Simon Willison’s Weblog


61 items tagged “ajax”


Is it probable that one of the major forum software packages will support Ajax soon?

Those codebases are all terrifyingly ancient. I suggest taking a look at instead which is a much more modern take on forum software.

[... 46 words]

How does a web page interact with a server to parse a dynamic JSON file?

If you’re only dealing with 60 records there’s no need to add a full database. I’ve actually hand coded a 50 record JSON file before and it was fine- use an editor with good JSON support (I like Sublime Text 2) and it’s pretty easy to hand write.

[... 103 words]


What’s the best way to handle logins?

First, make sure you’re storing the password as a salted hash, using a deliberately slow hashing algorithm such as bcrypt, scrypt or PBKDF2—here are some recent articles to get you up to speed:

[... 176 words]

How do you change page content and URL without reloading the whole page?

This can only be done using JavaScript. You use XMLHttpRequest to pull in new information from the server (also known as Ajax—most people use a JavaScript library such as jQuery to handle this) and then use the HTML5 history API, in particular the pushState method, to update the URL.

[... 133 words]


Going Postel. Jeremy points out that one of the many disadvantages of publishing JavaScript dependent content on the Web is that a single typo can render your entire site unusable.

# 9th February 2011, 2:18 am / ajax, gawker, hashbanghell, jeremy-keith, urls, recovered

Breaking the Web with hash-bangs. Mike Davies explains why Gawker’s new Ajax fragment-tastic redesign is a web architecture error of colossal proportions.

# 9th February 2011, 2:17 am / ajax, gawker, hashbanghell, mike-davies, urls, recovered

Why do websites contain multiple webpages when they could use AJAX?

Because it shouldn’t require a full-blown JavaScript interpreter just to access content on the Web.

[... 32 words]


Why do browsers allow cross-domain JavaScript to execute but not XMLHttpRequests?

It’s called the Same Origin Policy, and it’s principally about intranets. Imagine you have a URL http://intranet.corp/top-secret-...—and you then visit . If cross domain XHR was allowed the evil site could suck that secret document off your intranet without you realising.

[... 105 words]

If I have data that loads using  json / JavaScript will it get indexed by Google?

No. Personally I dislike sites with content that is only accessible through JavaScript, but if you absolutely insist on doing this you should look in to implementing the Google Ajax Crawling mechanism:

[... 56 words]

Side-Channel Leaks in Web Applications. Interesting new security research. SSL web connections encrypt the content but an attacker can still see the size of the HTTP requests going back and forward—which can be enough to extract significant pieces of information, especially in applications that make a lot of Ajax requests.

# 23rd March 2010, 4:24 pm / ssl, security, sidechannel, http, ajax


flXHR. I was looking for something like this recently, glad to see it exists. flXHR is a drop-in replacement for regular XMLHttpRequest which uses an invisible Flash shim to allow cross-domain calls to be made, taking advantage of the Flash crossdomain.xml security model.

# 26th November 2009, 12:52 pm / flash, swf, flxhr, xhr, ajax, javascript, crossdomain

Deep Tracing of Internet Explorer. dynaTrace Ajax looks like an awesome tool. For once, Internet Explorer has a development tool that other browsers can be jealous of.

# 18th November 2009, 8:06 am / dynatraceajax, ie, internet-explorer, debugging, javascript, ajax, john-resig

Official Google Webmaster Blog: A proposal for making AJAX crawlable. It’s horrible! The Google crawler would map url#!state to url?_escaped_fragment_=state, then expect your site to provide rendered HTML that reflects that state (they even go as far as to suggest running a headless browser within your web server to do this). Just stick to progressive enhancement instead, it’s far less hideous. It looks like the proposal may have originated with the GWT team.

# 8th October 2009, 5:52 pm / javascript, progressiveenhancement, search-engines, google, crawling, ajax, seo, gwt

breaking links. Mike complains about sites such as Twitter and which mess around with Ajax and links and hence breaks the ability to command-click to open a new tab in Safari (and Chrome). I just realised that I’ve subconsciously retrained myself to right click and select “open in new tab” to avoid that exact issue.

# 8th October 2009, 8:26 am / javascript, broken, ajax, links, michalmigurski, usability

rather baffling finding: POST requests, made via the XMLHTTP object, send header and body data in separate tcp/ip packets [and therefore,] xmlhttp GET performs better when sending small amounts of data than an xmlhttp POST

Iain Lamb

# 18th August 2009, 12:27 pm / ajax, get, http, iainlamb, performance, post, xmlhttprequest

Announcing Alice and Wonderland. Continuing the RabbitMQ “stuff to do with rabbits” naming convention, Alice is a RESTful interface to RabbitMQ which exposes information about vhosts/queues/users/exchanges/etc as JSON. Wonderland is a web UI for RabbitMQ implemented as a pure Ajax application which calls Alice.

# 17th July 2009, 9:12 am / aliceinwonderland, rabbitmq, alice, wonderland, rest, json, ajax, javascript, message-queues, queues

Building Fast Client-side Searches. Flickr now lazily loads your entire contact list in to memory for auto-completion. Extensive benchmarking found that a control character delimited string was the fastest option for shipping thousands of contacts around as quickly as possible.

# 19th March 2009, 3:35 pm / flickr, javascript, autocomplete, ajax, json

AJAX APIs Playground. Ferociously useful collection of executable and editable example code for all(?) of Google’s JavaScript APIs, including Google Maps and the increasingly interesting Visualization API.

# 22nd January 2009, 6:38 pm / google, javascript, ajax, google-maps, googlevisualization

Sloppy—the slow proxy. Java Web Start GUI application which runs a proxy to the site of your choice simulating lower connection speeds—great for testing how well your ajax holds up under poor network conditions.

# 13th January 2009, 4:17 pm / ajax, javascript, performance, sloppy, java, javawebstart, proxy, richarddallaway

A Snapshot of The Yahoo! Photos Beta (from 2006). Scott Schiller shares an internal retrospective on the Yahoo! Photos interface from 2006, which was years ahead of its time (they started building it before the term Ajax had even been coined). The material on memory management and event delegation is particularly interesting.

# 12th January 2009, 10:21 pm / eventdelegation, scott-schiller, yahoo, yui, yahoophotos, ajax, javascript


jQuery history plugin. I used this plugin to add back button support to a small Ajax app today, with great results. I tried it a while ago and it didn’t work in Safari, but someone has updated it since and now it works perfectly.

# 7th November 2008, 5:32 pm / jquery, history, ajax, javascript, plugins, backbutton

CSSHttpRequest (via) Devious cross-domain Ajax hack that uses CSS for transport (@import rules with data URIs, but it still works in IE). Similar to JSONP but safer, since JSONP can cause arbitrary JavaScript to execute.

# 23rd October 2008, 6:25 pm / json, jsonp, javascript, ajax, crossdomain, css, atimport, csshttprequest

When Ajax Attacks! Web application security fundamentals. Slides and notes from my talk on web application security at @media Ajax last Tuesday.

# 20th September 2008, 4:16 pm / atmediaajax, atmediaajax2008, security, csrf, xss, presentations, slides, ajax, javascript

When Ajax Attacks! Web application security fundamentals. Slides and (other people’s) notes from my presentation at @media Ajax on Tuesday.

# 17th September 2008, 11:18 pm / ajax, atmediaajax, atmediaajax08, csrf, javascript, security, speaking, xss, recovered

If we see good usage, we can work with browser vendors to automatically ship these libraries. Then, if they see the URLs that we use, they could auto load the libraries, even special JIT'd ones, from their local system. Thus, no network hit at all!

Dion Almaer

# 27th May 2008, 5:58 pm / ajax, browsers, dion-almaer, google, libraries

Google AJAX Libraries API (via) Google are hosting copies of jQuery, Prototype, mooTools and Dojo on their CDN, with a promise to permanently host different versions and an optional JavaScript API to dynamically load the most recent version of a library. I wish they’d stop capitalising Ajax though.

# 27th May 2008, 5:56 pm / ajax, google, libraries, cdn, jquery, prototype, mootools, dojo

Google Maps now shows photos and Wikipedia articles. Click the “More...” button. My first thought was “how do they get so many photo markers on the map?”—Firebug shows that they’re generating tiles on the server containing multiple photo markers, then when you click on one an Ajax call checks which photo is in that particular spot.

# 14th May 2008, 7:10 pm / google-maps, javascript, ajax, wikipedia

Google AJAX Search API: Flash and Server Side Access. Over a year after Google shot down their SOAP Search API, they’ve quietly released a JSON based one under the guise of supporting “Flash and other non JavaScript environments”. Comes with the strange requirement that an HTTP referer be sent with every request; the API key is optional.

# 22nd April 2008, 7:16 pm / google, soap, ajax, json, search, web-services, apis

Reading binary files using Ajax. There’s a simple trick for Firefox, and (amazingly) you can get IE to play along using a function written in VBScript.

# 22nd April 2008, 7:02 pm / binary, ajax, ie, firefox, vbscript, javascript, xmlhttprequest

Mibbit (via) Excellent web-based IRC client, should be great for when pesky firewalls get in the way. Also a good candidate for use with a site-specific browser.

# 19th April 2008, 3:53 pm / ajax, irc, mibbit, sitespecificbrowsers