Tuesday, October 24th, 2006

JSONRequest Proposal

Category: Ajax, JSON, The Ajax Experience

Douglas Crockford of Yahoo, a pioneer of JSON, presented “JSON: The X in Ajax” at The Ajax Experience Tuesday afternoon.

In the presentation, Douglas discussed his proposal for native support of a new JavaScript object named JSONRequest. The object would provide a simple API for issuing Ajax requests to exchange JSON data using the following methods:

var request = JSONRequest.post(url, data, callbackFn);
var request = JSONRequest.get(url, callbackFn);

Other key points about the proposed object included:

  • Requests are transmitted in order
  • Requests can have timeouts
  • Requests can be cancelled
  • Connections are in addition to the browser’s ordinary two connections per host

Douglas has published more information about his proposal. The object itself is also available for download.

Posted by Tom Geer at 4:19 pm
18 Comments

++++-
4.1 rating from 49 votes

18 Comments »

Comments feed TrackBack URI

I’ve read through the proposal before, I think it is worth some serious consideration.

Comment by Joseph Scott — October 24, 2006

You fail to point out one of the most important parts of Doug’s proposal, which is the cross-domain/site requests. JSONRequest would be allowed by the browser to make requests to host foo.com even though the page was served from bar.com, the only limitation being that the browser will refuse to pass cookies and HTTP authentication details on to foo.com.

Comment by Ryan Kennedy — October 24, 2006

Douglas’ proposal is just great. It deals with most Ajax issues in a simple and elegant way. And JSON is definitely the way to go.

Comment by Tobie Langel — October 24, 2006

That’s Crockford not Crawford.

Comment by Scott M. — October 24, 2006

The proposition looks great especially :

1-High level API for asynchronous request
2-cross-browser
3-cross-domain/site request support
4-duplex connection support
5-language agnostic on the server side
6-Timeout
7-Connections are in addition to the browser’s ordinary two connections per host

As a DWR user some of the propositions are not new especially the proposition 1,2 and 6.
However,getting cross-domain support,duplex connection without using one of 2 simultaneous connections that HTTP 1.1 limits by specification will be a considerable step forwad.

Regards-Claude

Comment by claude hussenet — October 24, 2006

No way, one format can not have special treatment over other formats.

How about native YAMLRequest? CSVRequest? EDIRequest?

Now, cross-domain, duplex, timeout are valid improvements to the XHR object which can then be renamed as plain HTTPrequest removing the XML part from it and making it format agnostic.

Comment by NoWay — October 24, 2006

Great proposal and it makes sense too, just like everything else that Douglas Crockford has produced. But what does that really mean to us? To whom is the proposal really for? Is it for Mozilla, Microsoft, Apple, etc to incorporate the JSONRequest object in their browsers? If that’s really the case, would we have to worry about backward compatibility in addition to all kind of compabilities that we’re already having to deal with?

Comment by Kevin Hoang Le — October 24, 2006

NoWay, you’re missing the reason why JSONRequest works cross-domain yet can be considered safe (for now) against “Princeton attacks”, where a page outside your firewall knows the name or IP address of a server inside your firewall and can steal data or update a db that lacks access control, that was counting on the firewall to protect it.

The assumption is that JSON data is uncommon now. If JSONRequest grows hair and supports CSV or even YAML (of which JSON is a subset), it’s likely that more intranet servers that foolishly rely only on a firewall are exposed.

I like JSONRequest, it shows Doug’s flair for the KISS principle. But it is not clear that in a few years, if JSON or even YAML are common behind firewalls, we won’t have the same vulnerability that would exist today if XHR were not restricted to same origin.

/be

Comment by Brendan Eich — October 25, 2006

Great idea, of course. To some of the comments above, you are correct, even when it is adopted by the major browsers, we will not be able to expect a high enough percentage majority of users to have it for several years. That said, this is still a very necessary step because without it, we will never be able to use it. Certainly a good step for the future.

Comment by Phil Freo — October 25, 2006

Keep on dreaming. Sorry to tell you but when would this eventually be realised, and when would a large enough userbase have an enabled browser with this new feature? I agree that it would be great to have such a thing, and it would speed things really up, but until then it is just a day dream.

Comment by Christian Decker — October 25, 2006

[…] Oops, I think I made the people over at Ajaxian angry Yesterday they posted an article about the JSONRequest Proposal by Douglas Crockford and they all started dreaming about how nice a world with simple, easy to useobjects would be, a world where every browser had the JSONRequest implemented…JSONRequest is just a proposal (for now) and although I’d like to see it realised, it won’t in the next few years, or at least it won’t be adopted on a large scale for some time. Ajax isn’t easy, if we’d all go the easy way we wouldn’t have chosen Ajax in the first place. But its a good thing to dream Technorati Tags: ajax, json […]

Pingback by Fading Roses & Raging Viruses » JSONRequest Proposal — October 25, 2006

[…] Oops, I think I made the people over at Ajaxian angry Yesterday they posted an article about the JSONRequest Proposal by Douglas Crockford and they all started dreaming about how nice a world with simple, easy to useobjects would be, a world where every browser had the JSONRequest implemented…JSONRequest is just a proposal (for now) and although I’d like to see it realised, it won’t in the next few years, or at least it won’t be adopted on a large scale for some time. Ajax isn’t easy, if we’d all go the easy way we wouldn’t have chosen Ajax in the first place. But its a good thing to dream Technorati Tags: ajax, json […]

Pingback by Fading Roses & Raging Viruses » JSONRequest Proposal — October 25, 2006

Great to see all of the interest in this topic! Because of all of the interest…and the accurate comment noting that I didn’t talk about the cross-domain implications, I thought it was worth mentioning that Doug is also proposing a new module tag that also addresses the cross-domain security issue. I’m at the airport and don’t have any links handy, so feel free (anybody) to point the discussion at some more info on module.

Also…I can’t apologize enough for butchering Doug’s last name in the original post!!! I must have been a little distracted by one of the other great Ajax Experience presentations :)

Comment by Tom Geer — October 25, 2006

I think JSONRequest is nice because it avoids some of crossdomain XHR’s concerns by restricting data format and eliminating cookies. But I wish they provided any ways to do opt-in authenticated requests for JSON-providing services.

Comment by Shinichi Tomita — October 26, 2006

I agree that the XML should be removed from the XHR, but for the same reason, we should not add JSON.

Why not simply create an HttpRequest that does just that, POST or GET an HTTP request. While JSONHR is simple, it’s not simple enough. If we simply create a new object that has the security we’re looking for, but the ambiguity we need to use any data format we want, then we’ll all be in happy land.

I think it’s time that we all started to work towards something everyone can use, not just a particular niche.

Comment by Andrew Herron — October 26, 2006

I’d personally be perfectly happy with an HTTPRequest that’s format agnostic. As a matter of fact I’ve been using XHR for a long time and almost never using “the X part”.

That said, it can be argued that JSON does deserve a special treatment. The reason is simply because it is Javascript Object Notation, so a Javascript environment already does favor it.

Comment by Gonzalo — October 26, 2006

Excellent web site I will be visiting often

Comment by url redirect — July 13, 2007

Yeah top blog, very nice layout too.

Comment by Learn How To French Kiss — September 21, 2007

Leave a comment

You must be logged in to post a comment.