tags:

views:

152

answers:

3
+1  Q: 

AJAX vs AHAH Is there a performance advantage?

My concern is performance, is there a reason to to send the client XML instead of valid HTML? Like most things, I am sure it is application dependent. My specific situation is where there is substantial content being inserted into the web page that has been pulled from a database.

What are the advantages of either approach? Is the size of the content even a concern? Or, in the case of using XML, will the time for the Javascript to process the XML into HTML counterbalance the extra time that would have been required to send HTML to start with?

Thanks, Jeff

+4  A: 

AJAX hasn't been strictly followed per its acronym for years. It's just a moniker now for "asynchronously loaded content".

Most AJAX these days is done with JSON.

Whether or not you go with HTML as your data over JSON or anything else (even XML) is really up to the specific needs of your application. In that respect, AHAH is really just a subset of AJAX.

If there is no benefit to be gained from having the client-side parse/render the data, then just have the server-side do it and return HTML.

Peter Bailey  2010-04-13 16:50:25
+1  A: 

JSON ( Javascript Object Notation ) is more often used than XML because it is lightweight, and native Javascript.

That being said, if what you need is XML, then you would pull back XML.

Here's a good page on when to use HTML, XML or JSON

Here's a good page on the differences between the two.

JSON is used for performance reasons, mostly. To use the example from that page:

XML:

<?xml version=’1.0′ encoding=’UTF-8′?>
<card>
  <fullname>Bala Arjunan</fullname>
  <org>PH</org>
  <emailaddrs>
   <address type=’work’>[email protected]</address>
   <address type=’home’ pref=’1′>[email protected]</address>
  </emailaddrs>
  <telephones>
   <tel type=’work’ pref=’1′>+12345678</tel>
   <tel type=’mobile’>+1234 1234</tel>
  </telephones>
  <addresses>
   <address type=’work’ format=’B'>1234 Oil Mill St Chennai, IND</address>
   <address type=’home’ format=’B'>5678 Oil Mill St Chennai, IND</address>
  </addresses>
  <urls>
   <address type=’work’>http://balaarjunan.wordpress.com/&lt;/address&gt;
   <address type=’home’>http://balaarjunan.wordpress.com/&lt;/address&gt;
  </urls>
</card>

JSON:

{
  “fullname”: “Bala Arjunan”,
  “org”: “PH”,
  “emailaddrs”: [
    {"type": "work", "value": "[email protected]"},
    {"type": "home", "pref": 1, "value": "[email protected]"}
  ],
  “telephones”: [
    {"type": "work", "pref": 1, "value": "+12345678"},
    {"type": "mobile", "value": "+1234 1234"}
  ],
  “addresses”: [
    {"type": "work", "format": "us", "value": "1234 Oil Mill St Chennai, IND"},
    {"type": "home", "format": "us", "5678 Oil Mill St Chennai, IND"}
  ],
  “urls”: [
    {"type": "work", "value": "http://balaarjunan.wordpress.com/"},
    {"type": "home", "value": "http://balaarjunan.wordpress.com/"}
  ]
}

With JSON, there is far less redundancy.

OTOH, sending plain ol' HTML is very effective at times as well. You have to think about your data. If you're just updating a paragraph of text, just send html through. IF you're dealing with items, or a collection of items that you're going to manipulate or use somehow in Javascript, you want JSON. If you want to ASyncronously update your RSS Feed or some other XML, you ask for XML.

Remember, HTML is just a subset of XML. and xHTML follows all the xml rules. Browsers that are javascript aware ( all of them ) can understand JSON ( Javascript ) and HTML (XML). Choose what fits your project based on how you will use the data.

Atømix  2010-04-13 16:55:23
+2  A: 

It's important to recognize that even when fetching HTML you shouldn't just stick it straight into the DOM without processing it. If it's not transmitted through a secure protocol it could be subject to MITM attacks. Any time saved parsing XML is spent on sanitizing the HTML to prevent script injections.

XML is more portable too. The data served in XML can be used anywhere on any page. HTML is different in this aspect (although it can be styled with CSS), not all browsers have a readily available parser without inserting the content into the DOM. Some may have DOMDocument(), but you can't rely on it for cross browser purposes. With XML, you can also target and extract the data you need effortlessly using XPath. With HTML (x-browser), you'd need to insert into the DOM first or use the ever-so-unreliable regexp method that really shouldn't ever be used.

JSON is more lightweight, it does away with a lot of the bulk that comes with XML and HTML. Being native markup for JavaScript objects, it's also very easy to parse. Unlike XML and HTML, you can also access JSON data cross domain using JSON with Padding (JSONP).

In summary, you need to choose the method that best suits your needs. Most people tend to go with JSON these days because it's very light weight, can be accessed cross domain and requires very little effort to parse with JavaScript.

Andy E  2010-04-13 17:00:54
Your security tip is a very valid concern and something I hadn't thought of. On the other hand though, why wouldn't that be just as likely with XML, JSON or anything else?
Icode4food  2010-04-13 18:56:47
@LanguaFlash: Any data passed over an insecure connection could be tampered with, the difference with XML and JSON is that the data is static, meaning that it is just information that you must parse to access. HTML is dynamic content that can be added straight to the DOM, if a MITM attack changed the HTML to include malevolent scripts making it a much more serious threat. JSONP is also subject to the same security risks. JSON on its own is safely parsed and will not parse JavaScript functions (unless `eval`) is used.
Andy E  2010-04-13 22:58:32
Take XML for example. <data>hello world</data>. My javascript will do whatever it needs to with the data and insert it more or less directly into the page. Why couldn't an attacker insert <script>function doSomethingEvil()</script> into "data"?Isn't the same thing true of JSON?
Icode4food  2010-04-14 13:55:01
@LanguaFlash: like I said, the data could be tampered with, but it is only static data. When parsing an XML file, a `<script>` element would not be parsed by a script engine -- it would just be another XML element with plain text data for its contents. The same is true of JSON, a JSON parser will not "execute" any code and will throw an error (invalid JSON) if it finds any functions or method calling. Inserting HTML into the document without sanitizing it, on the other hand, will invoke the script interpreter for any script elements present.
Andy E  2010-04-14 14:14:05
@LanguaFlash: ... continued... To re-iterate, the damage you could do with XML or JSON is changing a string from "Hello world" to "boobs!". The damage you can do with HTML and JSONP is execute javascript which can include anything from password input key loggers to full document manipulation.
Andy E  2010-04-14 14:16:27

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?