[whatwg] JSONRequest

Douglas Crockford douglas at crockford.com
Mon Mar 13 11:23:15 PST 2006


>> I am proposing a new mechanism for doing data transport in Ajax/Comet
>> applications. It is called JSONRequest. It is a minimal communications
>> facility that can be exempted from the Same Origin Policy.
>>
>> You can read about it here: http://json.org/JSONRequest.html

> Unfortunately your security analysis is lacking some situations,
> Indeed the statement

> " It provides this highly valuable service while introducing no new
> security vulnerabilities. "

> is false, please remove it to avoid any confusion.

It would be very helpful if you could list the situations that you have determined are lacking.







More information about the whatwg mailing list