jim.ley at gmail.com
Thu Mar 16 04:34:57 PST 2006
On 3/16/06, Hallvord R M Steen <hallvors at gmail.com> wrote:
> On 3/11/06, Jim Ley <jim.ley at gmail.com> wrote:
> > Accessing JSON resources on a local intranet which are
> > secured by nothing more than the requesting IP address.
> While this is a valid concern I think the conclusion "no *new*
> security vulnerabilities" is correct. If you today embed data on an
> SCRIPT tag and steal the data.
Could you please describe how exactly? the contents of remote script
elements are not typically available (and if they are it's a large
be queried, that is not the case with bare JSON.
More information about the whatwg