I know this issue have been already discussed Get Request Attributes in JavaScript, but it still doesn't work for me. So, it isn't duplicate.
I renew my page asynchronously via javascript: send request (XMLHttpRequest object) and set XMLHttpRequest.onreadystatechange = handleResponse().
Question: It is possible to handle java ArrayList request attribute (that come from server with response) in my handleResponse() function?
All iteraction preceed in the same way as in the link above
It is possible and actually quite simple. Just use an encoding format, like JSON. There are plenty of Java JSON libraries out there. Have a look here as well. Then from inside JavaScript, you can convert JSON to actual JavaScript objects and do whatever you want with them.
Related
Apologies for what is most likely an obvious question. In general terms, I would like write a client-side Javascript function that makes a request to my server; this would then return a Javascript object.
This seems to be a common thing, but I'm not entirely sure which techniques I should be using. Do I need to be running something like Node on my server to do this, or am I missing something basic? And is it possible to return a Javascript object directly, or would I return JSON and then convert this client-side into an object?
Googling seems to bring up a vast number of Ajax PHP \ ASP techniques, but I'm just using javascript.
Thank you very much in advance, and please do accept my apologies if it's a dense question.
The server would return JSON and JSON is javascript in object notation. The difference between JSON and a javascript object, is that JSON is a standard and has strict requirements, for example that property names and values are wrapped in double quotes.
You don't need a special server to return JSON. JSON is should be treated like XML or any other data format.
Returning JSON from a server is best done with JSONP if you want to avoid cross site scripting issues. You can read more about JSONP on
http://json-p.org/
http://remysharp.com/2007/10/08/what-is-jsonp/ and
What is JSONP all about?
Either way, JSONP or JSON and Ajax, you'll need to make sure your JSON is valid and the correct headers are sent.
Content-Type: application/json
if you send request to server, the application running at server will send back some data to browser, Json,XML,HTML, etc. what you should know is the data returned by server may have many types.
if you have no idea about the application in server, i suggest you can write some code running at server by using nodejs. in this way you do not have to study another language like php,java,python.
Loading a javascript from the server via AJAX/PHP as a kind of dynamic plug-in to the current page is an obvious technique to keep code in the page small and maintainable (and generic ...?)
I use jQuery.getScript for this. It has a callback function which will be executed when the code is loaded an has been initially run. Just look at http://api.jquery.com/jQuery.getScript/
On this page there is a form on the left side that filters MySql query results in real time.
My guess it has something to do with AJAX or similar language.
Can someone point me at what direction should I look to make a realtime-changing search results filter form.
Or what should I search for to find a working example or tutorial to make something like that?
Yeah, it's definetly AJAX, but AJAX is not a programming language, it's Asynchronous Javascript and XML. Take a look at http://api.jquery.com/jQuery.ajax/. jQuery is probably the easiest way to do something like that.
if($('#checkbox').is('::checked')){
//code to be executed
}
Yes, this is Ajax, but Ajax is not a language.
Ajax is:
Asynchronous
Javascript
And
XML
You use normal standard-methods of Javascript to send requests to a server and then process the results to update the content of the html-document. For communication with the server you can use XML, but there is no need the stick on XML. I prefere JSON because it produces less traffic.
XML:
eXtended
Markup
Language
JSON:
Java-
Script
Object
Notation
So I'm working on a function that makes it easier to send XMLHttpRequest's.^
It's set up like this..
XHR(url, method, data);
..where data is an object that get's turned into a query string like..
XHR('Hey.xml', 'get', { hi: 'hey' });
..would request "Hey.xml?hi=hey".
The thing is, different request methods want the query to be sent in different ways.
GET and HEAD expect the query to be part of the url.
POST expects the query to be sent with..
request.send(query);
I know there are other methods, and I was wondering which way the other methods use, or if other methods use yet another way.
^ Yes I know 50 of these already exist. Yes I know jQuery is one of them. Don't even think about suggesting it.
Reading on AJAXPatterns.org, there isn't any differences when using the "other" request methods with XHR.
Take a look at http://ajaxpatterns.org/XMLHttpRequest_Call#Handling_POSTs_and_Other_Request_Types
No, there are more. You got at least PUT and DELETE, although they are used much less frequent than GET and POST (as in: hardly ever). I believe GET is the only one that works cross domain. The others only work in your own domain, so it is your own decision whether to use POST, PUT or DELETE.
I wonder if there is a way to synchronize objects/methods in JavaScript in a similar way that you can do it in Java. I am developing an interface for the new WebSocket in html5 and need a way to match outgoing requests with incoming responses. Therefore I'm saving the requests (with a unique id) in an array on the client side and then I iterate through the array when I receive a response looking for the matching request.
A problem that might occur on the client side is if I have multiple timers that are making requests to the server independently of each other. If a the request function is inserting a "request-reference" into the array at the same time as the respond-listener is iterating through the array it's bound to break!
So how do I solve this problem? My initial thoughts was to simply synchronize the array as one could have done in Java (putting a lock on the object and force the other functions to wait) but I have found no syntax of how I would do this in JavaScript.
Javascript runs in a single thread in the browser, so there is no need to synchronize.
See here for details. See this SO question and answers as well (Why doesn’t JavaScript support multithreading?).
JSON allows you to retrieve data in multiple formats from an AJAX call. For example:
$.get(sourceUrl, data, callBack, 'json');
could be used to get and parse JSON code from sourceUrl.
JSON is the simply JavaScript code used to describe data. This could be evaled by a JavaScript interpreter to get a data structure back.
It's generally a bad idea to evaluate code from remote sources. I know the JSON spec doesn't specifically allow for function declarations, but there's no reason you couldn't include one in code and have an unsafe and naive consumer compile/execute the code.
How does jQuery handle the parsing? Does it evaluate this code? What safeguards are in place to stop someone from hacking sourceUrl and distributing malicious code?
The last time I looked (late 2008) the JQuery functions get() getJSON() etc internally eval the JSon string and so are exposed to the same security issue as eval.
Therefore it is a very good idea to use a parsing function that validates the JSON string to ensure it contains no dodgy non-JSON javascript code, before using eval() in any form.
You can find such a function at https://github.com/douglascrockford/JSON-js/blob/master/json2.js.
See JSON and Broswer Security for a good discussion of this area.
In summary, using JQuery's JSON functions without parsing the input JSON (using the above linked function or similar) is not 100% safe.
NB: If this sort of parsing is still missing from getJSON (might have recently been added) it is even more important to understand this risk due to the cross domain capability, from the JQuery reference docs:
As of jQuery 1.2, you can load JSON
data located on another domain if you
specify a JSONP callback, which can be
done like so: "myurl?callback=?".
jQuery automatically replaces the ?
with the correct method name to call,
calling your specified callback.
$.getJSON() is used to execute (rather than using eval) javascript code from remote sources (using the JSONP idiom if a callback is specified). When using this method, it is totally up to you to trust the source, because they will have control to your entire page (they can even be sending cookies around).
From Douglas Crockford site about The Script Tag Hack (jsonp):
So the script can access and use
its cookies. It can access the
originating server using the user's
authorization. It can inspect the DOM
and the JavaScript global object, and
send any information it finds anywhere
in the world. The Script Tag Hack is
not secure and should be avoided.
Both IE 8 and Firefox 3.1 will have native JSON support, which will provide a safe alternative to eval(). I would expect other browsers to follow suit. I would also expect jQuery to change its implementation to use these native methods.
All browsers I know of disable cross-site requests through Ajax. That is, if your page sits on my.example.com, you can't load anything using Ajax unless its URL is also at my.example.com.
This actually can be something of a nuisance, and there are ways for an attacker to inject source in other ways, but ostensibly this restriction is in place to address exactly the concern you mention.