AJAX: Friend or Foe

 

Connecting state and local government leaders

AJAX can make Web pages feel like full-fledged applications, but beware weaknesses in security and accessibility.

According to the poet Homer, Ajax was one of the mightiest Greek warriors in the battle of Troy. But he also wound up going mad and turning on his friends before killing himself.Now, 2,500 years later, AJAX, or Asynchronous JavaScript and Extensible Markup Language, is an ally of the Geeks ' Web developers seeking easier ways to create interactive applications. But as they grapple with usability, security and Section 508 compliance issues surrounding AJAX, they may also worry about being turned against.'AJAX is successful because it is so easy to learn, easy to use and easy to deploy,' said Michel Gerin, vice president of marketing at Backbase USA, an AJAX consulting and development company that has created AJAX applications for a number of federal clients, including the Navy.'You can just write a few JavaScript codes or find some on the Web, put it in your HTML page, and ' voil' ' it works.'But AJAX is not without its challenges.'Rich Internet Applications such as AJAX and [Dynamic] HTML are becoming increasingly popular as Web development techniques,' said Judy Brewer, director of the World Wide Web Consortium's Web Accessibility Initiative (W3C/WIA). 'Yet they can create barriers for people with disabilities because of difficulty accessing dynamic navigation and event features.'So the question arises: Which side of AJAX will you get ' the mighty ally or an unstable technology that will turn on you?AJAX is not a single technology, but a Web development technique using a set of technologies that work together to create a smoother interactive experience.Although the term was coined in 2005 by Jesse James Garrett, president of consulting firm Adaptive Path, some of the technologies go back a decade. AJAX is just a way to describe developing Web applications using these technologies.It is a browser-based approach that breaks down the traditional concept of the Web page, making it more like a desktop application. With traditional Web pages, Garrett wrote in his initial paper on the subject (GCN.com/866), a user action, such as clicking on a button, triggers an HTTP request to the Web server.The Web server then processes the request ' including querying databases, performing calculations or pulling up documents ' generates a new Web page and sends that entire page via the pipe to the user.'While the server is doing its thing, what is the user doing?' Garrett wrote. 'That's right, waiting. And at every step in a task, the user waits some more.'To cut waiting time, AJAX uploads a JavaScript engine to the browser, usually in a hidden frame, which renders the user interface and communicates with the server. Once it is loaded, the user can interact with the Web page.AJAX has been broadly adopted by a number of companies, most notably Google, which uses it for Google Maps and Gmail. Netflix also uses AJAX to let its customers change their list of movies.Federal agencies are increasingly using AJAX, too. The Air Force is moving to AJAX as part of its Enterprise Knowledge Management (EKM) system that provides process automation and system-to-system interoperability across the service.EKM was started in 2001 as part of the Charter for Aging Aircraft Program and now supports collaboration for more than 80 projects or enterprises and more than 5,000 users.'The AJAX-based design will allow the application to have more of a desktop application look and feel,' said Michael Hucul, EKM program manager at Wright-Patterson Air Force Base, Ohio. 'It will allow us to include some of the features people expect from a shared drive, such as drag and drop.'The new filing cabinet will load faster and cut bandwidth requirements because it will only load data when the user needs it.Part of EKM is the Secure Collaborative Integrated Development Environment for the Joint Surveillance and Target Attach Radar System (JSTARS) software maintenance group, a collaboration between the military and Northrop Grumman.'The solution that we chose here is to provide Air Force teams, organizations and contractors a secure, cost-effective method to jointly develop, maintain and upgrade mission-critical and weapons systems software,' said Scott Randall, technology lead at the 402nd Software Maintenance Group at Robins Air Force Base, Ga.Enhancements and software maintenance for JSTARS are being performed by the Air Force at Robins and by Northrop Grumman.'We hope this new system will eliminate redundant efforts from an integration perspective and unify our test teams and our development teams in execution of the software,' said Vinnie Simone, Northrop Grumman's senior program manager for Total Systems Support Responsibility.Although AJAX indisputably builds better applications, its use also raises concerns about accessibility, security and usability ' concerns that also apply to other Rich Internet Applications.Adaptive technologies such as screen readers and speech dictation software make the Web accessible to people with disabilities ' a requirement for federal Web pages under Section 508 of the Rehabilitation Act Amendments of 1998.Brewer said W3C/WAI is developing a suite of resources called Accessible Rich Internet Applications. The suite (GCN.com. GCN.com/887) includes a road map, taxonomy and syntax for developing accessible applications.Security is another issue. Rich Internet Applications are more complex than straight HTML and can open new vulnerabilities. AJAX attacks have already hit Yahoo and MySpace visitors.Hackers can also look at the browserside JavaScript and get an idea of the underlying server application architecture, so developers have to be careful not to expose unnecessary information in the AJAX engine. Enabling JavaScript on the browser also opens it to other types of attacks.Finally, AJAX wreaks havoc with traditional behaviors we've all come to expect from the Web environment.For users, early complaints included being unable to use the browser's back button to view an earlier version of a page, in addition to being unable to bookmark a particular version of a page. For developers, a common complaint was having to write different versions of the JavaScript for every browser version visitors might use.There are also problems with search engines because Web crawlers don't typically execute the code to access the data.Native AJAX still has these vulnerabilities, but workarounds exist, either as a piece of stand-alone code or a framework. Microsoft has ASP.NET AJAX (formerly called Apollo), and NexaWeb Technologies has Enterprise Web 2.0. Backbase has Enterprise AJAX 4 in addition to a free version of its framework, and the company is releasing a visual AJAX development tool early next year.Using a framework addresses these problems and makes it possible to write a single set of code that works on all browsers.'For anybody who wants to start in AJAX, make sure you know what your requirements are, and then look for a framework ' ours or someone else's,' Gerin said. 'It will really help you to manage your code and to maintain it down the road.'

Elements of AJAX

Asynchronous JavaScript and Extensible Markup Language is a combination of Web development technologies that allows portions of a page to update without having to refresh the entire page. These technologies include:



Cascading style sheets: CSS provides the markup to style a Web page in a way that is pleasing to the eye.

Document object model: DOM lets programmers create and modify Web pages as full-fledged programs.

Extensible markup language: XML is used to format the data used in AJAX Web transactions.

HTML and Extensible HTML: HTML provides the structure for a Web page. XHTML allows developers to provide the framework for XML data.

JavaScript: JavaScript is a scripting language for enhancing user experiences on Web pages.

XML HTTP REQUEST (XHR): XHR is an HTTP-based interface that lets Web servers update data in the browser without requiring the user to refresh the Web page.















Wait-loss program























JSTARS in your eyes






























NEXT STORY: What's more on GCN.com

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.