Comments on: Improving jQuery’s JSON performance and security

By: Dave Ward

Dave Ward — Mon, 12 Oct 2009 13:00:08 +0000

It is safe, as long as you secure any services that are sensitive. You can use .NET authorization on ASMX the same as you would on ASPX.

As long as you don’t trust the client too much, a user finding the service’s URL isn’t any more dangerous than them knowing the ASPX page’s URL.

For example, if you were building an AJAX shopping cart, you shouldn’t ever accept a price from the client-side. Instead, you should always accept a product ID and retrieve its price from a secure, server-side data store (probably a database). That way, even if the user does find the service URL and figure out how to manually POST to it, the “worst” they can do is add legitimate items to their cart at full price.

By: Michael

Michael — Wed, 07 Oct 2009 01:38:24 +0000

Hi, I have seen a lot of demos using Json to call WebServices, but it’s safe? I mean if you can see the code behind, you easily can see where is the WebServices Located. There is any way to encript the WebServices URL?

Thanks

By: » Improving jQuery’s JSON performance and security | Encosia - Yee Torrents News 4

Thu, 24 Sep 2009 07:53:35 +0000

[...] Source:Improving jQuery’s JSON performance and security | Encosia [...]

By: Dave Ward

Dave Ward — Thu, 10 Sep 2009 04:26:09 +0000

If you set a dataFilter in $.ajaxSetup, it will apply to those shortcut methods. See this post for an example of doing that: http://encosia.com/2009/07/21/simplify-calling-asp-net-ajax-services-from-jquery/

By: Chas Sforza

Chas Sforza — Wed, 09 Sep 2009 23:49:00 +0000

Well presented! Thanks!

Any way to apply this sort of filter when using get() or getJSON()?

Thanks again!

Chas

By: Oliver

Oliver — Tue, 11 Aug 2009 22:31:28 +0000

Safari 4.0.3 supports native JSON

By: flym

flym — Fri, 07 Aug 2009 06:34:18 +0000

I find it in http://www.json.com/json2.js
but I think I won’t use it if I must import one more js file,unless the browser help to do.

By: flym

flym — Fri, 07 Aug 2009 06:28:21 +0000

I find my browser has not support it now,may wait for a while.
btw:The most time,the server must keep the json returned sefely to be used.

By: Creating a Webservice Proxy with jQuery « Life of a geek and a part-time poet

Sun, 02 Aug 2009 12:59:32 +0000

[...] Improving jQuery’s JSON performance and security [...]

By: Techwave » Blog Archive » jQuery FTW (August 1)

Techwave » Blog Archive » jQuery FTW (August 1) — Sat, 01 Aug 2009 23:17:53 +0000

[...] Improving jQuery JSON Performance and Security – An interesting article about expanding jQuery to notice if the browser supports JSON parsing natively. [...]

By: Jon

Jon — Tue, 28 Jul 2009 21:13:54 +0000

Ah right ok. That’s not a problem really.

Cheers Dave

By: Dave Ward

Dave Ward — Tue, 28 Jul 2009 21:12:28 +0000

You wouldn’t need to test for its presence, but you would still need to use the dataFilter callback to force jQuery to use it. Until 1.3.3, jQuery won’t automatically use JSON.parse, even if it’s present.

By: Jon

Jon — Tue, 28 Jul 2009 21:06:40 +0000

Yeah just been trying this out which is pretty cool.

So can I assume that if I include json2.js in my sites then I won’t have to do the checking for JSON in my jquery webservice call which you talk about in another post?

By: Dave Ward

Dave Ward — Tue, 28 Jul 2009 21:04:33 +0000

That’s correct. json2.js and the ECMA standard have identical APIs too, so parse and stringify work the same in both settings.

By: Jon

Jon — Tue, 28 Jul 2009 20:50:35 +0000

So does this mean that if I include json2.js in my page then if native JSON is present it will use it otherwise it will use the json2.js ?