ICEfaces uses XML for encoding page updates, so is not vulnerable to JavaScript hijacking, but including the icefacesID along with XMLHttpRequest POST data is necessary to prevent cross site request forgery.
A "tech talk" on GWT is posted on TheServerSide. Of course, if you're generally interested in Ajax you should also check out the tech talk on Ajax Push with ICEfaces just below the GWT talk. In keeping with allowing the developer to write Ajax applications in pure Java, ICEfaces also promotes Ajax development without JavaScript.
Slashdot Mirror
ICEfaces uses XML for encoding page updates, so is not vulnerable to JavaScript hijacking, but including the icefacesID along with XMLHttpRequest POST data is necessary to prevent cross site request forgery.
A "tech talk" on GWT is posted on TheServerSide. Of course, if you're generally interested in Ajax you should also check out the tech talk on Ajax Push with ICEfaces just below the GWT talk. In keeping with allowing the developer to write Ajax applications in pure Java, ICEfaces also promotes Ajax development without JavaScript.
AJAX doesn't have to break the web. ICEfaces maintains a live DOM of the application at all times which can be served to scripts if desired.