[whatwg] JSONRequest

Anne van Kesteren fora at annevankesteren.nl
Thu Mar 30 07:30:17 PST 2006


Quoting Douglas Crockford <douglas at crockford.com>:
> The central idea with the JSONRequest is that it is exempted from the 
> Same Origin Policy. It allows for exchanging data with a server in 
> any domain that specifically accepts JSONRequests.
>
> In order to be exempted from the Same Origin Policy, there are 
> several restrictions on JSONRequest in order to avoid data leakage or 
> authorization leakage.
>
> JSONRequest is not intended to replace XMLHttpRequest. It is intended 
> to be an alternative to the use of dynamic script tags to access data 
> from other domains.

Given that it can't be used today anyway I'd rather have that the WHATWG, W3C
came up with a more broader solution to the cross domain security problem.
(AFAIK some work is going on at the W3C in that area.)


-- 
Anne van Kesteren
<http://annevankesteren.nl/>




More information about the whatwg mailing list