[whatwg] JSONRequest
Anne van Kesteren
fora at annevankesteren.nl
Thu Mar 30 07:30:17 PST 2006
Quoting Douglas Crockford <douglas at crockford.com>:
> The central idea with the JSONRequest is that it is exempted from the
> Same Origin Policy. It allows for exchanging data with a server in
> any domain that specifically accepts JSONRequests.
>
> In order to be exempted from the Same Origin Policy, there are
> several restrictions on JSONRequest in order to avoid data leakage or
> authorization leakage.
>
> JSONRequest is not intended to replace XMLHttpRequest. It is intended
> to be an alternative to the use of dynamic script tags to access data
> from other domains.
Given that it can't be used today anyway I'd rather have that the WHATWG, W3C
came up with a more broader solution to the cross domain security problem.
(AFAIK some work is going on at the W3C in that area.)
--
Anne van Kesteren
<http://annevankesteren.nl/>
More information about the whatwg
mailing list