((err.message) ? err.message : "Unknown Error") ) } } XMLFiles[xmlAlias].onreadystatechange = RdyStateChange(xmlAlias); } XMLFiles[xmlAlias].open("GET", page); XMLFiles[xmlAlias].send(null); // alert('USELESS THING'); blankFunc(); return true; } function blankFunc() { var waste, i; for( i = 0; i < 10; i++) { waste += i; } return waste; } function RdyStateChange(xmlAlias) { alert(xmlAlias); } function loadCatXML(page) { loadDoc(page, 'Category'); alert(XMLFiles['Category'].statusText); document.getElementById('CategorySelector').innerHTML = 'ABC'; }
Code:<!------ HTML -------> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Keri Blue - Products</title> <link href="styles/style.css" rel="stylesheet" type="text/css" /> <link href='styles/products.css' rel='stylesheet' type='text/css' /> <script type='text/javascript' src='javascript/scroller.js'></script> <script type='text/javascript' src='javascript/ajax.js'></script> </head> <body > <a href='#' onclick='loadCatXML("extras/test.xml");'>CLICK</a> </body> </html>
W-haaaat?
-
Oct 27, 2005, 10:09 #10
- Join Date
- Apr 2005
- Posts
- 3
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Ken, I came to the conclusion that support for 99%+ of my users was enough for me (judging from the list of supported browsers here: http://en.wikipedia.org/wiki/Ajax_%28programming%29 ). And that's gathered from the stats of a site that caters to a fairly low-tech group of people (sports coaches, many using school machines).
For me, the benefits outweigh the risks, which are only decreasing as time goes on, browsers progress, and computers are upgraded. It seems that AJAX is here to stay as the de facto remote scripting standard.
-
Oct 27, 2005, 10:24 #11
- Join Date
- Jan 2005
- Location
- Too far up north
- Posts
- 1,566
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Ok, I haven't really read the article, but I noticed the following:
Code:if (return_xml) { eval(callback_function + '(http_request.responseXML)'); } else { eval(callback_function + '(http_request.responseText)'); }
Code:if(return_xml) { callback_function(http_request.responseXML); } else { callback_function(http_request.responseText); }
Code:makeHttpRequest('test.html', function(oRequest) { alert(oRequest); });
-
Nov 8, 2005, 17:05 #12
- Join Date
- Jan 2001
- Location
- Lawrence, Kansas
- Posts
- 2,066
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I found it interesting how your code got more, rather than less, complicated as the article progressed. Less code is always better! There's absolutely no reason to use complex DOM manipulation code when innerHTML can achieve exactly the same result. Likewise, why send XML with repsponseXML when plain responseText is good enough?
If you want an academic excuse for using innerHTML when it isn't part of a W3C standard (even though every browser under the sun supports it), here's the one I use: A web browser's principle activity is taking strings of HTML and turning them in to DOM trees. It's utterly ludicrous for that basic ability not to be exposed to developers. innerHTML exposes it.
-
Nov 9, 2005, 05:13 #13
- Join Date
- Jan 2001
- Location
- Lawrence, Kansas
- Posts
- 2,066
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I've just figured out what it is that made me so uncomfortable about this idea: it's a CSRF (Cross Site Request Forgery) attack waiting to happen.
Let's say you do set up the script without the in_array check behind an authentication system (cookies, sessions or HTTP auth). I can still delete everything on your site. All I have to do is guess the location of your exec.php script and create a page on my own site (or a public forum or what have you) containing the following HTML:
<img src="http://yoursite.com/exec.php?command=rm -rf /">
If I can trick you in to visiting that page while your browser is logged in to your command application I can delete every writable file on your server!
Defending against this attack is surprisingly tricky - just using POST instead of GET (which you should be doing anyway for an application that causes changes to the state of the data on your server) isn't enough. You need some kind of token based scheme that confirms that the GET or POST request to your PHP script originated with your Ajax code. A referral check will just about do the job, but a token scheme is far more robust.
Here's a good overview of CSRF and potential solutions: http://www.squarefree.com/securityti...pers.html#CSRF
-
Nov 15, 2005, 11:12 #14
- Join Date
- Sep 2003
- Location
- Wales
- Posts
- 1,181
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I seem to be getting the following error message when I attempting to run the XML version of this script. (Yes, the exec_xml.php script does return the correct XML file data and in the correct format).
Error: xmldoc.getElementsByTagName("command").item[0] has no properties
What could this message mean?
-
Nov 18, 2005, 17:46 #15
- Join Date
- Apr 2002
- Posts
- 281
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Ok I spent a good hour on this problem and I think the solution I found also applies to Tryst's problem.
I wanted to send back data to my browser using the xml method and the documentElement would be null everytime, but when I tried to alert the response in text mode then I could see the xml no problem and I also validated it and it was valid.
So after alot of looking around I came to the conclusiont that if you xml is indented in any way then it won't get DOMed properly at all.
So I eliminated all the \n and all the tabs I had and just made it a 1 line string. This worked and I could then target my elements again with no problems.
I was looking if there's a function to ignore spaces...I guess there isn't?
Oh what I wanted to say....Yes I'm a newbie because this is the first time I'm using AJAX but not 1 article mentioned that this would be a problem and all articles format their xml documents with spaces and indents. So maybe I'm missing something? Also I was using HEREDOC to echo the xml, maybe it doesn't like that?
-
Nov 19, 2005, 02:32 #16
Originally Posted by Skunk
With a little judicious coding it is possible to construct full DOM element hierarchies without using innerHTML, and with very compact and neat code. I find it much tidier than using innerHTML, and not a great deal more verbose. It's just a matter of how you tackle the problem.Only dead fish go with the flow
-
Dec 1, 2005, 21:59 #17meSitePoint Community Guest
Man, you are the one.
-
Dec 9, 2005, 16:34 #18
- Join Date
- Dec 2005
- Posts
- 1
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
This appears to be an IE specific issue
So I eliminated all the \n and all the tabs I had and just made it a 1 line string. This worked and I could then target my elements again with no problems.
A PITA when using saveXML from a PHP page!
-
Jan 12, 2006, 16:09 #19
Although an interface to run shell commands on your server is pure insanity, it clearly does illustrate the principles and underlying code.
-
Apr 23, 2006, 10:44 #20
- Join Date
- Mar 2004
- Location
- East Anglia, England.
- Posts
- 640
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
alert('Unfortunatelly...
Unfortunately.
-
May 15, 2006, 09:08 #21Austin38SitePoint Community Guest
This is an incredibly well-written tutorial that is simple to comprehend yet shows the power of Ajax. Outstanding work!
-
May 16, 2006, 11:37 #22
- Join Date
- May 2002
- Location
- Central WI, US
- Posts
- 262
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Great Article! I would love to see a more detailed XML example where an XML file with a similar structure to:
<?xml version="1.0" ?>
<root>
<item>
<title>A title</title>
<text>A paragraph or more of text here...</text>
</item>
<item>
<title>A title</title>
<text>A paragraph or more of text here...</text>
</item>
</root>
where you could have from 1 to n items and how best to navigate through the nested XML elements.
Also, I'm not quite sure what the purpose or function of the item(0) in theCode:var new_command = xmldoc.getElementsByTagName('command').item(0).firstChild.nodeValue;
The only other question I have is how would you handle including a hyperlink that came in in one of the text elements?
-
May 17, 2006, 10:44 #23
- Join Date
- May 2002
- Location
- Central WI, US
- Posts
- 262
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I am having a problem getting my AJAX to work in Safari using some of what is covered in the article. I've posted a problem description here http://www.sitepoint.com/forums/show...06#post2746506
-
Oct 2, 2006, 21:11 #24aradoSitePoint Community Guest
amazing tutorial, made Ajax sound simple, very practical example using non IFrames, instead used a DIV tag.
-
Jul 16, 2008, 03:24 #25
- Join Date
- Nov 2005
- Location
- Norway
- Posts
- 715
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Links are not working.
Bookmarks