XMLHTTP or GetXmlHttpRequest AKA AJAX

2 posts / 0 new
Last post
montrealer58 montrealer58's picture
XMLHTTP or GetXmlHttpRequest AKA AJAX

I have been writing web pages since 1995. I have written associated programs in C++, EMCAScript, and PHP as and when those technologies became available. I love XML, and I will often View Source on a page I really like. You always want to see what scripts they are running.

My browser is set to only authorise scripts from sites such as this one which depend on their reputation as a safe place to visit on the Internet. The site desperately needs to advertise (from the right people), so they need to be able to 'push' content. When I am out there in browser-land I get huge red flags when GetXmlHttpRequest or its predecessor the ActiveX control XMLHTTP is employed.

It is hoped in the future that when browsers all support SVG animations (which can be generated via PHP) there will be no need for scripts at all. Adobe kind of invented SVG, but they have left it behind, but it was so good that W3C adopted it as an XML standard. The output that SVG produces is breathtaking. It is kind of clunky (and you should save in Raw SVG mode) but there is a functional GNU editor called Inkscape you can play around with. Animation with no scripts! Wow! I feel like a happy 8-year-old.

The problem is when benign people use technology that the wicked are also known for. Looking at the source of this page, I notice the obvious hooks to AJAX have been taken out and there is a bunch of JQuery code in there instead. Who knows if AJAX functionality is included in JQuery.

As a programmer I make things which do things, and I am not overly concerned about the Document Object Model. As an old C guy it is just stdin and stdout to me. I might write 300 lines of code and have 2 calls to the DOM.

Combined with the EMCAScript (formerly known as Javascript) File APIs, XMLHTTP (or Ajax) allows you to send anything to the user's computer without their knowledge, and download files from it without their knowledge, and replace those files with anything they want. The Internet, as it were, has given machine-guns to angry 8-year-olds, thanks to the inventors of XMLHTTP.

In the meantime I am proposing a thing which has no central authority called AJAX SAFE. This is based on the principle that Our scripts only do what you are aware of, and with your consent. Anyone with technical competence can tell if there is a malicious script, so if people are naughty and claim they are AJAX SAFE, word will get around.

Otherwise, scripts are off for me, and I recommend that you should set scripts off if you are in any way concerned about your privacy, reputation, dignity, financial status, and the security of the organisation that you are with.


That is interesting. Thanks for posting.