Re: AJAX Concept Question

[Peter Conrad <conrad () tivano de>]

Hi,

Am Freitag, 22. Februar 2008 04:15 schrieb Mat:
> Why is XML used as a transport agent/layer?

mostly because XML is a nice buzzword. ;-)

The good thing about XML is that there's a lot of tools for generating
and parsing it. If you apply these properly, you don't have to worry
about escaping "bad" characters, for example.

> What are the benefits of using either implementation?

Depending on what you're going to do with it, not using XML can be
much more efficient. I don't think there are any big pros or cons
for either approach. Choose what fits your needs.

> Obviously the 
> second way is not typical AJAX due to the lack of XML - but its the same
> idea.  Also, are there any security related issues due to using either
> method?

I think echoing JavaScript code to the end of the page is more
dangerous, simply because code is more dangerous than data. 
Of course it depends on how the code is generated and how the
data is used - YMMV.

Bye,
        Peter
-- 
Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18                      http://www.tivano.de/
63263 Neu-Isenburg

Germany

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------