Learn, hack!

URL

http://dewy.fem.tu-ilmenau.de/CCC/23C3/video/23C3-1568-en-json_rpc.m4v

File name

23C3-1568-en-json_rpc.m4v

File size

88.7 MB

MD5

cd78e5413894f477c544c893750171db

SHA1

8e35d38d861edcb93dffcc8a1ffc4ffaa3b1b754

JSON RPC is a recently fashionable buzzword in the AJAX context. This lecture explains its principles, specifically the same origin policy for cross site scripting and its relation to JSON RPC, and demonstrates the essential implementation details using the example of the geocoding service in the google maps API. The collection of technologies on which modern web applications are based is nowadays summarily referred to as AJAX, or "Asynchronous JavaScript and XML". Interestingly, the use of XML as the data format for the transfer between client and server is not only unnecessarily complicated, but in its usual incarnation as XMLHttpRequest it is also subject to restrictions that prevent the direct use of web services from the client side of the web application. A natural alternative to the transport of XML data structures though the XMLHttpRequest API is the transport of literal JavaScript expressions (nowadays also called JSON, or "JavaScript Object Notation") through dynamically created SCRIPT elements. We discuss practical aspects of the implementation of this approach and the consequences for architecture and software design of web applications. Because the circumvention of restrictions that were originally meant to maintain security might be frightening at first sight, we recapitulate the principles on which cross site scripting restrictions are based, and we discuss why their circumvention for the purpose of JSON/SCRIPT based data transport doesn't infract the security of a web application.