jim.ley at gmail.com
Thu Mar 16 11:04:43 PST 2006
On 3/16/06, Hallvord R M Steen <hallvors at gmail.com> wrote:
> > > If you today embed data on an
> > > SCRIPT tag and steal the data.
> > Could you please describe how exactly? the contents of remote script
> > elements are not typically available (and if they are it's a large
> > be queried, that is not the case with bare JSON.
> You are right, if no variables are created one can't see the data by
> loading it in a SCRIPT tag. Are you aware of intranets/CMSes that use
> this as a security mechanism?
Yes, I've shipped systems, and seen many others where the only
protection on the internal side is IP based, and use JSON data
retrieved by XHR and new Function'd into JS objects. It's quite
common in fact.
More information about the whatwg