Using CHR for Data Gathering

XHR or XMLHttpRequest is a highly efficient function for Ajax and JavaScript websites and applications. With the use of this function, developers can extract information from other websites.

This type of function was specifically allowed by the same origin policy in browsers so that it could improve the performance of different websites.

But XHR has been the cause of different problems in most Ajax based websites in terms of security. Attacks based XHR is common as it could accept information from other websites as well. That means malicious external data could be admitted which will lead to website attacks.

Enter CHR

An alternative for XHR is now available for improved security. Called CSSHttpRequest, it uses almost the same policy like XHR but instead of using XML, it uses CSS.

The data will stream using CSS and they could be efficiently implemented in the client side. This open source function also has a small footprint (like XHR) as it could be implemented in no time without lagging the whole application.

Through CHR you would have a highly efficient data gathering tool for the client side without the fuss of unsecured and sometimes complicated XHR. CHR is recommended for most types of websites and could be implemented in most popular browsers.

Comparing to JSONP

There are developers who compared CHR with JSONP – for a good reason. JSONP is basically a data gathering tool specifically built for JavaScript to stream information in the client side. It is basically a remote data gathering tool that is also limited in gathering information from other sources.

But this is where JSONP and CHR differ. CHR is only geared towards extracting information from specified websites and they do not accept unknown third party data. Developers have to pinpoint the exact location of the information thus avoiding unsecured data from running, and eventually ruining, the website.

Disadvantages of CHR

CHR is only limited to GET functions. Any other tools for external data gathering are not allowed with this function. That means this website is geared towards online tools that provides data instead of receiving them.

This limitation is given to CHR in order to improve the security of the website. Developers could pinpoint the information online instead of blindly looking and accepting information which could be harmful.

Another disadvantage of CHR is the apparent violation of CHR in the same origin policy. This does not happen in most browsers but only in Firefox 3. That means the latest browser in Firefox could hinder the development of some websites.

But there is actually a small workaround to implement CHR in Firefox 3 without violating the same origin policy. When this happens, use prototype to add variables in your CHR.

It will not affect your function but it will go through the same origin policy block provided by Firefox 3. This “hack” could be easily implemented as you just have to change a small part of CHR without compromising its original function.