Now, the server-side code has a different kind of validation problem, one that involves two steps: de-serialization of the data, followed by property-by-property validation of individual values. JSON isn't the only option for this kind of data, either. XML gets a fair amount of usage for data serialization, and now YAML (YAML Ain't Markup Language) as well (though mostly in Rails-based sites). There is also the rising tide of microformats, or custom data syntaxes that maximize efficiency of the representation at the expense of creating custom parsers for each syntax. In any of these cases, server-side validation now has two problems instead of one, and the complexity is a little greater as a result.

Periodic execution and the hidden post. It used to be that nefarious JavaScript or rewritten URLs or other client-side attacks that involve making requests to the server would be visible to the user because the browser would display the URL in the address bar when the request was made. This made it at least possible for a user to discover the pro...

In traditional Web applications, these requests were visible and triggered by one of two user actions: clicking a link or submitting a form. In Ajax applications, the requests are hidden, and can be triggered by a variety of user actions such as sliding the mouse over an element or tabbing into or out of a field. Many sites take that a step further and use period executors to send requests with no user triggers at all. Using JavaScript's timeout capabilities, some applications establish a loop that triggers a request every x-seconds, sometimes sending only application-provided data, but sometimes user-provided data as well. The request is not only hidden, but might happen while the user is away from the computer entirely.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   NEXT PAGE  >