Developing an Ajax based Facebook application is always a challenging task. Unfortunately, Facebook does not admit Ajax head-on. What developers have been doing in their websites and applications to enable Ajax or to make it an Ajax based application will not be applied in Facebook.

The main reason of course is security.

Although most of the developers might find this move a little bit on the side of being paranoid, Facebook maybe right in one thing: they just wanted to make sure everything is secured. It may be ok to taunt hackers with Ajax in other aspects of life and business but to hack personal information especially of the kids is intolerable.

On the other hand, Facebook has acknowledged the interactivity Ajax can provide to their website. Being a lightweight tool, this development technique is too good that Facebook does not want Ajax to just float away from what they could do. Facebook eventually developed a unique coding technique for Ajax and called it Mock Ajax.

Mock Ajax wraps the Ajax based application. Again for security reason it makes developers build another code that eventually wraps their Ajax based application. Facebook also requires a little deviation in rendering the application.

So how does Facebook wraps the Ajax based application? When an attribute is triggered by a user, it sends the clickwriteform form so that it could be posted (using the command POST). After that, the form is again relayed to the application URL. In Ajax, the return should been an HTML function so that it could be read in a browser. Facebook on the other hand renders the result as FBML, which is a markup language for Facebook. And it does not end there – FBML is again reverted to HTML so that it could be injected to the innerHTML which was the original request of the user.

That really sounds complicated considering that FBML will have to be the end result of the application URL. But this “wrapping” technique is very effective when you consider security. The HTML result could have been hijacked and could be used at the whim of hacker. Developers will just find themselves building applications but the end result is not their webpage. With FBML, the source is a little bit harder to decode since the mark-up language is native to Facebook. If you are trying to hack FBML, you have to do it within the platform of Facebook but they should be able to detect any malicious activity.

We have to admit that this technique is a little bit difficult at first. The native mark-up language maybe a little bit different compared to XML or JSON but it is still a mark-up language and those who knows more than a thing or two in XML should understand the concept of Facebook quickly. Also, when you have stayed in Facebook long enough, coding could be a little bit easier. All you need is a little bit of creativity and persistence to know something new and you will find yourself working relentlessly to build the next big Facebook application.