AJAX troubles
|
One of our articles this week is a news item about potential security problems in web browsers, especially pertaining to ActiveX. Over the last couple years I've heard a lot of comments in the news about ActiveX, and it's clear that people making these comments don't even realize what exactly ActiveX is. They seem to think it's nothing more than a way of spicing up your user interface and that it's ultimately unnecessary. But what they're doing is causing a problem for us web developers. |
Consider AJAX. In order to write javascript code that opens up a request to a web server and pulls down a file, you need to create an instance of an XMLHttpRequest. In Firefox, this is a built-in object, and it is in IE 7 as well. But prior to IE 7, in order to create this object, you have to instantiate it as an ActiveX control.
Security people are telling us to completely turn off ActiveX. But for those of us who write modern web applications, we can't have our customers that are using IE prior to 7 turning off ActiveX, or our applications will fail.
Right now I don't have a recommendation. If you're writing a small, in-house app to be used on an intranet, you can easily work with the users of IE6 to configure it so it'll run. But if you're creating an application to be used across the world on the internet at large, then the last thing you need is for all your IE6 users to be stuck unable to use your product. (And do you want to tell them, "Upgrade if you want to be able to use my product"? Somehow I don't think they'll upgrade. They'll just leave and go use your competitor's outdated web site.)
This is not good, and I don't know right now what the answer is. Any thoughts from all of you?
-Jeff
