Datasheet
The result of the transformation is imported into the window’s document and replaces the correspond-
ing division. After this operation, the YUI panel needs to be reinitialized and rendered. The XSLT trans-
formation itself (
format.xsl) is too verbose to be printed here, and you’d need the introduction that
you’ll find in Chapter 5 to understand it. To give you a first glimpse of it, here is the template (a template
is a rule) that replaces the value of the
src attribute of the img element with the chart:
<xsl:template match=”x:img[@id=’yahoofinance.chart.img’]/@src” mode=”html”>
<xsl:attribute name=”src”>
<xsl:if test=”$watch/symbol”>
<xsl:value-of select=”concat(‘yahoo_chart.php?tag=’, $watch/symbol)”/>
</xsl:if>da
</xsl:attribute>
</xsl:template>
The conditions that trigger the template are defined in its match attribute. This one will apply to the src
attributes (trailing @src) whose parent element is x:img (in that case, img elements from the XHTML
namespace) and whose
id attribute is equal to yahoofinance.chart.img. The template replaces such
an attribute by a new attribute (
xsl:attribute statement) with the same name. The content of this new
attribute is the concatenation of
yahoo_chart.php?tag= and the symbol value which is found as the
symbol element of the variable $watch (xsl:value-of statement) only if the symbol exists (xsl:if
statement).
Applying the Final Touch
A lot of features have to be added and a lot of improvements to be performed before BuzzWatch can
compete with the most popular Web 2.0 applications. However, its technical basis is now relatively sta-
ble and the necessary improvements are out of the scope of this chapter. One point still remains weak,
and you’ll have a chance to improve on it before moving on to Chapter 2.
You may have noticed that there are six different PHP scripts:
index.php serves the pages; watch.php
lists watches, provides the definition of a single watch, and manages saving watches; and one script per
external source:
yahoo_quotes.php, yahoo_chart.php, yahoo_finance_news.php and delicious
.php
. There is nothing wrong with splitting BuzzWatch server-side operations into six and only six
scripts, but this is an implementation decision that may change over time and that’s not necessarily
something to expose to your users.
If you don’t do anything to avoid that, your users will have to use URLs with query strings such as
http://web2.0thebook.org/buzzwatch/index.php?name=wj-a or http://web2.0thebook.org/
delicious.php?tag=google
to identify the resources handled by BuzzWatch. Even if a lot of Web
applications expose URLs such as these ones, this is considered a bad practice for a number of reasons:
❑ Exposing the technology used server side through file extensions (here .php) is a bad idea: if
you decide to change this technology for example to move from PHP to Python or Java, you’ll
have to change your URLs and everyone knows that cool URIs don’t change. Furthermore, such
information is used by hackers to identify target sites on which they can test known security
flaws. Using a search engine such as Google, they can easily get a list of sites running PHP on
which they can try to exploit the latest weaknesses discovered in PHP. Of course, hiding this
information isn’t an adequate response if they’ve decided to hack your site, but exposing it con-
tributes to make your site one of these low-hanging fruits that they prefer.
33
Hello Web 2.0 World
04_087889 ch01.qxp 5/2/07 12:56 PM Page 33