A Grumpier Ajaxian

Figured I’d jump in on this blog, as I’ve got itches to scratch.

I’m the author of JPSpan, a toolkit for hooking up PHP and Javascript via XMLHttpRequest. The ideas behind JPSpan were originally conceived back in April 2004, as blogged here and the first release announced in September 2004, albeit under a different name. So while I don’t have the same stomping rights as Brent Ashley, author or JSRS, figure I’m a “pre-Ajaxian”, with mixed feelings about the hype surrounding the term, although JPSpan itself more or less fits into Jesse Ruderman’s definition or AJAX.

That’s not to say I’m going to get stuck on whether the term or the hype is good or bad. Think the end effect is positive – what AJAX potentially enables is “better” web applications for end users and with so many eyes and brains now focused on solving AJAX related problems, the odds of solving them are good.

Where I do want to get grumpy is on more practical matters. What bothers me, amongst all the talk going on about AJAX right now, is I see very little discussion of what are, to me, the most critical issues.

Alex Bosworth raised a number of good points in AJAX mistakes but found myself wanting to insert some at the top of the list;

  1. Assuming the network is reliable: have you seen what a synchronous XMLHttpRequest does to IE when you have high network latency? The Sourceforge web services have periods of extreme latency – next time you happen to notice it, try the sync requests here. And what about async requests that vanish into the void? Data loss?
  2. Leaving Security as an Afterthought: many of the the AJAX examples (like Google Suggest) and toolkits (JPSpan included) are delivering server responses in the form of eval()-able Javascript. The technical reasons for doing this are good but what’s the implications here for XSS? More generally, have we asked enough questions about security issues with AJAX? Sam Ruby was on the case here, as Alex Bosworth highlighted, and this was an obscure enough issue to later catch out many you would expect to know better. What else is lurking? AJAX implies you’ll likely be storing some degree of (traditionally) server-side data in Javascript variables on the client. How do you feel about this?

    var ccNum = AJAX.getCreditCardNumber(userId);
  3. Regarding Javascript as a robust application development platform: Javascript today is about where it should have been when the term DHTML was coined. The Javascript implementations across the current versions Internet Explorer, Mozilla, Safari / Konqueror and Opera are more or less solid and and similar enough to have taken the pain out of DHTML. That’s not to say it’s a bad language as a concept – it isn’t. And when I look at the source of prototype, I’m impressed – love the way Try.these() works.

    But AJAX introduces a whole new set of demands and issues, such as garbage collection , perhaps features like threading (comment from Anjan Bachuu nails it), libraries for common problems and a greater need for optimizing and profiling. Mozilla is definitely leading the field here with spidermonkey and Venkman, perhaps because they’ve committed themselves to Javascript with the whole XUL / XPCOM deal but the other camp has this to say;

    “JScript was designed for simple scripts on simple web pages, not large-scale software.”

    The high level view is probably don’t expect significant AJAX development to deliver on time right now.

Anyway – that’s a hint at where I’m coming from. Will be aiming to push out some more constructive grumpiness over time.

4 Responses to A Grumpier Ajaxian
  1. […] ard and puts it in far more succinct terms than I’ve been cautiously trying to do in some of these blogs. The more I think about it, the more it’s clear that some k […]

  2. AJAX: what’s a session? - Ajax Blog
    May 27, 2005 | 6:26 am

    […] ly. AJAX: what’s a session? As I mentioned here, my concern about the buzz surrounding AJAX is not what’s being said but wh […]

  3. sbraford
    May 25, 2005 | 1:43 pm

    Jeez… I just posted a huge reply comment but it got toasted.

    Welcome to the conversation here, harry. I’m a big fan of your work (phpPatterns, JPSpan, etc).

    (will retype my comment later hopefully!)

  4. sbraford
    May 25, 2005 | 1:40 pm