Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Javascript > JSON without AJAX

Reply
Thread Tools

JSON without AJAX

 
 
Thomas 'PointedEars' Lahn
Guest
Posts: n/a
 
      12-23-2005
VK wrote:

> Michael Winter wrote:
>> It is a /hint/ to the user agent that the
>> script can be executed at its leisure; that execution can be deferred.

>
> *Any* trustwordy links about "defer" attribute?


Yes, the HTML 4.01 Specification. It makes deferring such scripts a
possibility, not a recommendation or even a necessity.

> The best I've found so
> far were exactly about the point: "a script with defer set to true will
> deferred".


Which most certainly is from the MSDN Library or another IE-related
resource.


PointedEars
 
Reply With Quote
 
 
 
 
VK
Guest
Posts: n/a
 
      12-24-2005
See also Dynodes Project at <http://www.mindsack.com/uxe/dynodes/>
and the quoted vot.sep. of JSON's inventor Douglas Crockford.

IMHO security issues with cross-domain script interchange is
over-appreciated. There are much more effective ways to bypass
same-domain limitations with malicious purposes. JavaScript adds
absolutely nothing extra in the pucture.

There are not any doable ways to have *full* browsing experience
*everywhere* across the Web in *absolutely secure* environment. There
are means to set security settings by domains, but this task is
accomplished on the higher level (security zones) and JavaScript per se
doesn't interfer neither affect to that.

 
Reply With Quote
 
 
 
 
Michael Winter
Guest
Posts: n/a
 
      12-24-2005
On 23/12/2005 19:42, VK wrote:

> *Any* trustwordy links about "defer" attribute?


Trustworthy? There's nothing wrong with the W3C documentation in this
regard:

defer
When set, this boolean attribute provides a hint to the user
agent that the script is not going to generate any document
content (e.g., no "document.write" in javascript) and thus,
the user agent can continue parsing and rendering.
-- 18.2.1 The SCRIPT element, HTML 4.01 [1]

particularly when Microsoft's documentation says much the same (so no
threat to your 'reality'):

Using the attribute at design time can improve the download
performance of a page because the browser does not need to
parse and execute the script and can continue downloading and
parsing the page instead.
-- Remarks, DEFER Attribute | defer Property, MSDN [2]

It might be worth mentioning that the generating "document content"
comment above needn't apply to the DOM methods that operate at a node
level. As I wrote previously, the document.write method relies on the
positioning of the SCRIPT element that calls it, whereas the other
methods can target regions of the document tree explicitly. Their only
prerequisite is that that part of the document tree has already been parsed.

[snip]

Mike


[1] <http://www.w3.org/TR/html401/interact/scripts.html#h-18.2.1>
[2]
<http://msdn.microsoft.com/workshop/author/dhtml/reference/properties/defer.asp>

--
Michael Winter
Prefix subject with [News] before replying by e-mail.
 
Reply With Quote
 
Lasse Reichstein Nielsen
Guest
Posts: n/a
 
      12-24-2005
Thomas 'PointedEars' Lahn <(E-Mail Removed)> writes:

> http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:


>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">

>
> No system identifier, triggering Quirks Mode.


Actually not. The public identifier is for HTML 4.0 Strict, which
alone is enough to trigger standards mode.

/L
--
Lasse Reichstein Nielsen - (E-Mail Removed)
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleDOM.html>
'Faith without judgement merely degrades the spirit divine.'
 
Reply With Quote
 
bwucke@gmail.com
Guest
Posts: n/a
 
      12-24-2005

Thomas 'PointedEars' Lahn wrote:
> (E-Mail Removed) wrote:
> > It is. Proof that in -certain- cases it's possible. [...]

>
> But that was not what was to be proven.


So what exactly was?

"Mission statement:

A mechanics to get text stream into browser from any Web location
without reloading the current page. "

An external file containing stream (with some prerequisites, js syntax)
located on arbitrary location, capable of providing mostly arbitrary
data (including, by sequencing read, text stream) to the
document/application, using method other than xmlhttprequest was loaded
during runtime of already loaded document, not triggering/requiring
reload. I think it was what the whole mess is about. If I'm wrong,
please explain WHAT is to be proven.

Also,
- For serialized objects it will create unnecessary overheat plus
potential error stream.
* overhead is a cost. If the profits outweight the cost, it's fine. If
they don't, we still can develop the method and then think how to
reduce the costs.
* will 'defer' help with that?
- What would be possible is to determine if a certain variable was
declared and holding a value different from `undefined'.
* Won't 'defer' conflict with that?
- "loading scripts" after the document was loaded is still unreliable.
* given all prerequisites (Firefox [the script was written and tested
only for it]. Network connection, correct location of the files,
configuration allowing for kaunching javascript, and all the countless
other prerequisites like a user to click the button, a computer with
non-faulty hardware etc, this script is perfectly reliable. It uses
the same methods as the browser does internally for inserting nodes
into document, no matter what kind of node and no matter what time
(loading page or clicking a button) the node is inserted, so there's no
reason why it shouldn't work. And it works. And unless I missed
something serious [a prerequisite!] it will work. Thus it is reliable.
Point proven.

Would you care to explain, how is it more unreliable than sum of
unreliablity of dynamically loading any kind of content (even images)
and statically loading scripts together with all external objects on
standard page load?

> >> > Loads js entered in the box. Works in FF 1.5.
> >> It was not debated that it works in some browsers on certain occasions
> >> with certain pieces of code.

> > I think it was.

> No, that was not debated. Read again.


Many occasions when it might not work or work not as desired were
discussed. Prove all variants are true and you've proven the whole is
true. Prove one variant is false, and whole becomes doubtful, at least
reduce the set. The code for all the cases will be somehow similar to
this code, so it's a tool. It can't be used to prove things will never
fail, but can be used to find where they do and prove they do when they
do. Okay, I didn't prove anything you find interesting, doesn't make
the code useless. Of course it is dirty. I might fix it, but you say
you have cleaner, so why won't you post instead?

> > Why didn't you post it then?!?

> Why should I post something that I cannot even recommend?


You know, the empire of 3M was buitlt on fortune earned from Post-It
notes. They are an invention based on a glue invented some 80 years
earlier. The invention was archived because the author found the glue
is hopelessly weak, can barely keep two sheets of paper together.
Therefore, his reasoning was, the invention is useless. He couldn't
recommend the glue to anyone. And then someone digging in the archives
found the formula and got the idea that two sheets of paper barely
holding and easily separable is actually useful.

Post the code and maybe others will make it into something valuable and
find workarounds for the caveats.


> > Nope. In case of static text documents it wouldn't be useful, for sure.
> > In case of browsers not supporting Javascript it would not be useful.

> And in case W3C DOM Level 2 HTML would not be supported as supposed or
> the unspecified behavior that `script' element's contents is passed to
> the script engine after the document has finished loading was not there.
> And ...


and, and. Cars crash all the time. Claiming something is unreliable is
no reason not to develop it. There's no black and white, just a long
range of shades of grey. Pick one white enough for you or go back to
the caves.

> > So far you keep attacking whoever does a tiniest step outside the
> > rules, no matter what the general direction and what outcomes of their
> > step. Syntax nazi, standards nazi, netiquette nazi, [...]

> Godwin's Law. You lose. And *PLONK*


Godwin's law means losing in groups that declare it. I read the FAQ
before posting the above, found no mention of Godwin, therefore no
plonk. You're a nazi.

 
Reply With Quote
 
Thomas 'PointedEars' Lahn
Guest
Posts: n/a
 
      12-25-2005
Lasse Reichstein Nielsen wrote:

> Thomas 'PointedEars' Lahn <(E-Mail Removed)> writes:
>> (E-Mail Removed) wrote:
>>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">

>> No system identifier, triggering Quirks Mode.

>
> Actually not. The public identifier is for HTML 4.0 Strict, which
> alone is enough to trigger standards mode.


Indeed. That should not happen since W3C HTML 4.0 has been
obsoleted by W3C HTML 4.01 and is not a standard anymore.


PointedEars
 
Reply With Quote
 
VK
Guest
Posts: n/a
 
      12-25-2005
..It appears that any modern standards compliant browser is able to
receive any data in base64 format (w/o reloading the page).

That was not the primary aim (I was thinking more about <script>
implants) but it happened to be a side effect of ruling out different
possibilities plus reading posts in this thread. The last hint came
from Lasse Reichstein Nielsen - not from the message itself but from
the bottom signature about DHTML Death Colors:
<URL:http://www.infimum.dk/HTML/rasterTriangleDOM.html>

So shall we call it JSONet Project with branches
JSONet S (expoiting external style sheet idea)
and
JSONet J (exploiting script implants)
?

Proof of concept (tested under Firefox 1.5 under Windows 98 SE)

/// HTML FILE ///

<html>
<head>
<title>JSONet</title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1">

<script type="text/javascript">
var sid = '';

function init() {
var roof = document.getElementsByTagName('HEAD')[0];
var JSONet = document.createElement('LINK');
sid = 'jsn' + (new Date()).getTime();
with (JSONet) {
id = sid;
title = 'JSONet S';
rel = 'alternate stylesheet';
type = 'text/css';
href = 'data.css';
}
roof.appendChild(JSONet);
roof.normalize();
setTimeout(reader,500);
}

function reader() {
var out = document.forms[0].out;
var sty = document.getElementById(sid).
sheet.cssRules[0].
style.backgroundImage;
var str = sty.split(',')[1];
var b64 = str.substring(0,str.length-1);
var mes = atob(b64);
out.value = mes;
}
</script>
</head>

<body onload="init()">

<form method="post" action="">
<textarea name="out" cols="64" rows="8"></textarea>
</form>

</body>
</html>

/// CSS Sheet called <data.css> ///
..data {
background-image:
url(data:image/png;base64,SGFwcHkgTmV3IFllYXIgMjAwNiE=);
}

/// RESULT ///
base64 string contains the message "Happy New Year 2006!" which you'll
see on the page in the textarea.

 
Reply With Quote
 
VK
Guest
Posts: n/a
 
      12-25-2005

Thomas 'PointedEars' Lahn wrote:
> Lasse Reichstein Nielsen wrote:
>
> > Thomas 'PointedEars' Lahn <(E-Mail Removed)> writes:
> >> (E-Mail Removed) wrote:
> >>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
> >> No system identifier, triggering Quirks Mode.

> >
> > Actually not. The public identifier is for HTML 4.0 Strict, which
> > alone is enough to trigger standards mode.

>
> Indeed. That should not happen since W3C HTML 4.0 has been
> obsoleted by W3C HTML 4.01 and is not a standard anymore.


IE does not have HTML 4.01 in its "registered doctypes" table. So
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"> may work for
switching into strict mode but only by the "Unrecognized !DOCTYPE"
rule.

Details at:
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnie60/html/cssenhancements.asp>

(after the MSDN site redesign you may need to have IE 5.5 or higher
under Windows 98 SE or higher to be able to access the information).

 
Reply With Quote
 
Lasse Reichstein Nielsen
Guest
Posts: n/a
 
      12-25-2005
"VK" <(E-Mail Removed)> writes:

> IE does not have HTML 4.01 in its "registered doctypes" table. So
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"> may work for
> switching into strict mode but only by the "Unrecognized !DOCTYPE"
> rule.


A plausible theory, but not the way it is, sadly.
If IE simply didn't recognize HTML 4.01 doctypes, then the declaration
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
should trigger standards mode. It doesn't. IE6 goes into CompatMode
on this declaration, but standards mode with a system identifier,
so it treats HTML 4.01 just as HTML 4.0.

Perhaps the table is just not complete (probably because it was
written before HTML 4.01 was finalized, although I haven't checked
the dates).

/L
--
Lasse Reichstein Nielsen - (E-Mail Removed)
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleDOM.html>
'Faith without judgement merely degrades the spirit divine.'
 
Reply With Quote
 
VK
Guest
Posts: n/a
 
      12-25-2005
For cross-browser tests of different JSONet variants one can found
useful:

"Using JSON with Yahoo! Web Services"
<http://developer.yahoo.net/common/json.html>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Lib to generate XML/JSON[P] output from a DTD/XSD/JSON Schema/etc Acácio Centeno Python 1 02-15-2013 07:34 AM
I am facing an issue while decoding json string using json.loads sajuptpm Python 2 12-28-2012 07:16 AM
[ANN] Security Fix json-1.1.7 for json_pure and json gems Florian Frank Ruby 0 06-30-2009 05:18 PM
"JSON for ASP" at json.org Tuğrul Topuz ASP General 1 06-27-2008 11:37 PM
AJAX IDE and AJAX TOOL--The Release of JoyiStar AJAX WebShop 3 Beta minnie Java 1 12-13-2006 06:29 AM



Advertisments