1. The front and back end should do a good job of security checks
Can not rely on the front-end to do security verification work, the back end must have a filtration mechanism to test the data from the front. Since Ajax also receives data from the backend, a distrust of the data is required and must be checked.
2. Try to transmit data in HTTP POST method
Using the Get method makes it easy for the observant to obtain information, although post is not foolproof, but it is safer than getting at least.
3. Do not invoke JSON objects directly with the Eval function
JSON (JavaScript Object notation) is a data format for JavaScript objects that, when uploaded to an AJAX program from the back end, must use the Eval function to turn it from a string to an object, and you must first check for illegal characters in the data. So that illegal programs start.
4. Limit the HTML syntax available to the user
Many AJAX Web sites allow users to use HTML syntax in their messages, and some specific syntax should be strictly restricted, such as <plaintext> or!--syntax, which will invalidate the program code that is placed behind it.
5. Use JavaScript syntax for page pages that are not allowed to leave messages
Although at first blush, it did happen on some forum platforms, which opened the door to XSS attacks.
6. Using the AJAX framework, you must pay attention to security issues
As hackers use JavaScript to attack with each passing day, when Web developers use the AJAX framework, we must pay attention to whether the framework itself to some specific methods of prevention and control behavior.
7. Let users know where they are
When Ajax loads a large amount of data, it sometimes gives the user the illusion that it is not sure if the button just pressed has any effect. Therefore, developers must design appropriate hints to let the user know the current state of the execution of the program.
8. Maintain a small amount of transmission
The flexibility of Ajax is to change the amount of local data dynamically, so small amounts of data transfer can achieve maximum benefit. If a large table is to be changed through the operation of the DOM, it is better to use the back-end program and database to operate it more efficiently.
9. Attention to ease of use and content balance
Ajax, while providing users with the ease of browsing, can cause search engines to fail to index data if all content is generated through Ajax. So the content-related part needs to be used with care Ajax.
10. Implementation of the graceful demotion principle
Instead of using AJAX technology in a holistic way, and only adding interactivity locally, it is important to consider users who do not support JavaScript and try to navigate the site without using these features.
