Advanced Ajax: Architectureand Best Practices

Paperback (Print)
Buy Used
Buy Used from BN.com
$26.47
(Save 41%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 95%)
Other sellers (Paperback)
  • All (28) from $1.99   
  • New (8) from $6.30   
  • Used (20) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$6.30
Seller since 2013

Feedback rating:

(401)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
PAPERBACK New 0131350641! ! KNOWLEDGE IS POWER! ! ENJOY OUR BEST PRICES! ! ! Ships Fast. All standard orders delivered within 5 to 12 business days.

Ships from: Southampton, PA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$6.30
Seller since 2014

Feedback rating:

(269)

Condition: New
PAPERBACK New 0131350641 XCITING PRICES JUST FOR YOU. Ships within 24 hours. Best customer service. 100% money back return policy.

Ships from: Bensalem, PA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$6.30
Seller since 2011

Feedback rating:

(720)

Condition: New
PAPERBACK New 0131350641 SERVING OUR CUSTOMERS WITH BEST PRICES. FROM A COMPANY YOU TRUST, HUGE SELECTION. RELIABLE CUSTOMER SERVICE! ! HASSLE FREE RETURN POLICY, SATISFACTION ... GURANTEED**** Read more Show Less

Ships from: Philadelphia, PA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$6.30
Seller since 2010

Feedback rating:

(684)

Condition: New
PAPERBACK New 0131350641! ! ! ! BEST PRICES WITH A SERVICE YOU CAN RELY! ! !

Ships from: Philadelphia, PA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$6.30
Seller since 2010

Feedback rating:

(914)

Condition: New
PAPERBACK New 0131350641 Friendly Return Policy. A+++ Customer Service!

Ships from: Philadelphia, PA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$6.50
Seller since 2009

Feedback rating:

(2356)

Condition: New
2007-10-25 Paperback 1 New 0131350641 Ships Within 24 Hours. Tracking Number available for all USA orders. Excellent Customer Service. Upto 15 Days 100% Money Back Gurantee. Try ... Our Fast! ! ! ! Shipping With Tracking Number. Read more Show Less

Ships from: Bensalem, PA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$6.97
Seller since 2007

Feedback rating:

(179)

Condition: New
Brand New. Remainder mark. Ship daily. Pack carefully. E-mail when shipped. 62B

Ships from: Denver, CO

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
$60.00
Seller since 2014

Feedback rating:

(146)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by

Overview

“I very much enjoyed how this book covers the full Ajax application lifecycle and not only coding techniques. Anyone who is looking to become a professional front-end developer will appreciate the architectural insight and best practices delivered by this book.”  — Andi Gutmans, Co-Founder & Co-Chief Technology Officer of Zend Technologies

 

Mission-Critical Ajax: Maximizing Scalability, Performance, Security, Reliability, and Maintainability

 

Advanced Ajax: Architecture and Best Practices is the definitive guide to building business-critical, production-quality Web applications with Ajax. Shawn M. Lauriat systematically addresses the design, architecture, and development issues associated with Ajax, offering proven patterns and robust code examples available in no other book. You’ll find best practices for addressing the full spectrum of issues enterprise Ajax developers face: scalability, performance, security, reliability, flexibility, maintainability, and reusability.

Writing for experienced Web developers, Lauriat delivers fresh ideas and elegant solutions: meaty technical content, presented with exceptional clarity. Among the many topics he covers in unprecedented depth: cleanly implementing JavaScript custom events to reduce coupling and to enhance flexibility; overcoming Ajax’s traditional accessibility limitations; reducing network latency through compression and other techniques; and much more. Coverage includes 

  • Planning Ajax interfaces for simplicity, clarity, and intuitiveness
  • Creating scalable, maintainable architectures for client-side JavaScript
  • Using thelatest tools to profile, validate, and debug client-side code
  • Architecting the server side for security and functionality, while restricting loaded data, objects, and actions to current requests
  • Protecting against the most widespread and significant Ajax security risks
  • Optimizing every component of an Ajax application, from server-side scripts to database interactions
  • Introducing cutting-edge Ajax: game development, Ajax with canvas, and Ajax for enterprise applications

About the Web Site

This book’s companion Web site (http://advancedajax.frozen-o.com) doesn’t just provide all the code: It shows code examples in action, as building blocks of a real Web application interface.

Read More Show Less

Product Details

  • ISBN-13: 9780131350649
  • Publisher: Prentice Hall
  • Publication date: 10/29/2007
  • Pages: 360
  • Product dimensions: 7.00 (w) x 9.22 (h) x 0.90 (d)

Meet the Author

Shawn M. Lauriat is owner and lead developer of Frozen O Productions. He recently joined IBM as a senior PHP engineer for IBM Rational BuildForge when his employer, BuildForge, was acquired by IBM. Lauriat is a Zend Certified Engineer.

Read More Show Less

Read an Excerpt

IntroductionIntroduction

As the centerpiece of rich web application development, Ajax brings web interfaces using XHTML and CSS up to desktop application interface standards without the interfaces having to rely on plugins such as Flash or Java. Prior to JavaScript-based server interactions, interfaces had to rely solely on full-page loading, regardless of how one might have hacked a page into appearing otherwise.

Until Ajax development came along (which, incidentally, started in implementation many years before the coining of the term itself), client-side development also had no thread support. Threading, in a nutshell, allows the spawning of new lines of logic, completely independent of those before, adjacent to, or after it. C, Java, Perl, and many other languages have had this support for many years (in some cases) before client-side scripting came along in any fashionable sense. The closest JavaScript had to offer came in the form of the setTimeout and setInterval library functions, which required delayed, seemingly parallel execution rather than the actual spawning of processes. While Ajax still does not provide true threading, it does bring JavaScript one step closer.0.1 Ajax, the Acronym

The words Asynchronous Javascript And

make the acronym Ajax. In order to fully understand Ajax in meaning and implementation, you must understand each of its components. Even when using synchronous requests, or using JSON or some other transportation method, knowing the core aspects of Ajax can only help development practices.

Since the initial boom in popularity and resulting hype surrounding Ajax, it can get quite easy to forget what Ajaxactually means and what it doesn't. Ajax does exist as an incredibly useful method of communicating with the server directly from JavaScript. It does not mean anything more than that, even if its usage can open up development methods previously unexplored in web application development.0.1.1 Asynchronous

When requests get submitted to the server, they have no direct impact on any other simultaneous or subsequential requests. In other words, just because a request gets submitted before another request does not in any way ensure that it will receive its response from the server first. Despite the seemingly simplistic concept, asynchronistic behavior in applications often gets ignored, because asynchronicity introduces an entirely new level of complexity to client-side development.

Many Ajax-based web applications use the asynchronous flag of the

object solely to handle network errors (sometime without even intending to do so) rather than to keep functionality enabled during a given request. While the direct JavaScript-to-server communication provided by the

forms the core of the technology, the asynchronous behavior it also can provide often plays the part of the unsung hero, as it brings a wealth of flexibility and strength to client-side web applications.0.1.2 JavaScript

JavaScript (based on ECMAScript,1 though possibly vice-versa depending on whom you ask) has many implementations, not only in various web browsers, but also in game development and other applications needing an easy-to-learn scripting language. This book focuses on the implementation of JavaScript in various web browsers. These implementations of JavaScript have a wide variety of incompatibilities, from Mozilla's SpiderMonkey2 to Safari's WebKit to Jscript and more.

***

1Ecma International, an industry association devoted to standardizing "Information and Communication Technology (ICT) and Consumer Electronics (CE)" (What is Ecma International, http://www.ecma-international.org/memento/index.html), maintains the ECMA-262 standard (http://www.ecma-international.org/publications/standards/Ecma-262.htm) which defines the scripting language of ECMAScript.
2http://developer.mozilla.org/en/docs/SpiderMonkey—The Gecko rendering engine's JavaScript engine written in C is used by Mozilla-based browsers such as Firefox (http://www.mozilla.com/products/firefox), SeaMonkey (http://www.mozilla.org/projects/seamonkey), Camino (http://www.caminobrowser.org), and Epiphany (http://www.gnome.org/projects/epiphany).

***

Those used to server-side development or OOP (Object-Oriented Programming) may initially get thrown off by JavaScript's prototype-based object model. This, in a very basic sense, means that functions and methods called within a certain object get called in the context of that object. This happens because rather than an instance having an explicit tie to its definition, its prototype merely lays out the basis for its structure and characteristics.

The JavaScript object,

(originally an ActiveX control created by Microsoft), provides the key to the entire technology conglomeration now referred to as Ajax. It provides an interface by which JavaScript can send and receive data to and from the server without requiring a full page load. Other methods exist for sending and receiving data, but they each use aspects of HTML and XHTML in ways other than designed, and, as such (while still useful in certain circumstances), they exist only as hacks.0.1.3

eXtensible Markup Language, as defined by the World Wide Web Consortium (W3C; http://w3.org), and provides a very flexible, generic text format. If that seems to be a rather broad description, it should be .

object provides another useful bit of functionality along with its HTTP methods: When the server returns

object provides the response

attribute, which is a read-only

Using

var1 and var2) each set to string values ("first value" and "second value," respectively), might look like the following:

<?

Many Ajax-driven web applications use other formats of transporting data to and from the server, including:

  • URL-encoded—Where data takes the form used by HTTP POST requests, as during a form submission such as var1=first%20value&var2=second%20value.
  • Raw text—Usually for very simple data, or when responses return the exact markup for the JavaScript to insert into the current document:

    <input type="text" name="var1" value="first value" /> <input type="text" name="var2" value="second value" />

  • JavaScript Object Notation (JSON)—An increasingly popular format, JSON formats data into a subset of raw JavaScript. This not only has the advantage of instant parsing by client-side code, but also it tends to take up less bandwidth than more verbose, globally understood formats such as

    { var1:"first value", var2:"second value" }

0.2 This Book's Intentions

Now that the technology has progressed into general usage, the Ajax developer community has a need for books covering architecture, tuning, alternative uses of Ajax, and more. Many books and tutorials have provided good introductions, and they can show you several different ways of implementing find-as-you-type, chat widgets, and RSS/ATOM feed readers. Many of the resources out there explain, in great detail, the history of Ajax and its multiple incarnations before today's and the implementation centered on the

JavaScript object. See Appendix A, "Resources," at the end of this book for some choice suggestions.

This book, instead, looks at using Ajax to create rich, browser-based interfaces for enterprise-level web applications, taking into account the flexibility, reusability, scalability, and maintainability necessary for such an undertaking. Ajax does not exist in this book as the latest and greatest acronym to hit web development. It instead exists as a tool like any other—extremely useful in some instances and totally wrong in others.

For example, many reference sites would find themselves hard-pressed to use Ajax for anything of particular value to their users. Manuals and other reference materials that have large blocks of text for the user to read might come up with an Ajax reader, allowing a single, scrollable pane that late-loads content as the user scrolls though it. This sounds cool, but it destroys the ability to search the page for a particular word or phrase. It also removes the ability to read something once you've lost your Internet connection. Some reference sites add auto-suggestions to their search fields, but those tend to react too slowly for general usage unless you pre-load the entire dictionary into the browser's memory, potentially wasting a great deal of bandwidth for a feature that only a few people might enjoy having at their disposal.

craigslist.org (see Figure 0.1) is a good example of a site that flourishes without a flashy or cluttered interface, and it has grown to provide largely free classified services and forums to 450 cities in 50 countries without so much as a single image on their main page, let alone rich application functionality. The site instead focuses on content and searching that content.

Figure 0.1
The default craigslist.org page.

By contrast, sites and web applications dealing with rapid browsing and editing of a large number of smaller items, or a large number of small, editable chunks of large items, flourish with Ajax usage. Google Maps (see Figure 0.2) brought everybody's attention to Ajax when it went public beta, and it uses Ajax to bring in a large number of images and metadata in chunks according to the user's interactions with the map. Web applications having a large number of transactions for a given set of elements, online games for example, save a lot of time and bandwidth by reusing the same interface multiple times to submit and display similar data.

Figure 0.2
Google Maps focusing on Austin, TX.

No matter what your project, you should know the options for reaching your goals, which options work the best, and why. Ajax has a lot of buzz around it, both positive and negative; what it really needs, instead, is a good, solid foundation for serious, real-world application development. The OpenAjax Alliance3 has started moving in this direction, building tools to prevent name collisions between Ajax toolkits and bringing companies and individuals together in an effort to promote stability, security, and interoperability between professional-grade toolkits.

***

3"The OpenAjax Alliance is an organization of leading vendors, open source projects, and companies using Ajax that are dedicated to the successful adoption of open and interoperable Ajax-based Web technologies. The prime objective is to accelerate customer success with Ajax by promoting a customer's ability to mix and match solutions from Ajax technology providers and by helping to drive the future of the Ajax ecosystem" (http://www.openajax.org).

***

This book covers the range of topics necessary to create a well-rounded application, regardless of the tools and technologies used. Many developers have created their own toolkits in order to abstract the actual Ajax communication layers and to speed development. Though none of the material here targets any particular toolkit, you easily could use many of those in development while still following each of the chapters.0.3 Prerequisites for This Book

Other Ajax books have spent so much time introducing the reader to all of the technologies involved (Apache, MySQL, PHP, XHTML, JavaScript, and of course the

object itself) that they have not had the opportunity to delve into more advanced topics and practices. This book takes advantage of what already has been written to assume a certain level of understanding, in order to examine and explore in detail the more intricate methods of designing a web application to use Ajax. Instead of looking at some of the available AJAX frameworks, this book takes a brief look at the more experimental uses, such as game development.

As such, if you have not already worked with Ajax or some form of server-side scripting language, database, or web server, you should probably read a book like Understanding Ajax (Eichorn, 2006), following along with the examples. While this Introduction establishes the technologies used and referenced later in the book, it does so only as a quick overview, just as a professor provides a quick overview during the first week of a semester to refresh your memory of last semester's course.

The example code in this book uses the following technologies for each application layer. You should have a general understanding of all of these before you begin reading this book:

  • Webserver—Apache's HTTPD (http://httpd.apache.org) version 2.0. As of this writing, the Apache foundation has released the 2.2.* branch as the primary stable branch. The example configuration directives in the book should carry over to the newer version without much deviation.
  • Database Server—MySQL Database Server 5.0 (http://dev.mysql.com/downloads/mysql/5.0.html). The 5.0.* branch introduces a wealth of useful functionality and stability over previous versions, including stored procedures, triggers, views, and strict mode. As of this writing, MySQL AB has released the 5.1 branch as a beta.
  • Server-Side Scripting—PHP 5.2 (http://www.php.net/releases/5_2_0.php). PHP 5.2 brings an input filtering extension, a JSON library enabled by default, greater ability to track file upload progress, vastly improved time zone handling, and more. While PHP 6 brings global Unicode support to PHP,4 along with cleaned-up functionality, closer integration of the new PDO database extensions, even more drastic improvements to the object model, and, for some reason, goto (in the form of named break statements), the PHP group has made it available only from source so far. It has much development left on it, but should see greater adoption rates than PHP5 has seen so far.
***

4PHP does not technically pay attention to the bytes of strings. It just regards them as a numbered list of bytes. While this has the benefit of passing UTF-8 strings through PHP (even without the Multi-byte String library) unharmed, side effects can show themselves in the strangest, often most devastating, places in your application.

***
  • Markup—XHTML 1.1 (http://www.w3.org/TR/xhtml11). While XHTML 2.0 has reached its eighth public working draft, XHTML 1.1 maintains HTML compatibility while strictly enforcing

    Content-type: text/html rather than application/xhtml+

    , as recommended by the W3C. Technically, the specification (http://www.w3.org/TR/xhtml-media-types) strongly recommends against using text/html with anything beyond HTML 4 or XHTML 1.0 (HTML compatible). However, it does not forbid it, as it does with the practice of using anything aside from text/html with HTML 4.

  • Style—CSS 2.1 (Cascading Style Sheets, level 2 revision 1, http://www.w3.org/TR/CSS21). CSS 3 introduces much of the styling and layout abilities asked for years ago and eagerly awaited by web designers; however, it has not reached a stable enough point for many of the browsers to support any more than some of the basics.5 Even with the much-anticipated release of Internet Explorer 7 (hereafter referred to as IE or IE7), IE still fails to completely support even the CSS 2.0 specification. The IE development team worked very hard to improve the state of IE's CSS support and, while they did a fantastic job, they didn't quite make it all the way there. Because many resources (http://css-discuss.incutio.com, http://blogs.msdn.com/ie, and many more) exist to cover the hacks and fixes necessary to force IE6 and IE7 to follow your design, this book will not go into detail of how to achieve complete, pixel-perfect, cross-browser designs.
***

5 Rounded borders, multiple background images, column layout, text shadows, and transparency have all made it into the Webkit project. As of this writing, the Mozilla Gecko engine and Opera's rendering engine both have implemented most of these.

***
  • Client-Side Scripting—This book will use JavaScript 1.5, together with the

    object, which currently exists only as an informally agreed upon object and the very beginnings of a specification (http://www.w3.org/TR/

    as part of the Web API Working Group's activities). Many Ajax-type web applications and sites use Adobe Flash for text and

    object does not exist in ActionScript, and the working DOM differs, much of the other sample code should look very familiar and easy to follow.

Familiarity, at least to the point of understanding enough to port the code into your language of choice, will definitely help, though this book aims to provide the methodologies, architectures, and patterns that you can implement in your own rich web application, no matter what technology you use to drive it. The technologies listed previously have several benefits. The organizations behind them have made them freely available for download and use on a wide range of platforms and have tested them in a wide range of browsers. In addition, the technologies have large user bases and online communities ready and willing to assist you if you run into any problems.

© Copyright Pearson Education. All rights reserved.

Read More Show Less

Table of Contents

Acknowledgments ......................................................................................................... xiii

About the Author ............................................................................................................xv

Introduction ............................................................................................... 1

0.1 Ajax, the Acronym .............................................................................. 2

 0.1.1 Asynchronous.......................................................................... 3

 0.1.2 JavaScript ................................................................................ 3

 0.1.3

0.2 This Book’s Intentions ........................................................................ 5

0.3 Prerequisites for This Book ................................................................. 8

Chapter 1 Usability ................................................................................................11

1.1 Interface Versus Showcase ................................................................. 12

 1.1.1 Implementation .................................................................... 14

1.2 User Expectations ............................................................................. 16

1.3 Indicators and Other Forms of User Feedback .................................. 17

 1.3.1 The Throbber ........................................................................ 17

 1.3.2 Progress Indicators ................................................................ 20

 1.3.3 Keeping the User in the Loop................................................ 22

1.4 Semantic Markup ............................................................................. 30  

 1.4.1 More Accessible ..................................................................... 30

 1.4.2 Easier to Use ......................................................................... 32

 1.4.3 Easier to Maintain ................................................................. 33

 1.4.4 Easier to Parse ....................................................................... 34

1.5 What CSS and JavaScript Have in Common .................................... 37

Chapter 2 Accessibility ..........................................................................................43

2.1 WCAG and Section 508 ................................................................... 44

 2.1.1 WCAG ................................................................................ 45

 2.1.2 Section 508 ........................................................................... 51

2.2 Screen Readers Can Handle Ajax ...................................................... 53

 2.2.1 Content Replacement ........................................................... 54

 2.2.2 Form Validation .................................................................... 55

2.3 Unobtrusive Ajax .............................................................................. 56

2.4 Designing with Accessibility in Mind ................................................ 58

 2.4.1 High-Contrast Design ........................................................... 59

 2.4.2 Zoomable Interface ............................................................... 60

 2.4.3 Easily Targeted Controls ........................................................ 62

2.5 WAI-ARIA ........................................................................................ 63

Chapter 3 Client-Side Application Architecture ....................................................67

3.1 Objects and Event Triggering ............................................................ 68

 3.1.1 Native Object Event Handling .............................................. 70

 3.1.2 JavaScript Objects ................................................................. 71

3.2 Model-View-Controller Design Pattern ............................................ 87

 3.2.1 The Model ............................................................................ 88

 3.2.2 The View .............................................................................. 92

 3.2.3 The Controller .................................................................... 101

3.3 Event-Driven Application Development ......................................... 104

 3.3.1 Advantages of Architecture .................................................. 104

Chapter 4 Debugging Client-Side Code ..............................................................107

4.1 Validation, Validation, Validation .................................................... 108

 4.1.1 Markup Validator ................................................................ 109

 4.1.2 CSS Validator ...................................................................... 110

 4.1.3 Semantic Extractor .............................................................. 111

4.2 Browser Tools and Plugins .............................................................. 111

 4.2.1 The Console ........................................................................ 112

 4.2.2 Internet Explorer ................................................................. 113

 4.2.3 Firefox ................................................................................. 116

 4.2.4 Opera .................................................................................. 122

 4.2.5 Safari ................................................................................... 124

4.3 JavaScript Profiling ......................................................................... 126

 4.3.1 Recognizing Bottlenecks ...................................................... 128

4.4 Unit Testing .................................................................................... 132

 4.4.1 Assertions ............................................................................ 134

 4.4.2 Test Setup ............................................................................ 135

 4.4.3 The Test Itself ...................................................................... 137

 4.4.4 Mock Objects ...................................................................... 140

 4.4.5 Test Suites ........................................................................... 143

Chapter 5 Performance Optimization ..................................................................145

5.1 Database Performance ..................................................................... 146

 5.1.1 Schema ............................................................................... 146

 5.1.2 Queries ............................................................................... 150

5.2 Bandwidth and Latency .................................................................. 154

 5.2.1 Bandwidth .......................................................................... 154

 5.2.2 Latency ............................................................................... 158

5.3 Cache.............................................................................................. 160

 5.3.1 Filesystem............................................................................ 161

 5.3.2 Memory .............................................................................. 163

 5.3.3 Completing the Implementation ......................................... 170

5.4 Taking Advantage of HTTP/1.1 ..................................................... 171

 5.4.1 If-Modified-Since ................................................................ 174

 5.4.2 Range .................................................................................. 176

5.5 PHP Profiling ................................................................................. 178

 5.5.1 Advanced PHP Debugger .................................................... 179

 5.5.2 Xdebug ............................................................................... 182

Chapter 6 Scalable, Maintainable Ajax ................................................................187

6.1 General Practices ............................................................................. 188

 6.1.1 Processor Usage ................................................................... 188

 6.1.2 Memory Usage .................................................................... 191

6.2 A Multitude of Simple Interfaces .................................................... 194

 6.2.1 Modularity .......................................................................... 195

 6.2.2 Late Loading ....................................................................... 198

6.3 Dense, Rich Interfaces .................................................................... 201  

 6.3.1 Monolithic Applications ...................................................... 201

 6.3.2 Preloading ........................................................................... 204

Chapter 7 Server-Side Application Architecture ..................................................207

7.1 Designing Applications for Multiple Interfaces ............................... 208

7.2 Model-View-Controller Design Pattern .......................................... 212

 7.2.1 The Model .......................................................................... 212

 7.2.2 The Controller .................................................................... 222

 7.2.3 The View ............................................................................ 231

7.3 Using the Factory Pattern with Your Template Engine .................... 237

Chapter 8 Keeping a Web Application Secure ......................................................243

8.1 HTTPS .......................................................................................... 244

 8.1.1 Why Use HTTPS? .............................................................. 245

 8.1.2 Security Versus Performance ................................................ 247

8.2 SQL Injection ................................................................................. 247

 8.2.1 Don’t Use Magic Quotes ..................................................... 248

 8.2.2 Filtering .............................................................................. 249

 8.2.3 Prepared Statements ............................................................ 251

8.3 XSS ................................................................................................. 252

 8.3.1 Escaping for Markup ........................................................... 252

 8.3.2 Escaping for URLs .............................................................. 257

8.4 CSRF .............................................................................................. 258

 8.4.1 Check the Referer ................................................................ 259

 8.4.2 Submit an Additional Header .............................................. 261

 8.4.3 Secondary, Random Tokens ................................................. 262

8.5 Don’t Trust the User ........................................................................ 265

8.6 Don’t Trust the Server ..................................................................... 266

Chapter 9 Documenting ......................................................................................271

9.1 Yes, You Need to Document ........................................................... 272

 9.1.1 Jog Your Own Memory ....................................................... 272

 9.1.2 Lessen the Learning Curve .................................................. 274

 9.1.3 Mind That Bus .................................................................... 274

9.2 API Documentation ........................................................................ 275

 9.2.1 phpDocumentor ................................................................. 275

 9.2.2 JSDoc ................................................................................. 283

9.3 Internal Developer Documentation ................................................ 288

 9.3.1 Coding Standards ................................................................ 289

 9.3.2 Programming Guides ...................................................... 293

 9.3.3 Style Guides .................................................................... 295

Chapter 10 Game Development...........................................................................297

10.1 A Different Kind of Security ...................................................... 299

 10.1.1 Validation ..................................................................... 300

 10.1.2 Server-Side Logic .......................................................... 302

10.2 Single Player ............................................................................... 304

 10.2.1 Double Buffering with Canvas ...................................... 305

10.3 “Real-Time” Multiplayer ............................................................. 310

 10.3.1 Streaming Response ...................................................... 310

 10.3.2 WHATWG event-source Element ................................ 315

 10.3.3 Predictive Animation .................................................... 317

Chapter 11 Conclusions ......................................................................................321

11.1 Remember the Users ................................................................... 322

11.2 Design for the Future .................................................................. 323

11.3 Develop for the Future................................................................ 324

Bibliography ..........................................................................................................325

Appendix A Resources ..........................................................................................329

Appendix A OpenAjax ..........................................................................................333

Conformance ......................................................................................... 334

Namespace Registration ......................................................................... 337

Event Management ................................................................................ 338

Index ......................................................................................................................341

Read More Show Less

Preface

Introduction

Introduction

As the centerpiece of rich web application development, Ajax brings web interfaces using XHTML and CSS up to desktop application interface standards without the interfaces having to rely on plugins such as Flash or Java. Prior to JavaScript-based server interactions, interfaces had to rely solely on full-page loading, regardless of how one might have hacked a page into appearing otherwise.

Until Ajax development came along (which, incidentally, started in implementation many years before the coining of the term itself), client-side development also had no thread support. Threading, in a nutshell, allows the spawning of new lines of logic, completely independent of those before, adjacent to, or after it. C, Java, Perl, and many other languages have had this support for many years (in some cases) before client-side scripting came along in any fashionable sense. The closest JavaScript had to offer came in the form of the setTimeout and setInterval library functions, which required delayed, seemingly parallel execution rather than the actual spawning of processes. While Ajax still does not provide true threading, it does bring JavaScript one step closer.

0.1 Ajax, the Acronym

The words Asynchronous Javascript And XML make the acronym Ajax. In order to fully understand Ajax in meaning and implementation, you must understand each of its components. Even when using synchronous requests, or using JSON or some other transportation method, knowing the core aspects of Ajax can only help development practices.

Since the initial boom in popularity and resulting hype surrounding Ajax, it can get quite easy to forget what Ajax actually means and what it doesn't. Ajax does exist as an incredibly useful method of communicating with the server directly from JavaScript. It does not mean anything more than that, even if its usage can open up development methods previously unexplored in web application development.

0.1.1 Asynchronous

When requests get submitted to the server, they have no direct impact on any other simultaneous or subsequential requests. In other words, just because a request gets submitted before another request does not in any way ensure that it will receive its response from the server first. Despite the seemingly simplistic concept, asynchronistic behavior in applications often gets ignored, because asynchronicity introduces an entirely new level of complexity to client-side development.

Many Ajax-based web applications use the asynchronous flag of the XMLHttpRequest object solely to handle network errors (sometime without even intending to do so) rather than to keep functionality enabled during a given request. While the direct JavaScript-to-server communication provided by the XMLHttpRequest forms the core of the technology, the asynchronous behavior it also can provide often plays the part of the unsung hero, as it brings a wealth of flexibility and strength to client-side web applications.

0.1.2 JavaScript

JavaScript (based on ECMAScript,1 though possibly vice-versa depending on whom you ask) has many implementations, not only in various web browsers, but also in game development and other applications needing an easy-to-learn scripting language. This book focuses on the implementation of JavaScript in various web browsers. These implementations of JavaScript have a wide variety of incompatibilities, from Mozilla's SpiderMonkey2 to Safari's WebKit to Jscript and more.


1Ecma International, an industry association devoted to standardizing "Information and Communication Technology (ICT) and Consumer Electronics (CE)" (What is Ecma International, http://www.ecma-international.org/memento/index.html), maintains the ECMA-262 standard (http://www.ecma-international.org/publications/standards/Ecma-262.htm) which defines the scripting language of ECMAScript.
2http://developer.mozilla.org/en/docs/SpiderMonkey—The Gecko rendering engine's JavaScript engine written in C is used by Mozilla-based browsers such as Firefox (http://www.mozilla.com/products/firefox), SeaMonkey (http://www.mozilla.org/projects/seamonkey), Camino (http://www.caminobrowser.org), and Epiphany (http://www.gnome.org/projects/epiphany).


Those used to server-side development or OOP (Object-Oriented Programming) may initially get thrown off by JavaScript's prototype-based object model. This, in a very basic sense, means that functions and methods called within a certain object get called in the context of that object. This happens because rather than an instance having an explicit tie to its definition, its prototype merely lays out the basis for its structure and characteristics.

The JavaScript object, XMLHttpRequest (originally an ActiveX control created by Microsoft), provides the key to the entire technology conglomeration now referred to as Ajax. It provides an interface by which JavaScript can send and receive data to and from the server without requiring a full page load. Other methods exist for sending and receiving data, but they each use aspects of HTML and XHTML in ways other than designed, and, as such (while still useful in certain circumstances), they exist only as hacks.

0.1.3 XML

XML stands for eXtensible Markup Language, as defined by the World Wide Web Consortium (W3C; http://w3.org), and provides a very flexible, generic text format. If that seems to be a rather broad description, it should be .XML now uses spanning data storage, communication, definition, description, and presentation. In Ajax, XML refers to data transportation. The XMLHttpRequest object provides another useful bit of functionality along with its HTTP methods: When the server returns XML, the XMLHttpRequest object provides the responseXML attribute, which is a read-only XML document of the response.

Using XML, a very simple response from the server, with two named variables (var1 and var2) each set to string values ("first value" and "second value," respectively), might look like the following:

first value second value

Many Ajax-driven web applications use other formats of transporting data to and from the server, including:

  • URL-encoded—Where data takes the form used by HTTP POST requests, as during a form submission such as var1=first%20value&var2=second%20value.
  • Raw text—Usually for very simple data, or when responses return the exact markup for the JavaScript to insert into the current document:

  • JavaScript Object Notation (JSON)—An increasingly popular format, JSON formats data into a subset of raw JavaScript. This not only has the advantage of instant parsing by client-side code, but also it tends to take up less bandwidth than more verbose, globally understood formats such as XML. In addition, it does so without losing the data structure as URL-encoded value pairs do:

    { var1:"first value", var2:"second value" }

0.2 This Book's Intentions

Now that the technology has progressed into general usage, the Ajax developer community has a need for books covering architecture, tuning, alternative uses of Ajax, and more. Many books and tutorials have provided good introductions, and they can show you several different ways of implementing find-as-you-type, chat widgets, and RSS/ATOM feed readers. Many of the resources out there explain, in great detail, the history of Ajax and its multiple incarnations before today's and the implementation centered on the XMLHttpRequest JavaScript object. See Appendix A, "Resources," at the end of this book for some choice suggestions.

This book, instead, looks at using Ajax to create rich, browser-based interfaces for enterprise-level web applications, taking into account the flexibility, reusability, scalability, and maintainability necessary for such an undertaking. Ajax does not exist in this book as the latest and greatest acronym to hit web development. It instead exists as a tool like any other—extremely useful in some instances and totally wrong in others.

For example, many reference sites would find themselves hard-pressed to use Ajax for anything of particular value to their users. Manuals and other reference materials that have large blocks of text for the user to read might come up with an Ajax reader, allowing a single, scrollable pane that late-loads content as the user scrolls though it. This sounds cool, but it destroys the ability to search the page for a particular word or phrase. It also removes the ability to read something once you've lost your Internet connection. Some reference sites add auto-suggestions to their search fields, but those tend to react too slowly for general usage unless you pre-load the entire dictionary into the browser's memory, potentially wasting a great deal of bandwidth for a feature that only a few people might enjoy having at their disposal.

craigslist.org (see Figure 0.1) is a good example of a site that flourishes without a flashy or cluttered interface, and it has grown to provide largely free classified services and forums to 450 cities in 50 countries without so much as a single image on their main page, let alone rich application functionality. The site instead focuses on content and searching that content.

Figure 0.1
The default craigslist.org page.

By contrast, sites and web applications dealing with rapid browsing and editing of a large number of smaller items, or a large number of small, editable chunks of large items, flourish with Ajax usage. Google Maps (see Figure 0.2) brought everybody's attention to Ajax when it went public beta, and it uses Ajax to bring in a large number of images and metadata in chunks according to the user's interactions with the map. Web applications having a large number of transactions for a given set of elements, online games for example, save a lot of time and bandwidth by reusing the same interface multiple times to submit and display similar data.

Figure 0.2
Google Maps focusing on Austin, TX.

No matter what your project, you should know the options for reaching your goals, which options work the best, and why. Ajax has a lot of buzz around it, both positive and negative; what it really needs, instead, is a good, solid foundation for serious, real-world application development. The OpenAjax Alliance3 has started moving in this direction, building tools to prevent name collisions between Ajax toolkits and bringing companies and individuals together in an effort to promote stability, security, and interoperability between professional-grade toolkits.


3"The OpenAjax Alliance is an organization of leading vendors, open source projects, and companies using Ajax that are dedicated to the successful adoption of open and interoperable Ajax-based Web technologies. The prime objective is to accelerate customer success with Ajax by promoting a customer's ability to mix and match solutions from Ajax technology providers and by helping to drive the future of the Ajax ecosystem" (http://www.openajax.org).


This book covers the range of topics necessary to create a well-rounded application, regardless of the tools and technologies used. Many developers have created their own toolkits in order to abstract the actual Ajax communication layers and to speed development. Though none of the material here targets any particular toolkit, you easily could use many of those in development while still following each of the chapters.

0.3 Prerequisites for This Book

Other Ajax books have spent so much time introducing the reader to all of the technologies involved (Apache, MySQL, PHP, XHTML, JavaScript, and of course the XMLHttpRequest object itself) that they have not had the opportunity to delve into more advanced topics and practices. This book takes advantage of what already has been written to assume a certain level of understanding, in order to examine and explore in detail the more intricate methods of designing a web application to use Ajax. Instead of looking at some of the available AJAX frameworks, this book takes a brief look at the more experimental uses, such as game development.

As such, if you have not already worked with Ajax or some form of server-side scripting language, database, or web server, you should probably read a book like Understanding Ajax (Eichorn, 2006), following along with the examples. While this Introduction establishes the technologies used and referenced later in the book, it does so only as a quick overview, just as a professor provides a quick overview during the first week of a semester to refresh your memory of last semester's course.

The example code in this book uses the following technologies for each application layer. You should have a general understanding of all of these before you begin reading this book:

  • Webserver—Apache's HTTPD (http://httpd.apache.org) version 2.0. As of this writing, the Apache foundation has released the 2.2.* branch as the primary stable branch. The example configuration directives in the book should carry over to the newer version without much deviation.
  • Database Server—MySQL Database Server 5.0 (http://dev.mysql.com/downloads/mysql/5.0.html). The 5.0.* branch introduces a wealth of useful functionality and stability over previous versions, including stored procedures, triggers, views, and strict mode. As of this writing, MySQL AB has released the 5.1 branch as a beta.
  • Server-Side Scripting—PHP 5.2 (http://www.php.net/releases/5_2_0.php). PHP 5.2 brings an input filtering extension, a JSON library enabled by default, greater ability to track file upload progress, vastly improved time zone handling, and more. While PHP 6 brings global Unicode support to PHP,4 along with cleaned-up functionality, closer integration of the new PDO database extensions, even more drastic improvements to the object model, and, for some reason, goto (in the form of named break statements), the PHP group has made it available only from source so far. It has much development left on it, but should see greater adoption rates than PHP5 has seen so far.

4PHP does not technically pay attention to the bytes of strings. It just regards them as a numbered list of bytes. While this has the benefit of passing UTF-8 strings through PHP (even without the Multi-byte String library) unharmed, side effects can show themselves in the strangest, often most devastating, places in your application.


  • Markup—XHTML 1.1 (http://www.w3.org/TR/xhtml11). While XHTML 2.0 has reached its eighth public working draft, XHTML 1.1 maintains HTML compatibility while strictly enforcing XML, modules, and the progression to XHTML 2.0. Unfortunately, Internet Explorer does not really support XHTML; rather, it renders it as HTML. This does make quite a difference and holds many developers back from fully embracing the XHTML modules available to them. As such, the markup directly rendered in the browser will have Content-type: text/html rather than application/xhtml+xml, as recommended by the W3C. Technically, the specification (http://www.w3.org/TR/xhtml-media-types) strongly recommends against using text/html with anything beyond HTML 4 or XHTML 1.0 (HTML compatible). However, it does not forbid it, as it does with the practice of using anything aside from text/html with HTML 4.
  • Style—CSS 2.1 (Cascading Style Sheets, level 2 revision 1, http://www.w3.org/TR/CSS21). CSS 3 introduces much of the styling and layout abilities asked for years ago and eagerly awaited by web designers; however, it has not reached a stable enough point for many of the browsers to support any more than some of the basics.5 Even with the much-anticipated release of Internet Explorer 7 (hereafter referred to as IE or IE7), IE still fails to completely support even the CSS 2.0 specification. The IE development team worked very hard to improve the state of IE's CSS support and, while they did a fantastic job, they didn't quite make it all the way there. Because many resources (http://css-discuss.incutio.com, http://blogs.msdn.com/ie, and many more) exist to cover the hacks and fixes necessary to force IE6 and IE7 to follow your design, this book will not go into detail of how to achieve complete, pixel-perfect, cross-browser designs.

5 Rounded borders, multiple background images, column layout, text shadows, and transparency have all made it into the Webkit project. As of this writing, the Mozilla Gecko engine and Opera's rendering engine both have implemented most of these.


  • Client-Side Scripting—This book will use JavaScript 1.5, together with the XMLHttpRequest object, which currently exists only as an informally agreed upon object and the very beginnings of a specification (http://www.w3.org/TR/XMLHttpRequest as part of the Web API Working Group's activities). Many Ajax-type web applications and sites use Adobe Flash for text and XML communication with the server; however, Flash development gets too specific for coverage in this book. Many of the same principles and much of the architecture covered still apply, but the implementation differs. ActionScript, also an ECMAScript implementation, actually shares the syntax, object model, and often even its development tools with JavaScript, so while the XMLHttpRequest object does not exist in ActionScript, and the working DOM differs, much of the other sample code should look very familiar and easy to follow.

Familiarity, at least to the point of understanding enough to port the code into your language of choice, will definitely help, though this book aims to provide the methodologies, architectures, and patterns that you can implement in your own rich web application, no matter what technology you use to drive it. The technologies listed previously have several benefits. The organizations behind them have made them freely available for download and use on a wide range of platforms and have tested them in a wide range of browsers. In addition, the technologies have large user bases and online communities ready and willing to assist you if you run into any problems.

© Copyright Pearson Education. All rights reserved.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted December 18, 2008

    No text was provided for this review.

Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)