Lets say I want to do the JS execution, like, processing Javascript Elements but on the Server rather than exposing the code(s) on the client JS file.
Something like, lets say:
From the browser's side, lets say i will get the JS native window Object.
Then i want to make all Javascript processing works (on that window Object) in the backend by passing it to backend via Ajax, or whatever. So as an very simple examples (to do on the Backend JS Server):
Parse the window.location and do some codings related to it.
Parse the window.document and do some codings related to it.
And then return back to browser with the respective outcomes and then so on ..
So that means, (based on this simple example), i want to perform the parsing and whatever coding works, related to window.location & window.document Objects, in the backend (another) server. Just by passing this window Object to it. (Then return the already processed result back to the browser) So the user wont see what i am doing with this window object.
** Above is just a simple example. In fact, i want to pass some more complicated JS Objects and process at the backend.
That obvious point here is, i do not want my main JS processing codes to be exposed to the users.
Is this "concept" even possible please?
(If possible, what is the ideal approach to this?) Especially for the BACKEND, what should i be running and HOW, please?
Thanks
No, this is not possible as you describe.
JavaScript can run on the server, if your server has an engine to run the scripts. Node.js, which you tagged, is a good example of that.
But still, server and client are separated. The server cannot directly modify elements that are loaded into the client. The server feeds pages or other pieces of information to the client, which can be processed by the client.
So you could make an AJAX request to the server to perform some logic. This logic can be executed by PHP as well as Node.js, but when it comes to modifying the DOM, there is not much difference.
Node.js can be helpful, though. It supports a DOM as well, and I think you can even use jQuery, so an advantage over PHP is that you can do DOM manipulation in a similar way as on the client. It saves you a language to learn, but the client/server processing is still separated. You can't send an element with all its data and attached events to the server. You can send serialized objects at most.
Javascript is a client-side programming language and all code is interpreted at runtime by the browser on the client's machine. So the short answer is no.
For server-side code, use a server-side programming language such as PHP, ASP.NET or ColdFusion.
Related
I am working on a project which involves building a web service on the top of a .js library. I successfully completed that but now I have create another library (or something) in which everything should be customizable from the client side and server should just provide the JavaScript functions so that client can attach them with buttons and work with them.
Right now, I can think of two possible implementations:
Creating a new .js library and provide the functions which the client can use after including my .js file.
(Overheads - client will still have to include other .js libraries which I am using inside my library...so frankly speaking, this is kind of overhead on the client and is probably not a good way to go about the problem). My server in this case will just process the data which will be used by my .js library on the client side.
I directly return the necessary JavaScript functions along with the processed data so that client does not have to know about my internal implementation and can work with less overhead.
The problem is I don't know how to go about the second approach which looks quite promising. Is there any example implementation, or a better way to go about the first approach?
Ok. Let me try and explain this in my own words.
As far as I understood your problem, you do not want to include all the JS libraries in your code and would rather have the data passed to the JS libraries and then the inbuilt functions within your libraries process your data and return processed output.
I have not heard of this being done. Maybe it is so we can wait for an answer regarding that. But ideally what you would do is create a "Web service".
So this "Web service" basically act's like your "external javascript function". You pass data to the Web service and this data is processed and returned to you. You then process this output and display it the way you like.
So simply put, you will have to design a Web service with functions, that act the way your Javascript functions do.
Lot of the time I end up repeating the code on the server as well as the client. Example I have a registration form; validations I do for required field, email address regex are same on the both server and the client. I ideally want to write code in one place and not repeat.
If you're using express.js, take a look at the express-expose module. It seems to do what you're looking for:
expose objects, functions, modules and more to client-side js
I am going to assume that you aren't talking about a node.js application (for that take a look at either now.js or express-expose).
In these cases, what I would recommend is to do as much server side as possible, as a client can disable javascript (the is a particularly strong point when dealing with validation). You could use ajax to hit up the server, run the code there, and return in javascript.
I have a site written in Asp.net webforms. It uses ajax heavily.
Most forms on the site are submited with javascript. Javascript validates the input and sends it to /ajax.ashx on the server. The server processes the request and sends back a JSON response. My javascript uses the JSON to create html, which it inserts into the Dom.
I'm making a new version of my website written using asp.net MVC3. I've been looking at tutorials on this subject, and some of them recommend doing ajax in a different way. Rather than sending data and then building + inserting html with javascript, they create html at the server, and use javascript only to insert it into the Dom. For instance, in this tutorial.
Which way should I use? Using the new method will be quicker, but is it better?
That's a subjective question. Both approaches are possible and there is no better way. There are pros and cons of each approach.
Building the HTML on the server is easier and will require you less efforts but consumes more bandwidth compared to the first approach.
If you decide to go the first way you could use some client side templating framework which might help you simplify the generation of DOM elements on the client.
Creating html code directly into the server and injecting it with an ajax call is very fast and simple, the real problem is that in that way your service is bound to be used with that specific application. By sending RAW data you allow any app to use that data in any way, without bounding it to a specific application.
returning json feels more flexible to me; you can change what happens with your json response, like the layout it results in. If you return html you return data mixed with layout. This doesn't feel right to me.
I believe it is better to separate the layout from the actual data. That is why you should pass data between your scripts and not HTML.
If you go about it sending HTML, consider that you would have to build valid HTML and CSS, which might not sound hard at first but then you'll start using CSS that is not loaded in the file calling the ajax, etc.
Always separate content (data) from layout. That's why there is HTML and CSS, to separate layout from data. So why mess things up by mingling HTML between data?
Building the html serverside will probably be faster and not bog down the client which is important. Rendering data into HTML with javascript takes time and not every browser is fast with js (i.e. older versions of IE) so things can slow down if you're doing a lot of this.
Like previous posters said, it's kinda subjective because it depends on how much you're offloading to the client. I'm of the opinion that if you can do things serverside, you should.
If you are going to be using this service to return JSON to other applications/clients, then it's probably a good idea to just leave it as JSON and let the client do what it needs on their side.
I've been looking at the API for Flattr, http://flattr.com/support/integrate/js , which has a cool way of accepting query variables for their JavaScript to load.
My question is, do most APIs use something other than JavaScript to accept these different variables for their services? EG:
Ruby on Rails
PHP
Python
Then these are parsed by the respective language and returned as outputted JavaScript to the requesting website?
Cheers
Javascript itself is totally capable of reading how it's embedded to the HTML it belongs to, by reading document.getElementsByTagName("script") and further parse/match their src attributes. Therefore, it's not a problem at all for it to further parse the query variables attached at the end, and dynamically (all in javascript, client side) load components within.
Any javascript libraries that allow you to pack the whole thing and deploy to your own web server should take this approach, since there's no server to handle the request anyways.
On the other hand, javascript libraries that are hosted on other sites that allow you to use (like YUI) MAY take the server approach like you mentioned.
In my personal experience, projects that I have worked on have used server side languages to deal with get params.
So a request might be /myjavascript.js?id=123123 The server side language would create the correct javascript for that request.
Keeping everything on the server side has the advantage of not allowing the user to see what is going on. If this isn't a problem for you, javascript is more than capable of handling different params.
In my experience it's fairly common that widgets embedded into others' sites gets their parameters by parsing them from their script tags. It makes the widget script static and self-contained and thus easier to distribute through eg. a fast CDN. Performance is important when you're going to convince someone else to add your javascript to their site as poor performance from the widget can make the entire site appear sluggish.
A better place to specify the parameters than query parameters would however be to specify them in the URL:s hash-part as that part isn't included when caches are checked and thus the script would have to be downloaded fewer times - which of course is good for performance, especially if the parameters might shift a lot.
With all the recent hype about JavaScript and HTML5 replacing Flash, I wanted to know - How would it be possible to protect client-side js code? Of course, it is possible to obfuscate it, but that would only make it a little harder. Also, for games which submit high scores to the server, wouldn't it be incredibly easy to modify those scores before they are sent to the server? I know even Flash files can be decompiled, but they can be obfuscated and flash decompilation is not as easy as modifying data in JS - could be done easily using a plugin such as Firebug. I'd like to know everyone's views on this.
Javascript, being parsed on the client, is never 100% safe. There will always be ways to find out what it does. A few days ago I've even seen a tool which unpacks packed javascript so the only thing you can really do is using "ugly" variable names (or actually, make a javascript packer transform your "good" variable names into short/ugly/nonsense ones)
To protect game results, you have to move some of the game logic to the server so the client cannot send arbitrary results.
Summarizing it: Don't put secrets in javascript code and don't trust anything coming from the client - no matter if it's from a form or generated/submitted via javascript.
You say that for game that sends high scores to the server it would be too easy to modify javascript and forge request?
Except for case, when you use some cryptography on the client, it is the easiest way to forge such request not even analysing the script but sending false request itself. Everything you send between server and browser can be easily viewed on computer, analysed and changed.