Thursday, March 22, 2007

AjaxWorld 2007 Day Three (Afternoon)

JSON: Making the "X" in Ajax Superfluous:
The afternoon was off to a good start with Douglas Crockford presenting on JSON. Not much new ground was covered...In a nutshell, JSON is a better way to transfer data than XML. JSON is especially easy to use if you know that the client will be a browser (like it is with Ajax). Since JSON is a subset of JavaScript, the JavaScript engine processes JSON very easily because it is JavaScript.

Some random items mentioned beyond the obvious JSON topics...
  • YAML is a superset of JSON. A YAML decoder is a JSON decoder. And YAML has validators. So if you wanted a JSON validator, a YAML validator would work.
  • Using eval to process JSON text can open security holds. If thats a concern, use a JSON-only parser like string.parseJSON.
  • Crockford was against remote scripting....calling it the "script-tag hack". The problem is that there is no way to vet the script before it executes. The server generating the scripting must be absolutely trusted...this is not always possible in Mashup scenarios.
  • Security Comment - If there is script from 2 or more sources, then the app is not secure.
  • Proposed EcmaScript 4th edition enhancements include new commands available at json.org now.
Here's an application of the supplant function (from the json.org site):

var template = '<table border="{border}"><tr><th>Last</th><td>{last}</td></tr>' +
'<tr><th>First</th><td>{first}</td></tr></table>';


Notice that we have an HTML template with three variables in it. Then
we'll obtain a JSON object containing members that match the variables.


var data = {
"first": "Carl",
"last": "Hollywood",
"border": 2
};

We can then use a supplant method to fill in the template
with the data.


mydiv.innerHTML = template.supplant(data);


Nice! These upcoming EcmaScript enhancements can be used now by importing the small JavaScript functions from json.org.

In the 2:40pm timeslot, I was looking forward to seeing Clueful 2.0, but it was cancelled. Then I rushed to view "So You Wanna Be a DOM Star" from Molly Holzschlag, but it was cancelled. So my third choice was "Performance-Tune Your Ajax application". This session contained some useful information, but nothing ground-breaking on the topic.

And that ended AjaxWorld for me. There was another vendor presentation followed by 2 more sessions which continued to 7pm....but due to flight schedules, I had to miss those. If I could've stayed longer I would've loved to have seen the following topics...now I will have to wait until I receive the AjaxWorld presentations on DVD.

Ajax-Enable Your Java Application with DWR -- I love DWR!
Web 2.0 Security
Rails: De Facto API for the Web

No comments: