Bureaucrats, Check users, Interface administrators, Administrators (Semantic MediaWiki), Administrators, vuser
9,365
edits
Changes
Directory:AJAST (programming) (view source)
Revision as of 04:31, 24 November 2009
, 04:31, 24 November 2009GFDL and CC-by-SA content from English Wikipedia (as of 17 June 2009, at 21:15) by 216.239.45.4
'''AJAST''', or '''Ajast''' (Asynchronous [[JavaScript]] and Script Tags), is a [[web development]] technique similar in nature to [[Ajax (programming)|Ajax]] except that the communications method used dynamically injects script tags into the document head which by loading [[Remote Scripting|remote script]] code is able to transport data to the client browser. Like Ajax, AJAST is used to create interactive [[web application]]s or [[rich Internet application]]s in cases where data access is needed from a remote host which violates the [[same origin policy]] of Ajax. With AJAST, [[web application]]s can retrieve data from a foreign web server [[Asynchronous I/O|asynchronously]] in the background without interfering with the display and behavior of the existing page.
{{gkgoogle}}
== Technique ==
Unlike Ajax, data is not retrieved by creating an ''[[XMLHttpRequest]]'' [[Object (computer science)|object]] but instead by manipulating the document to reference additional remote script files. As each reference to a remote script file is added to the document, the [[web browser]] actively retrieves the remote script file and attempts to execute it. The remote script can then provide new data to the web browser by loading the data into predictable locations. After the new data is harvested from the predictable locations the script file and predictable locations can be removed to prevent excessive resource consumption and the process can be repeated as necessary.
A sample AJAST transaction could be written as:
<source lang="JavaScript">
// Create a script node pointed to a remote host
var node = document.createElement('script');
node.type = 'text/javascript';
node.src = 'http://some.host.com/somefile.js';
// The onload mechanism only works on gecko browsers
node.onload = function() { alert(payload); }
// Find the head of the document and inject the script reference
var head = document.getElementsByTagName('HEAD')[0];
head.appendChild(node);
</source>
Consider the following source for '''somefile.js''':
<source lang="javascript">
var payload = 'hello world';
</source>
The message '''hello world''' will be displayed after the remote script loads.
== History ==
Techniques for the asynchronous loading of content date back to the mid 1990s.
[[Java applet]]s were introduced in the first version of the Java language in 1995. These allow [[compiler|compiled]] client-side code to load data asynchronously from the web server after a web page is loaded.<ref name="applets">
{{cite web
|url = http://java.sun.com/applets/
|title = Code Samples and Apps: Applets
|publisher = Sun Microsystems, Inc.
|accessdate = 2009-01-02
}}</ref>
Ajax was first introduced February 2005 by Jesse Garrett,<ref name="garrett">
{{cite web
|url = http://www.adaptivepath.com/ideas/essays/archives/000385.php
|title = Ajax: A New Approach to Web Applications
|publisher = AdaptivePath.com
|author = Jesse James Garrett
|date = 2005-02-18
|accessdate = 2009-03-25
}}</ref>
which could not access remote hosts.
The AJAST technique was first documented as 'The script tag hack' in November 2005 by Jason Levitt.<ref name="levitt">
{{cite web
|url = http://www.xml.com/pub/a/2005/11/09/fixing-ajax-xmlhttprequest-considered-harmful.html?page=2
|title = Fixing AJAX: XMLHttpRequest Considered Harmful
|publisher = xml.com
|author = Jason Levitt
|date = 2005-11-09
|accessdate = 2009-03-25
}}</ref>
The term ''AJAST'' was coined in March 2008 by Havard Stranden.<ref name="stranden">
{{cite web
|url = http://ox.no/posts/ajast-cross-domain-rest-calls-using-json-injection
|title = AJAST - Cross-domain REST calls using JSON injection
|publisher = oxno.com
|author = Havard Stranden
|date = 2008-03-24
|accessdate = 2009-03-25
}}</ref>
A formalized implementation of AJAST was published in March 2009 by Jason Riffel.<ref name="riffel">
{{cite web
|url = http://ajast.org
|title = AJAST.ORG - Asynchronous Javascript and Script Tags
|publisher = ajast.org
|author = Jason Riffel
|date = 2009-03-23
|accessdate = 2009-03-25
}}</ref>
==Technologies==
The main cause for using this technology is to allow access to a remote server outside of the [[same origin policy]] restrictions. These restrictions have increasingly come under fire{{Fact|date=March 2009}} in regards to Ajax type requests as new web technologies require more access to information. The W3C has a draft which would ease these restrictions on Ajax requests, <ref name="xdr">
{{cite web
|url = http://dev.w3.org/2006/waf/access-control/
|title = Access Control for Cross-Site Requests
|publisher = World Wide Web Consortium
|accessdate = 2008-06-27
}}
</ref>
but until this draft gains more momentum the AJAST technique remains a dominant solution which works natively across most web browsers. There are alternate technologies available that circumvent the [[same origin policy]] such as [[Adobe Flash]], [[Microsoft Silverlight]], and [[Java (programming language)|Java]] but these technologies require 3rd party software to be loaded into the web browser and are not always available. AJAST provides a mechanism which is natively available in web browsers which have [[Javascript]] enabled that can access remote servers.
=== Implementations ===
* [http://ajast.org ajast.org] Reference implementations of the AJAST technique that emulate the [[XMLHttpRequest]] object of Ajax.
* [http://ox.no/posts/ajast-cross-domain-rest-calls-using-json-injection ox.ajast] An AJAST implementation specialized for the [[Representational State Transfer|REST pattern]].
=== Advantages ===
* Cross site capable
* Requires no 3rd party software
* Works in all legacy browsers that support [[AJAX]]
=== Disadvantages ===
* The remote site can insert arbitrary JavaScript in the page, so cross-site AJAST is only safe with trusted remote sites
* Synchronous requests are not possible
* Only GET requests can be made via script tags, not POST. Some browsers and servers limit GET request size to a few kilobytes
<!--* The potential for memory leaks is significant if proper garbage collection is not implemented [also true of AJAX, so not a disadvantage]
* The required predictable locations for data in the loaded script files has potential for conflicts [if this means what i think it does, implementers keep different AJAST responses from conflicting by having each one use a different callback function; seems like the same situation as async AJAX] -->
== See also ==
* [[Ajax (programming)]]
* [[Ajax framework]]
* [[AJILE]]
* [[Reverse Ajax]]
* [[Rich Internet application]]
* [[XMLHttpRequest]]
== Notes ==
{{reflist|3}}
== External links ==
* [http://ajast.org ajast.org] Reference implementations of the AJAST technique.
{{gkgoogle}}
== Technique ==
Unlike Ajax, data is not retrieved by creating an ''[[XMLHttpRequest]]'' [[Object (computer science)|object]] but instead by manipulating the document to reference additional remote script files. As each reference to a remote script file is added to the document, the [[web browser]] actively retrieves the remote script file and attempts to execute it. The remote script can then provide new data to the web browser by loading the data into predictable locations. After the new data is harvested from the predictable locations the script file and predictable locations can be removed to prevent excessive resource consumption and the process can be repeated as necessary.
A sample AJAST transaction could be written as:
<source lang="JavaScript">
// Create a script node pointed to a remote host
var node = document.createElement('script');
node.type = 'text/javascript';
node.src = 'http://some.host.com/somefile.js';
// The onload mechanism only works on gecko browsers
node.onload = function() { alert(payload); }
// Find the head of the document and inject the script reference
var head = document.getElementsByTagName('HEAD')[0];
head.appendChild(node);
</source>
Consider the following source for '''somefile.js''':
<source lang="javascript">
var payload = 'hello world';
</source>
The message '''hello world''' will be displayed after the remote script loads.
== History ==
Techniques for the asynchronous loading of content date back to the mid 1990s.
[[Java applet]]s were introduced in the first version of the Java language in 1995. These allow [[compiler|compiled]] client-side code to load data asynchronously from the web server after a web page is loaded.<ref name="applets">
{{cite web
|url = http://java.sun.com/applets/
|title = Code Samples and Apps: Applets
|publisher = Sun Microsystems, Inc.
|accessdate = 2009-01-02
}}</ref>
Ajax was first introduced February 2005 by Jesse Garrett,<ref name="garrett">
{{cite web
|url = http://www.adaptivepath.com/ideas/essays/archives/000385.php
|title = Ajax: A New Approach to Web Applications
|publisher = AdaptivePath.com
|author = Jesse James Garrett
|date = 2005-02-18
|accessdate = 2009-03-25
}}</ref>
which could not access remote hosts.
The AJAST technique was first documented as 'The script tag hack' in November 2005 by Jason Levitt.<ref name="levitt">
{{cite web
|url = http://www.xml.com/pub/a/2005/11/09/fixing-ajax-xmlhttprequest-considered-harmful.html?page=2
|title = Fixing AJAX: XMLHttpRequest Considered Harmful
|publisher = xml.com
|author = Jason Levitt
|date = 2005-11-09
|accessdate = 2009-03-25
}}</ref>
The term ''AJAST'' was coined in March 2008 by Havard Stranden.<ref name="stranden">
{{cite web
|url = http://ox.no/posts/ajast-cross-domain-rest-calls-using-json-injection
|title = AJAST - Cross-domain REST calls using JSON injection
|publisher = oxno.com
|author = Havard Stranden
|date = 2008-03-24
|accessdate = 2009-03-25
}}</ref>
A formalized implementation of AJAST was published in March 2009 by Jason Riffel.<ref name="riffel">
{{cite web
|url = http://ajast.org
|title = AJAST.ORG - Asynchronous Javascript and Script Tags
|publisher = ajast.org
|author = Jason Riffel
|date = 2009-03-23
|accessdate = 2009-03-25
}}</ref>
==Technologies==
The main cause for using this technology is to allow access to a remote server outside of the [[same origin policy]] restrictions. These restrictions have increasingly come under fire{{Fact|date=March 2009}} in regards to Ajax type requests as new web technologies require more access to information. The W3C has a draft which would ease these restrictions on Ajax requests, <ref name="xdr">
{{cite web
|url = http://dev.w3.org/2006/waf/access-control/
|title = Access Control for Cross-Site Requests
|publisher = World Wide Web Consortium
|accessdate = 2008-06-27
}}
</ref>
but until this draft gains more momentum the AJAST technique remains a dominant solution which works natively across most web browsers. There are alternate technologies available that circumvent the [[same origin policy]] such as [[Adobe Flash]], [[Microsoft Silverlight]], and [[Java (programming language)|Java]] but these technologies require 3rd party software to be loaded into the web browser and are not always available. AJAST provides a mechanism which is natively available in web browsers which have [[Javascript]] enabled that can access remote servers.
=== Implementations ===
* [http://ajast.org ajast.org] Reference implementations of the AJAST technique that emulate the [[XMLHttpRequest]] object of Ajax.
* [http://ox.no/posts/ajast-cross-domain-rest-calls-using-json-injection ox.ajast] An AJAST implementation specialized for the [[Representational State Transfer|REST pattern]].
=== Advantages ===
* Cross site capable
* Requires no 3rd party software
* Works in all legacy browsers that support [[AJAX]]
=== Disadvantages ===
* The remote site can insert arbitrary JavaScript in the page, so cross-site AJAST is only safe with trusted remote sites
* Synchronous requests are not possible
* Only GET requests can be made via script tags, not POST. Some browsers and servers limit GET request size to a few kilobytes
<!--* The potential for memory leaks is significant if proper garbage collection is not implemented [also true of AJAX, so not a disadvantage]
* The required predictable locations for data in the loaded script files has potential for conflicts [if this means what i think it does, implementers keep different AJAST responses from conflicting by having each one use a different callback function; seems like the same situation as async AJAX] -->
== See also ==
* [[Ajax (programming)]]
* [[Ajax framework]]
* [[AJILE]]
* [[Reverse Ajax]]
* [[Rich Internet application]]
* [[XMLHttpRequest]]
== Notes ==
{{reflist|3}}
== External links ==
* [http://ajast.org ajast.org] Reference implementations of the AJAST technique.