19 November 2008


A little snippet of code I'm playing with. This started as me learning more about XST, to understand why TRACE being enabled was considered a BadThing(tm). [see: this white paper (.pdf format) for more on that].

In my opinion, the best way to learn is to do, so I quickly whipped up the following so I could play, and handily, this finally gives me a good reason to write my first bit of AJAX even =)

A couple of points:

  • If you change the method from GET to HEAD, this makes a handy banner grabber

  • If you change the method to TRACE, it may or may not work, depending on the browser you are using.

To explain the latter item:

The current versions of both Firefox and IE refuse to run TRACE via XMLHttpRequest.
This is the correct behaviour, per the spec, and is certainly more secure (it goes a fair way to mitigate XST in general in fact). I have not tried older versions or other browsers to see how they handle it.

Note that I snarfed bits and pieces of this code from various places on the net, and didn't create all of this from scratch. However, I have tweaked and changed things enough to feel OK calling this "my code".

I'll probably tweak this further. I'm considering just making different buttons for the different types of requests and letting the function figure out what method to use based on that, for example.

Anyway, here's the code as it stands after about 20 minutes of crash course in AJAX:

if anyone knows how to post HTML/Javascript to blogspot, I'd be grateful for the tip, it keeps trying to render regardless of my use of pre or code. I even tried to settle for textarea, but it borked the formatting of the code unfortunately and added br tags all over the place. *sigh*. ]

Here's a pastebin of the code instead

[EDIT 2010-03-02:
Oh for ... Apparently IE8 renders the pastebin code as HTML instead of displaying it as text/plain. *cry*.

No comments:

Post a Comment