Undolog.com

When building an Ajax Gateway, ie a file that is invoked by the object XmlHTTPRequest JavaScript, you can inadvertently create a tunnel to unwanted intrusion. Being in fact a file like the others, located on our server is reachable from the address bar of your browser.

Continued ...

Because of its ability to communicate with the server, the XMLHttpRequest object (XHR), used in the technology Ajax (an acronym for Asynchronous JavaScript and XML, which should be pronounced "egiacs" although we prefer Italian "aiacs"), has a security lock that prevents you from running applications outside the domain in which it operates. This protection is necessary to prevent JavaScript Injection (techniques of "injection" extremely dangerous code in order to break the system) of various kinds, with the ultimate objective of "break" in the system.
This limit is now taken seriously and you're thinking, somehow, to solve it - directly into the XmlHttpRequest - without compromising security (see also: Third Proposal for cross-site extensions to XMLHttpRequest ).

Whatever the situation today is as follows:

Continued ...

Here is an interesting extension for Firefox ( 2.0.0.9 patch released today ) written by Kris Zyp. RESTTest allows for send and receive check to a URL using the REST protocol, choosing between the canonical methods GET or POST (possibly customized) .
RESTTest can be used to test the XmlHttpRequest object and then to test applications that use Ajax. We can then quickly and easily simulate XHR requests and responses.
This extension is designed specifically for working with REST resources and supports all HTTP methods.
In the field POST / PUT can enter all the parameters that we are sending our test, the standard syntax:

variable1 = value1 & variable2 = value2 &[...] variable _n = _n value

This extension is also useful in testing the RSS feeds of a site or in the analysis of paramteri any RPC service.

Continued ...

Why switch to Apollo to display HTML and dynamic content when a browser already allows it? Why use Joost Net TV to see if a browser already allows it?

Why has not the producer of two simple browser functions within them:

• Windowless windows
• P2P Object

Windowless windows

This simple feature would make the most of the HTTP connection and make it really useful browsers. To open windows (pop-up in practice) with only the title and no border, just in case in transparency, increase the production of widgets to be exploited with the normal browser, like what he does now Apollo . With a careful study on the safety (as I think it is now the only reason for this limit) would open up very interesting scenarios.

P2P Object

As we all know by now all browsers support the object XMLHttpRequest , which has given rise to an endless amount of so-called Ajax applications. This object can be accessed via JavaScript, is able to provide an HTTP channel - parallel - scriptable client for both IINV and receiving data.
Sooner or later, as anticipated in various other blog, Adobe will insert a P2P in Flash. Why not do the same thing in the browser? An object of this type together with Windowless features allow you to create applications like Joost-without installing anything on your machine, ensuring cross-compatibility worthy of the Internet, thereby increasing the efficiency of production (now Joost is developed for each system operational, which is quite heavy - both in money and time - in fact, the beta will follow ...).

RSS FEED short windows with text, audio and video from the place where we want on our desktops, in true W3C standards. Open TCP channels are directly from JavaScript, with endless possibilities of data exchange. Clearly, the will is little and the "crime" is high, hackers, spam and phishing are lurking and moves of this kind terrorize a bit 'all ...

Continued ...

It is available online version of Firefox 3.0 Alpha 2 , code-named Gran Paradiso. Among the features announced (the final version is expected in late 2007) we can use the browser off-line mode. All this reminds Adobe Apollo, which, although not present it as your browser, it evokes the essential features.

Continued ...

Apollo is the code name (for now) of an ambitious project in the world for Adobe RIAs (Rich Internet Applications) and Web 2.0, including Ajax. Someone remembers Macromedia Contribute, Macromedia Central to someone else. There is, also, who sees in Apollo simple union - or opportunity - to bring together elements of Flash and PDF (something which has already been feasible with Flash Paper)!

Continued ...

Like many Web developers know, before the advent of the XMLHttpRequest object, the problem of the reloading of a Web page was solved with the technique of hidden FRAME or IFRAME. This simple trick has allowed many people to solve some problems otherwise unsolvable interface. An advantage of using the hidden frame, among other things, was the ability to maintain the browser's HISTORY! Which does not allow the XMLHttpRequest object.

In addition to techniques which use HTML FRAME or IFRAME hidden, it is possible to use Flash as a sub-channel of communication between the page and the Server. Some experience in this direction are still in development (see for example Fjax ). The idea is to "hide" a Flash movie within the HTML page (as happened with FRAME) and communicate with it via JavaScript (or VBScript for Microsoft environment only).

However, this technique a number of hidden pitfalls. First of all forces the end user to install the Flash plugin, and then a solution is not HTML (pure) clean. It also requires, however, prompted the use of Javascript and Flash as an interface between the page, so much it's worth using the XMLHttpRequest object. Then when you start to write a framework in ActionScript want to do everything in Flash. Here is that the variation to the XMLHttpRequest object begins to have little sense.
Ultimately if you do not want to use the XMLHttpRequest object, we must rely on the now-established technique of hidden frame. There are even those who use just a mixed technique: XMLHttpRequest + IFRAME!

However, now, Ajax (in the form of the XMLHttpRequest object) has proved so successful that in the future will be the XMLHttpRequest object that is supported by improved browser vendors (Microsoft, Mozilla, Opera, etc ...). In practice, XMLHttpRequest will be a default component (as is already in FireFox) within the browser, accessible via Javascript! So why not use it?

Continued ...