Title: Code downloading with AJAX
Author: Alex Kirk
Published: October 5, 2005

---

# Code downloading with AJAX

October 5, 2005

Earlier, I suggested to use Code Downloading in order to reduce the size of AJAX
application. I left the term undescribed, but I will change this now:

As JavaScript is an interpreted language, it is quite easy to load additional code,
even after the application has “started”. This means that only code absolutely necessary
to display the app has to be loaded initially.

In the following example, we define a function test() in the context of an object
App. Then via Ajax the original code is overwritten. Naturally also new functions
can be loaded.
 `

The downloaded code is eval’uated, i.e. it is executed. You cannot only execute 
statements but also define variables and functions.
 Source of load.js: ` App.test
= function() { alert("additional code loaded"); }

I have set up an [example implementation of this](https://alex.kirk.at/area7/2005/10/05/).

This allows more flexibility for larger apps. My “negative” example, [Kiko](http://www.kiko.com/),
could use this method to enormously reduce the amount of code to be loaded initially.

I alse see the possibility to only store encrypted Javascript source code on the
server and decrypt it on-the-fly (of course also this would only prevent script 
kiddies from stealing, but it could challenge some hacker a bit more).

ajax, code downloading

[Ajax](https://alex.kirk.at/category/code/ajax/)

Read this next

[Documenting prototype.js for AJAX](https://alex.kirk.at/2005/10/05/documenting-prototypejs-for-ajax/)

## 3 responses to “Code downloading with AJAX”

 1.  ![Michael Mahemoff Avatar](https://secure.gravatar.com/avatar/19bf57e57589a1d5207f96a85d592a8f40e502b88d8b13b057eca89e82264a58?
     s=48&d=mm&r=g)
 2.  [Michael Mahemoff](http://ajaxpatterns.org)
 3.  [October 6, 2005](https://alex.kirk.at/2005/10/05/code-downloading-with-ajax/comment-page-1/#comment-6)
 4.  Hi Alex, it sounds like [ I guessed right wrt “code downloading”](http://www.softwareas.com/ajax-can-improve-performance-too).
     FYI Here’s [demo](http://www.softwareas.com/ajax-can-improve-performance-too) 
     based on an alternative approach – changing the head. The main part is:
 5.   if (self.uploadMessages) { // Already exists
      return; } var head = document.getElementsByTagName(“
     head”)[0]; script = document.createElement(‘script’); script.type = ‘text/javascript’;
     script.src = “upload.js”; head.appendChild(script)
 6.  eval() is probably better from a memory perspective, this is just an interesting
     alternative.
 7.  Regarding encryption, Richard Schwartz started a conversation a while ago about
     [JS decryption](http://smokey.rhs.com/web/blog/PowerOfTheSchwartz.nsf/d6plinks/RSCZ-6C5G54)
     to protect data on the host side – [Host-Proof Hosting](http://www.ajaxpatterns.org/Host-Proof_Hosting).
     Hadn’t considered it from a JS perspective because – as you allude to – it’s easy
     enough to reveal the JS. But given the lengths people go to in order to protect
     their scripts, it’s an interesting idea.
 8.  [Log in to Reply](https://alex.kirk.at/wp-login.php?redirect_to=https%3A%2F%2Falex.kirk.at%2F2005%2F10%2F05%2Fcode-downloading-with-ajax%2F)
 9.  ![Richard Avatar](https://secure.gravatar.com/avatar/557ed1024931cbc43e1ee0eaddaedbea28e998f1c1c82d143deac899832ef25d?
     s=48&d=mm&r=g)
 10. [Richard](http://smokey.rhs.com/poweroftheschwartz)
 11. [October 6, 2005](https://alex.kirk.at/2005/10/05/code-downloading-with-ajax/comment-page-1/#comment-10)
 12. Yes, I’m sure my technique using Blowfish could be used to give some protection
     to downloaded code — but since the client-side would have to know the key to decrypt,
     the protection would be minimal. Script-kiddie protetion, as alluded to, at best.
     The other issue with using Blowfish is that the crypto-text is binary, so it would
     normally be base64 encoded after encyrption — which expands the size of the download.
     So you might want to compress and then encrypt — hoping to break even or maybe
     even save a few bits, at the cost of some extra client-side cycles. And really,
     the compression alone might provide just as much script-kiddie protection as the
     crypto
 13. -rich
 14. [Log in to Reply](https://alex.kirk.at/wp-login.php?redirect_to=https%3A%2F%2Falex.kirk.at%2F2005%2F10%2F05%2Fcode-downloading-with-ajax%2F)
 15. ![Erik Arvidsson Avatar](https://secure.gravatar.com/avatar/c9e45c66e3481626cec0d7e65e7ff0adeb8ec36abec2c51340b15e137c6693e4?
     s=48&d=mm&r=g)
 16. [Erik Arvidsson](http://erik.eae.net/)
 17. [October 10, 2005](https://alex.kirk.at/2005/10/05/code-downloading-with-ajax/comment-page-1/#comment-20)
 18. Be careful when using XHR for downloading js code. Firefox does not cache any 
     data when using XHR and therefore the old school method (as explained by Michael
     above) is usually better.
 19. [Log in to Reply](https://alex.kirk.at/wp-login.php?redirect_to=https%3A%2F%2Falex.kirk.at%2F2005%2F10%2F05%2Fcode-downloading-with-ajax%2F)

### Leave a Reply 󠀁[Cancel reply](https://alex.kirk.at/2005/10/05/code-downloading-with-ajax/comment-page-1/?output_format=md#respond)󠁿

Only people in [my network](https://alex.kirk.at/friends/) can comment.

This site uses Akismet to reduce spam. [Learn how your comment data is processed.](https://akismet.com/privacy/)