douglas at crockford.com
Mon Mar 13 11:23:15 PST 2006
>> I am proposing a new mechanism for doing data transport in Ajax/Comet
>> applications. It is called JSONRequest. It is a minimal communications
>> facility that can be exempted from the Same Origin Policy.
>> You can read about it here: http://json.org/JSONRequest.html
> Unfortunately your security analysis is lacking some situations,
> Indeed the statement
> " It provides this highly valuable service while introducing no new
> security vulnerabilities. "
> is false, please remove it to avoid any confusion.
It would be very helpful if you could list the situations that you have determined are lacking.
More information about the whatwg