Speed Up Your AJAX-based Apps with JSON : Page 4

Find out how to improve your Web application performance by leveraging AJAX and JSON. In particular, you'll see the advantages of using JSON over XML as a lightweight JavaScript data-interchange format.

by Alessandro Lacava

Oct 6, 2006

Page 4 of 4

Security Concerns and JSON Support in Other Languages
You've seen that parsing a JSON string is as simple as using the eval function. The problem with this function is that it executes any JavaScript code! This can be potentially dangerous if you're not sure where the data comes from, and is particularly dangerous when it comes from third parties and not from the same Web server. In such cases you should use a JSON parser rather than the built-in JavaScript eval command. A JSON parser accepts only JSON text (not any JavaScript) so it is much safer. Obtaining a JSON parser is simple for most languages. The official JSON Web site offers APIs for most languages, including PHP, Java and C# that you can use to parse JSON text without difficulty, with one or two lines of code. To parse JSON text safely on the client-side, you can use this open-source JavaScript implementation of a JSON parser. Even when you add a separate parser, the process stays very simple. Indeed, to encode and decode JSON text you just need a couple of lines of code.

For example, to convert from JSON text into JavaScript code you use the parseJSON method:

   var myObject = myJSONtext.parseJSON();

And to serialize a JavaScript data structure into JSON text you use the toJSONString method:

   var myJSONText = myObject.toJSONString();

The latter function also takes care of escaping double quotes and other embedded special characters during the conversion.

In this article you've seen how JSON can simplify the code of your AJAX Web applications. The sample app showed how you can develop a highly-customizable news ticker that implements the Observer Pattern in JavaScript. This pattern lets you extend the application easily. For example, you could create another observer component that displays the news items using a time interval. To do that, you would just need to create another JavaScript class and add the logic to its update method that receives a JavaScript array representing the news. Then you can add this new observer object to the observee, ContentRetriever. One way would be by passing it to the ContentRetriever's constructor:

   var marquee = new Marquee(...);
   var newTicker = new NewTicker(...);
   var contentRetriever = new ContentRetriever("./tickerDataRetriever.php", [marquee, newTicker]);
   ...
   contentRetriever.getContent();

Another way would be to add the observer using the ContentRetriever's attach method:

   var marquee = new Marquee(...);
   var contentRetriever = new ContentRetriever("./tickerDataRetriever.php", [marquee]);
   ...
   var newTicker = new NewTicker(...);
   contentRetriever.attach(newTicker);
   ...
   contentRetriever.getContent();

Running the Sample Code
This article touched many areas (JSON, AJAX, JavaScript, Observer Pattern, CSS), making it impossible to examine each and every line of code thoroughly. However, you can freely download the fully-commented code for this article and inspect the remaining code yourself. One last note. The PHP code for this article needs to be run on a Web server—Apache HTTP Server will do. If, for example, you put the code within the Ticker folder you would call it using a similar URL:

   http://localhost/Ticker/demo.htm

Of course you will need to change the preceding URL to match your environment.

Alessandro Lacava is a software developer and technical writer based in Italy. He is mainly interested in Java and .NET technologies, Web applications and telecommunication systems. Alessandro holds a degree in telecommunications engineering. You can reach him via his Web site.

« Previous Page 1 2 34