While the object may undergo interim state changes during its creation and

While the object may undergo interim state changes

This preview shows page 21 - 26 out of 68 pages.

While the object may undergo interim state changes during its creation and processing, the value that signals the completion of the transaction is 4. Access data returned from the server via the responseText or responseXML properties. The former provides only a string representation of the data. More powerful, however, is the XML document object in the responseXML property. This object is a full-fledged document node object (a DOM nodeType of 9), which can be examined and parsed using W3C Document Object Model (DOM) node tree methods and properties. Note, however, that this is an XML, rather than HTML, document, meaning that you cannot count on the DOM's HTML module methods and properties. This is not really a restriction because the Core DOM module gives you ample ways of finding element nodes, element attribute values, and text nodes nested inside elements.
Image of page 21
© 2007-2015 Marco Papa & Ellis Horowitz 22 onreadystatechange Event Handler Function function processReqChange() { // only if req shows "loaded" if (req.readyState == 4) { // only if "OK" if (req.status == 200) { // processing statements req.responseText // and req.responseXML go here... } else { alert("There was a problem retrieving the XML data:\n" + req.statusText); } } }
Image of page 22
© 2007-2015 Marco Papa & Ellis Horowitz 23 Security Issues When the XMLHttpRequest object operates within a browser, it adopts the same-domain security policies of typical JavaScript activity (sharing the same "sandbox," as it were). First, on most browsers supporting this functionality, the page that bears scripts accessing the object needs to be retrieved via http: protocol, meaning that you won't be able to test the pages from a local hard disk (file: protocol) without some extra security issues cropping up, especially in Mozilla and IE on Windows. Second, the domain of the URL request destination must be the same as the one that serves up the page containing the script. This means, unfortunately, that client-side scripts cannot fetch web service data from other sources, and blend that data into a page. Everything must come from the same domain.
Image of page 23
© 2007-2015 Marco Papa & Ellis Horowitz 24 AJAX Cross Domain Security For security reasons, scripts are only allowed to access data which comes from the same domain The one exception is for images: images can come from any domain, without any security risk. This is why all the mash-up applications involve images They simply would not be possible for other kinds of data browser browser
Image of page 24
© 2007-2015 Marco Papa & Ellis Horowitz 25 Cross-domain Restrictions and A Solution Browser security restrictions prevent your web application from opening network connections to domains other than the one your application came from. For example, suppose your web application wants to use data both from your site and from Yahoo!; normally this is not possible as it is a violation of browser cross-domain security policy.
Image of page 25
Image of page 26

You've reached the end of your free preview.

Want to read all 68 pages?

  • Fall '07
  • Papa
  • Ajax, Ellis Horowitz, Marco Papa

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture