AJAX In Action [2]
7 Security and Ajax 246
7.1
JavaScript and browser security 247
Introducing the “server of origin” policy 248 ■ Considerations for
Ajax 248 ■ Problems with subdomains 249
Cross-browser security 250
7.2
Communicating with remote services 251
Proxying remote services 252
Working with web services 253
7.3
Protecting confidential data 263
The man in the middle 263 ■ Using secure HTTP 264
Encrypting data over plain HTTP using JavaScript 266
7.4
Policing access to Ajax data streams 268
Designing a secure web tier 268
Restricting access to web data 272
7.5
Summary 277
7.6
Resources 278
8 Performance 279
8.1
What is performance? 280
8.2
JavaScript execution speed 281
Timing your application the hard way 282
Using the Venkman profiler 288
Optimizing execution speed for Ajax 289
8.3
JavaScript memory footprint 302
Avoiding memory leaks 302
Special considerations for Ajax 306
8.4
Designing for performance 311
Measuring memory footprint 312 ■ A simple example 316
Results: how to reduce memory footprint 150-fold 321
8.5
Summary 323
8.6
Resources 324
Licensed to jonathan zheng xiv CONTENTS PART 4 AJAX BY EXAMPLE ............................................. 325 9 Dynamic double combo 327 9.1 A double-combo script 328 Limitations of a client-side solution 328 Limitations of a server-side solution 329 Ajax-based solution 330 9.2 The client-side architecture 331 Designing the form 331 Designing the client/server interactions 333 9.3 Implementing the server: VB .NET 334 Defining the XML response format 335 Writing the server-side code 336 9.4 Presenting the results 339 Navigating the XML document 339 Applying Cascading Style Sheets 342 9.5 Advanced issues 343 Allowing multiple-select queries 343 Moving from a double combo to a triple combo 345 9.6 Refactoring 345 New and improved net.ContentLoader 346 Creating a double-combo component 352 9.7 Summary 359 10 Type-ahead suggest 361 10.1 Examining type-ahead frameworks 362 Type-ahead suggest frameworks 362 ■ Google Suggest 364 The Ajax in Action type-ahead 365 10.2 The server-side framework: C# 366 The server and the database 366 Testing the server-side code 368 10.3 The client-side framework 369 The HTML 369 ■ The JavaScript 370 Accessing the server 380 Licensed to jonathan zheng CONTENTS xv 10.4 Adding functionality: multiple elements with different queries 392 10.5 Refactoring 392 Day 1: developing the TextSuggest component game plan 394 Day 2: TextSuggest creation—clean and configurable 397 Day 3: Ajax enabled 401 ■ Day 4: handling events 406 Day 5: the suggestions pop-up UI 413 Refactor debriefing 421 10.6 Summary 422 11 The enhanced Ajax web portal 423 11.1 The evolving portal 424 The classic portal 424 ■ The rich user interface portal 426 11.2 The Ajax portal architecture using Java 427 11.3 The Ajax login 429 The user table 429 ■ The server-side login code: Java 430 The client-side login framework 433 11.4 Implementing DHTML windows 439 The portal windows database 439 The portal window’s server-side code 441 Adding the JS external library 445 11.5 Adding Ajax autosave functionality 448 Adapting the library 448 Autosaving the information to the database 450 11.6 Refactoring 453 Defining the constructor 455 ■ Adapting the AjaxWindows.js library 456 ■ Specifying the portal commands 458 Performing the Ajax processing 462 Refactoring debrief 464 11.7 Summary 464 12 Live search using XSLT 466 12.1 Understanding the search techniques 467 Looking at the classic search 467 ■ The flaws of the frame and pop- up methods 469 ■ Examining a live search with Ajax and XSLT 470 ■ Sending the results back to the client 472 Licensed to jonathan zheng xvi CONTENTS 12.2 The client-side code 473 Setting up the client 473 Initiating the process 474 12.3 The server-side code: PHP 476 Building the XML document 476 Building the XSLT document 479 12.4 Combining the XSLT and XML documents 481 Working