AJAX Questions Flashcards
What are the security issues with AJAX?
- Cross-Site Scripting (XSS): AJAX requests can be vulnerable to XSS attacks if proper input validation and output encoding measures are not implemented. If user-generated data is directly incorporated into AJAX requests without proper sanitization, an attacker can inject malicious scripts into the response, potentially compromising the user’s browser and stealing sensitive information.
- Cross-Site Request Forgery (CSRF): AJAX requests are susceptible to CSRF attacks if appropriate CSRF protection mechanisms are not in place. Without proper validation and verification, an attacker can trick a user’s browser into making unintended AJAX requests to a target website, potentially leading to unauthorized actions being performed on behalf of the user.
- Insecure Data Transmission: AJAX requests must be sent securely over HTTPS to protect sensitive data from interception and tampering. If AJAX requests are transmitted over an insecure HTTP connection, the data being sent, including user credentials or sensitive information, can be exposed to eavesdropping or manipulation.
- Information Leakage: AJAX responses may contain sensitive information that should not be disclosed to unauthorized users. Developers need to ensure that sensitive data is not unintentionally exposed in AJAX responses, such as through error messages or debugging information, as it can provide valuable insights to potential attackers.
- Server-Side Validation: AJAX should not be relied upon as the sole method of data validation. Client-side validation with AJAX can be bypassed by attackers, so it is essential to perform robust server-side validation and input sanitization to prevent malicious data from being processed.
What are the differences between synchronous and asynchronous requests?
A synchronous client constructs an HTTP structure, sends a request, and waits for a response. An asynchronous client constructs an HTTP structure, sends a request, and moves on.
What is the purpose of XMLHttpRequest?
XMLHttpRequest (XHR) objects are used to interact with servers. You can retrieve data from a URL without having to do a full page refresh. This enables a Web page to update just part of a page without disrupting what the user is doing.
What is the role of a callback function in AJAX?
Callback functions are used to handle responses from the server in Ajax. A callback function can be either a named function or an anonymous function.
List some tools available for debugging AJAX applications.
Chrome DevTools, Browser Extensions, Fiddler, Postman, Wireshark.
What is the difference between JavaScript and AJAX?
AJAX = Asynchronous JavaScript And XML.
AJAX is not a programming language.
AJAX allows web pages to be updated asynchronously by exchanging data with a web server behind the scenes. This means that it is possible to update parts of a web page, without reloading the whole page.
What are the different ready states of a request in AJAX?
In JavaScript, there are four different ready states of an AJAX request: unsent, opened, headers received, and done.
What are the types of postback in AJAX?
There are two types of postbacks in AJAX, which are synchronous postback and asynchronous postback.
Explain JSON in AJAX.
JSON is the best language for exchanging data due to its characteristics and simplicity. AJAX is a method of web development used to build interactive web applications. Web pages can request data from servers using AJAX without reloading the page. The JSON format is one that the AJAX technique uses to represent data.
Advantages of using JSON instead of XML in AJAX:
The Code of JSON will be short in comparison to XML that’s why transferring data will be smooth
JSON is easier to understand in comparison with XML
In JSON we can easily represent a NULL Value.
How do you test AJAX code?
- Manual Testing: manually triggering events and checking if the expected behaviors occurs.
- Browser DevTools: like chrome, Firefox etc
- Unit Testing: Jasmine, Mocha, etc
- End to End Testing: Selenium to simulate user interactions and check the resulting behavior
Using a Testing Framework: Testing frameworks like Jest, Chai, Enzyme.
