Google's Ajax API Simplifies Safe Mashups

Preventing cross-site scripting attacks is a common concern for JavaScript coders, and its essential when building hack-free mashups that safely access data from multiple sites. Usually that means keeping "man-in-the-middle" third parties from transparently hijacking the shared data requests, but Google has turned that logic on its head with the Google AJAX Feed API.

Unveiled at the Web 2.0 Expo, Google's new AJAX Feed API uses syndication feeds to provide access to data without creating security weaknesses. The new API works with RSS 0.9 through 2.0 and Atom 0.3 and 1.0. It doesn't provide direct access to feeds but caches the data on Google's servers using Feedfetcher and returns the data in JSON or XML formats. Note that the AJAX Feeds API only works with public feeds. Sign up to start using the API at Google Code

In other Google coding news, the Developer Programs team has added additional locations to Google Developer Day, due to the overwhelming response received so far. GDD will focus on developing Google's various APIs and tools, such as Google Maps, Google Gadgets, the Google Web Toolkit, and others.

Posted by John Dorsey at 02:45 PM  Permalink