http://www.spinellis.gr/pubs/Breview/2006-CR-Ajax/html/review.html This is an HTML rendering of a working paper draft that led to a publication. The publication should always be cited in preference to this draft using the following reference: The document's metadata is available in BibTeX format. Find the publication on Google Scholar This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder. Diomidis Spinellis Publications |
Dave Crane, Eric Pascarello and Darren James
Ajax in Action
Manning, Greenwich, CT, 2006
650 pp.
When I first used Google's maps (http:// maps.google.com) I thought: "How did they make a web page behave like an application? These people are wizards!" It turns out that the ingredient behind this wizardry goes by the name of Ajax, which stands for asynchronous JavaScript and XML. The main elements of Ajax have been with us for years. Ajax developers use HTML and the document object model (DOM) for specifying a page's composition, cascading style sheets (CSS) for describing its visual styling, JavaScript running on the web client for programming the user interactions, and XML delivered asynchronously by server-side applications for obtaining the data to display. However, the power of this model has only recently been appreciated, and now captivating Ajax applications are springing up over the web like mushrooms.
Because Ajax is a conglomeration of disparate technologies, rather than a development framework designed from the ground up, one needs authoritative guidance on every aspect of an application. Ajax in Action delivers this guidance, in the form of recipes for implementing specific features. The book is roughly divided into four parts. The first is an introduction of the key elements behind Ajax. The authors here make an interesting distinction between a transient usage pattern (for example buying a book on-line) that can be satisfied with the traditional page-based web interaction, and the so-called sovereign usage patterns (for example reading email) that capture the user's attention span for an extended period of time. These require a more fluid interaction than that achievable through the monolithic pages delivered by traditional web applications, and are the ideal ground for using Ajax. The second part of the book presents the code techniques behind Ajax programming, while the third one focuses on satisfying non-functional properties: usability, security, performance. The book's final part provides four complete examples of sophisticated interactions implemented in Ajax: the dynamic updating of combo boxes, type-ahead suggestion, a portal, search with animation, and a stand-alone browser for RSS (really simple syndication) feeds. The book also contains three valuable appendices providing advice for an Ajax developer's toolkit, an introduction to JavaScript, and an annotated listing of Ajax frameworks and libraries The writing's conversational style is generally clear. The authors typically present the code in a bare-bones fashion, and then refactor it into a reusable form liberally resorting to annotated listings and figures to explain the code's functionality. Unfortunately, in a number of cases the authors focus on the trees and fail to show us the forest. We're thus given a number of techniques for structuring JavaScript code around objects and for optimizing our code, but no framework for organizing the code of a large Ajax application or for systematically improving an application's performance. Furthermore, the authors treat security in an inexcusably haphazard fashion. A large part of the security chapter focuses on the browser security restrictions that Ajax authors face, and where advice for securing applications is presented it is often incomplete (nowadays preventing "casual interference" with an application's data services is simply not enough) or wrong (a public key is something different from a nonce). Also one of the examples is clearly vulnerable to SQL injection attacks. Bringing together the accidental bedfellows of HTML, CSS, JavaScript, XML, and DOM on the client side, with code written in PHP, ASP, or Java on the server side is no mean feat. Ajax in Action succeeds in allowing developers to jump productively into the Ajax bandwagon. More work will however be needed to unite the Ajax technologies into a coherent development methodology.