Copyright © Mochikit - Javascript Library. All Rights Reserved

MochiKit.Async: Seamless Asynchronous Task Management

To manage the asynchronous tasks, MochiKit.Async is the demo you should look for. While being dependent on MochiKit.Base, this demo offers facilities so that you can manage various asynchronous tasks such as AJAX tasks. Taking inspiration from Twisted, this model for the asynchronous computation is utilized in the module. At the same time, there are some security concerns that you should be aware of. With the current evalJSONRequest implementation, no validation input is offered and the invalid JSON might execute some arbitrary JavaScript in client website. But, due to origin policy of web browsers, this is not such a big deal. The server-side codes producing JSON need to consider the potential forgery regarding cross-site request. Currently, the exploits need JSON array as the outer-most element while the leaked data should be known keys within objects.

In Order To Avoid Any Exploit To Json’s Common Usage, There Are A Few Methods

  • Using non-standard additions and adding constructs for preventing script tag parsing like wrapping data in infinite loop or comment.
  • Sending only JSON Objects instead of arrays as they are invalid JavaScript syntax without parentheses.
  • Requiring authentication token for URL
  • Allowing POST requests only for accessing sensitive JSON.

Deferred Constructor

While encapsulating a single value, which is unavailable yet, the deferred constructor is needed. For example, you can consider the XMLHttpRequest for the server because the Deferred here allows consistent API for all the asynchronous computations occurring exactly once. All the complicated jobs like waiting for timer or event, or coordinating various events or various Deferreds are done by the developer. As these tasks don’t respond quickly, the Deferred producer follows the steps –

  • Creating new Deferred(); object while keeping a reference
  • Setting up probable conditions for creating requested values
  • Returning Deferred object.

As the value is unavailable, consumer needs to attach a function with the Deferred to be approached when value will be ready. Besides, by attaching “errback” with Deferred, error handling gets so much easier.