[whatwg] JSONRequest

Anne van Kesteren fora at annevankesteren.nl
Thu Mar 30 07:30:17 PST 2006

Quoting Douglas Crockford <douglas at crockford.com>:
> The central idea with the JSONRequest is that it is exempted from the 
> Same Origin Policy. It allows for exchanging data with a server in 
> any domain that specifically accepts JSONRequests.
> In order to be exempted from the Same Origin Policy, there are 
> several restrictions on JSONRequest in order to avoid data leakage or 
> authorization leakage.
> JSONRequest is not intended to replace XMLHttpRequest. It is intended 
> to be an alternative to the use of dynamic script tags to access data 
> from other domains.

Given that it can't be used today anyway I'd rather have that the WHATWG, W3C
came up with a more broader solution to the cross domain security problem.
(AFAIK some work is going on at the W3C in that area.)

Anne van Kesteren

More information about the whatwg mailing list