Learn, hack!

URL

http://dewy.fem.tu-ilmenau.de/CCC/23C3/audio/23C3-1568-en-json_rpc.mp3

File name

23C3-1568-en-json_rpc.mp3

File size

56.9 MB

MD5

e06ba75d330c3c78682cb245e7c595fe

SHA1

acf43c2d549519ac86efabdbe39af4683d5afa41

JSON RPC is a recently fashionable buzzword in the AJAX context. This lecture explains its principles, specifically the same origin policy for cross site scripting and its relation to JSON RPC, and demonstrates the essential implementation details using the example of the geocoding service in the google maps API. The collection of technologies on which modern web applications are based is nowadays summarily referred to as AJAX, or "Asynchronous JavaScript and XML". Interestingly, the use of XML as the data format for the transfer between client and server is not only unnecessarily complicated, but in its usual incarnation as XMLHttpRequest it is also subject to restrictions that prevent the direct use of web services from the client side of the web application. A natural alternative to the transport of XML data structures though the XMLHttpRequest API is the transport of literal JavaScript expressions (nowadays also called JSON, or "JavaScript Object Notation") through dynamically created SCRIPT elements. We discuss practical aspects of the implementation of this approach and the consequences for architecture and software design of web applications. Because the circumvention of restrictions that were originally meant to maintain security might be frightening at first sight, we recapitulate the principles on which cross site scripting restrictions are based, and we discuss why their circumvention for the purpose of JSON/SCRIPT based data transport doesn't infract the security of a web application.