Ajax hits the terrible twos

(via Jeremy Geelan at AjaxWorld magazine)

Happy Birthday, AJAX! – Two Years Old Already
Yesterday marked the passing of two years since Jesse James Garrett posted online his seminal essay, ‘Ajax: A New Approach to Web Applications’ and then went offline, on a trip. What he came back to is now a part of Web 2.0 and Rich Internet Applications history: it was as if simply giving a handy name to the technique behind a new, richer web somehow catapulted it into being.

Does this mean Ajax will now be headed into the terrible twos?

According to Vincent Ianelli, who wrote the About.com page on the subject:

Characterized by toddlers being negative about most things and often saying ‘no’, the terrible twos may also find your toddler having frequent mood changes and temper tantrum.

The last thing I need is for my web applications to start throwing temper tantrums – though I guess I would bring new meaning to setTimeout(); (bad javascript joke, sorry).

Here’s my take on the recommended tips for the terrible twos, translated for developers:

  • Have a regular routine
    • In other words, be disciplined about your approach to Ajax in application development – do things the same way each time. (This is also a good plug for using a mature framework, which encourages a routine)
  • Offer limited choices
    • Just because you can doesn’t mean you should. Rather than ajaxifying everything in your web app, start small with a few incremental improvements and move out from there.
  • Learn to set limits . . . and don’t be surprised when your toddler tried to test these limits
    • Remember that your javascript is exposed to the client, and can be tampered with – don’t trust anything that comes back from the client. Set limits, for example, on what html tags are allowed in user input and don’t be surprised when users try to inject malicious javascript.
  • Don’t give in to tantrums
    • This one works for developers without any translation.
  • Begin to use time-out and taking away privileges
    • See “set limits” above. Don’t enable client-side javascript any privileges it should not have – treat all client input as suspect. Error on the side of limiting functionality until you are sure it can be done securely.
  • Provide your toddler with a safe environment that is well childproofed
    • Make sure you have a development sandbox that lets you experiment with new functionality without impacting mainline production code.

Here’s hoping that Ajax gets through the terrible twos more quickly than the average toddler.