Added description for using Ajax

[robbiejackson]

User description

Added description of using Ajax in components.

Added description of using Ajax in plugins, modules and templates using com_ajax.

Added com_ajaxdemo example component.

Please also check its code at https://github.com/joomla/manual-examples/tree/main/component-ajaxdemo

---

PR Type

documentation

---

Description

• Added comprehensive documentation for using Ajax in Joomla components, including a detailed example component (com_ajaxdemo).
• Introduced a new section for example components, providing worked examples of various types.
• Documented the use of Ajax and JsonResponse in Joomla components, with examples and code snippets.
• Explained how to use com_ajax for handling Ajax requests in modules, plugins, and templates, with practical examples.

---

Changes walkthrough 📝

Relevant files

Documentation

ajaxdemo.md Add documentation for Ajax demo component in Joomla            docs/building-extensions/components/component-examples/ajaxdemo.md Added a detailed description of the Ajax demo component. Explained how to use Ajax within a Joomla component. Provided summaries of main source files in the component. +83/-0    index.md Introduce section for example components                                  docs/building-extensions/components/component-examples/index.md Introduced a new section for example components. Added a brief introduction to component examples. +9/-0      ajax.md Document Ajax usage and JsonResponse in Joomla components docs/general-concepts/javascript/ajax.md Added documentation on using Ajax and JsonResponse in Joomla components. Included examples and code snippets for JsonResponse usage. Explained routing and handling Ajax requests. +163/-0  com-ajax.md Document com_ajax usage for Joomla extensions                        docs/general-concepts/javascript/com-ajax.md Added documentation on using com_ajax for modules, plugins, and templates. Provided examples and instructions for setting up Ajax calls. Explained the use of com_ajax as a proxy for extensions. +162/-0

---

💡 PR-Agent usage: Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-pro[bot]]

PR-Agent was enabled for this repository. To continue using it, please link your git user with your CodiumAI identity here.

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 No relevant tests

🔒 Security concerns Sensitive information exposure: The documentation includes examples of handling Ajax requests and responses, which could potentially expose sensitive information if not properly secured. For instance, in the Ajax demo component (docs/building-extensions/components/component-examples/ajaxdemo.md), there's no mention of input validation or sanitization for the division operation, which could lead to potential vulnerabilities if user input is not properly handled. Additionally, the examples in docs/general-concepts/javascript/ajax.md and docs/general-concepts/javascript/com-ajax.md don't explicitly mention security best practices such as CSRF protection or input validation, which should be emphasized when dealing with Ajax requests.

⚡ Key issues to review Security Concern The component allows direct user input for division operation without proper input validation, which could lead to potential security vulnerabilities. Error Handling The example code catches all exceptions generically, which might hide specific errors and make debugging more difficult. Code Smell The example suggests modifying core Joomla files (Cassiopeia template), which is not a recommended practice and could lead to maintenance issues.

[codiumai-pr-agent-pro[bot]]

PR-Agent was enabled for this repository. To continue using it, please link your git user with your CodiumAI identity here.

PR Code Suggestions ✨

Category	Suggestion	Score
Security	Add information about security considerations when using com_ajax to promote safer Ajax implementations ___ **Consider adding a brief explanation of security considerations when using com_ajax, such as the importance of input validation and output escaping. This would help developers create more secure Ajax implementations.** [docs/general-concepts/javascript/com-ajax.md [159]](https://github.com/joomla/Manual/pull/311/files#diff-e97e3962c520c6a16b16b15c8379fc5d870a544728dfa46bd88533929cac5179R159-R159) ```diff Of course, you should never write files in a folder belonging to Joomla's core files. +When using com_ajax, it's crucial to implement proper security measures: + +1. Always validate and sanitize input data on both client and server sides. +2. Use Joomla's input filtering methods (e.g., `$input->get()`) to clean incoming data. +3. Implement proper access controls to ensure only authorized users can make Ajax calls. +4. Use Joomla's output escaping functions (e.g., `htmlspecialchars()`) when outputting data to prevent XSS attacks. +5. Consider using Joomla's CSRF token system for Ajax requests to prevent CSRF attacks. + +Remember, security is a critical aspect of any Ajax implementation. + ``` - [ ] **Apply this suggestion** Suggestion importance[1-10]: 9 Why: The suggestion addresses critical security concerns that are essential for developers to implement secure Ajax functionalities. It highlights important practices like input validation and output escaping, which are crucial for preventing common security vulnerabilities.	9
Enhancement	Add an example of handling the JSON response on the client-side to complete the Ajax workflow explanation ___ **Consider adding a brief explanation of how to handle the JSON response on the client-side. This would provide a more complete picture of the Ajax workflow in Joomla components.** [docs/general-concepts/javascript/ajax.md [147]](https://github.com/joomla/Manual/pull/311/files#diff-3d54a3d9ceadc658efede4491cf7528182b2213c785b7e8784c1f54e6e30f4bfR147-R147) ```diff Joomla.renderMessages(result.messages, undefined, true); +// Example of handling the JSON response +fetch('your_ajax_url') + .then(response => response.json()) + .then(data => { + if (data.success) { + // Handle successful response + console.log(data.data); + if (data.message) { + Joomla.renderMessages({"message": [data.message]}); + } + } else { + // Handle error + console.error(data.message); + Joomla.renderMessages({"error": [data.message]}); + } + if (data.messages) { + Joomla.renderMessages(data.messages, undefined, true); + } + }) + .catch(error => { + console.error('Error:', error); + }); + ``` - [ ] **Apply this suggestion** Suggestion importance[1-10]: 8 Why: This suggestion is valuable as it completes the Ajax workflow explanation by showing how to handle JSON responses, which is essential for developers to understand the full cycle of Ajax requests and responses in Joomla components.	8
	Add a JavaScript code example to demonstrate how to set up the Ajax call in the component ___ **Consider adding a brief code snippet demonstrating how to set up the Ajax call in JavaScript. This would provide a more complete picture of how the Ajax functionality is implemented in the component.** [docs/building-extensions/components/component-examples/ajaxdemo.md [34-36]](https://github.com/joomla/Manual/pull/311/files#diff-b0fcbf59e34dce47150ebdefd06198ae671876592c966de3c66c480213b52656R34-R36) ```diff When the Divide button is pressed the JavaScript code sends an Ajax request using `task` set to "ajax.divide". -Based on this the default Dispatcher will instantiate this component's AjaxController and call its `divide` method. +Based on this the default Dispatcher will instantiate this component's AjaxController and call its `divide` method. +Here's a basic example of how the Ajax call might be set up in JavaScript: + +```javascript +document.getElementById('divideButton').addEventListener('click', function() { + var a = document.getElementById('a').value; + var b = document.getElementById('b').value; + + fetch('index.php?option=com_ajaxdemo&task=ajax.divide', { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: JSON.stringify({a: a, b: b}) + }) + .then(response => response.json()) + .then(data => { + // Handle the response + console.log(data); + }) + .catch((error) => { + console.error('Error:', error); + }); +}); +``` + ``` - [ ] **Apply this suggestion** Suggestion importance[1-10]: 7 Why: The suggestion provides a practical example that enhances the documentation by showing how to implement the Ajax call, which can be beneficial for developers unfamiliar with the process. However, it is not crucial for understanding the overall component functionality.	7