New Perl module: Net::SAJAX

I have created and uploaded a new module to the CPAN today: Net::SAJAX. This module came about because I am writing private modules that interact with some public applications that utilize the SAJAX library. Please note, though, that this is a horrible library. It is only really functional in PHP, even though the creators name off many other languages it can be used with. Instead of duplicating this code in multiple modules of mine, I wrapped it up in its own library and released it for other people to use.

The module itself was engineered based on looking over the source code of the server-side and client-side source code for SAJAX version 0.12. Even though some of it I feel is bad, I wanted it to match how the SAJAX client code actually works. Due to the horrible fact that SAJAX just responds back with actual JavaScript code, I had to use the Perl module JE to parse and execute the code to be the most compatible.

#!/usr/bin/env perl
use 5.008003;
use strict;
use warnings 'all';
use Net::SAJAX 0.001;
# Get the first and last name to search for from command line
my ($first_name, $last_name) = @ARGV[1,2];
# Create a SAJAX object
my $sajax = Net::SAJAX->new(
  url => '',
# Look up a person in the directory
my $people = $sajax->call(
  function  => 'SearchDirectory',
  arguments => [$first_name, $last_name],
print "Found the following people:\n";
# Loop through each person and print
foreach my $person (@{$people}) {
  printf "%s, %s: %s\n",
    $person->{last_name   },
    $person->{first_name  },
exit 0;

Essentially the SAJAX request works by sending the following parameters via. query for GET requests and POST data for POST requests:

The name of the registered function on the server-side.
The target element ID for the element on the web page. I am not sure why this is even sent, as the underlying registered function does not see this parameter.
A random value. This is an old way to help defeat a cache since the URL is different even if the same function and parameters are requested.
This contains one argument and is directly given to the registered function. For two arguments, the key just appears twice, like rsargs[]=first_arg&rsargs[]=second_arg.

The server will then respond in a pretty bad format. The format of the response matches the following regular expression: m{\A \s* ([+-]) : (.*?) \s* \z}msx. This is actually what is seems like they intended, but due to sloppy client-side programming, it is actually less restrictive than that. The client side actually checks if the first character is a minus sign and the rest is just an error string to alert, but any other character is considered a success and the rest of the response is just put in a JavaScript eval(). This bad behavior is mimicked in my library in case they decide to change the server-side response since their client-side does that.

Leave a Reply