Multithreaded

Here’s an interesting proposal from Doug Crockford at json.org that would allow javascript apps to connect to sites other than the one they were loaded from in order to retrieve data. He is appealing to browser makers to incorporate it into future versions.

XMLHTTPRequests, and in fact any form of HTTP request, to sites other than that from which the page was loaded are forbidden by browsers as they pose a security risk. HTTP requests carry the cookies from the original site which means that requests to other sites would be able to see those cookies.

The proposed JSONRequest would not send cookies and can only send and received JSON encoded data. JSON is an IETF RFC that specifies a subset of JavaScript that only allows data to be encoded, not functions, so there is no danger in eval()’ing the returned data. The only downside I see with this is that if you want to get data from an authenticated connection on the originating server then you have to use XMLHTTPRequest which makes access a bit inconsistent. It would be useful if JSONRequests to the originating site included the cookies, but requests to other sites did not.

I have used JSON since I started working with Ajax since it seems much more logical and a lot simpler and faster than passing XML around and parsing it. There are good libraries available for many languages that make it easy to process on the server side and on the client side it is just a matter of running eval() on the JSON string to get a JavaScript object.

Technorati Tags: javascript, json