AJAX-Tips
A very smart practice in coding is to test if the function will have the ability to perform in a particular browser. This is especially true in Ajax-based websites as developers have to face constant browser incompatibilities. Objects could easily be a problem when everything is in place for a particular browser but it will just falter since development of the program has not considered other browsers.
Developers will have to use a code something like this:
if ( document.evaluate ) {}
This small value tries to evaluate the function against the browser. Each function is tested with this value which means some parts of the websites may not be tested. If the function is not tested, the function will still go through as long as the browser is compatible with it. Basically, the value is just there to evaluate if the function works in the browser and offer options if the browser will not be possible. This value could even be built in the coding as a function. The coding could also go for the whole webpage through this function:
if ( document.all ) {}
Problem will start to creep in when you start using the latter function. if ( document.all ) will evaluate every function of the coding and see if its compatible with the intended browser. But aside from evaluation, this code is an active function that fills in anything that is not there. This is especially true when you are using a library to develop your application. Automatically, anything that is not in the browser will be supplied by the library. For example, when you are running an application in Opera and the .getElementsByClassName is not there, the document.all will look for the function in the library and install it in the code so that the browser could read the code.
This problem only occurs in non-IE browsers only. The function document.all has the ability to check the function in IE only but on other browser like Opera, document.all could trigger fetching of function in the library to make it work.
This behavior poses an obvious problem to security. Since document.all extracts all the possible functions that are lacking in the browser, it might fetch very sensitive information. If a website is rendered this way, hackers could easily access all possible information. The information might not be displayed on the browser but it has virtually opened itself up for possible hackers.
The function document.all is very easy to implement but could have dire consequences to your Ajax-based application. As always being patient with the coding is one of the key steps to security. The library may have everything that you need but of course your interaction with the library will reveal sensitive information about the application. As much as possible use a smaller function so that this problem will never happen. When you point out a specific function for evaluation, you know which function is evaluated. This prevents from other functions from the library to be extracted and executed for security purposes.
