W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2013

[webappsec] Proposed text for jsonp directives

From: Hill, Brad <bhill@paypal-inc.com>
Date: Sat, 12 Jan 2013 01:48:15 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E2783F551@DEN-EXDDA-S12.corp.ebay.com>
Per ACTION-98 assigned to me, attached find a draft of proposed text for two directives related to JSONP calls.  These directives would allow a protected resource to call legacy JSONP APIs using the src attribute of a script element, but constrain the execution to a safe, CORS-equivalent model. 

Feedback appreciated.

Brad Hill



Received on Saturday, 12 January 2013 01:48:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 12 January 2013 01:48:49 GMT