[whatwg] JSONRequest

>> I am proposing a new mechanism for doing data transport in Ajax/Comet
>> applications. It is called JSONRequest. It is a minimal communications
>> facility that can be exempted from the Same Origin Policy.
>>
>> You can read about it here: http://json.org/JSONRequest.html

> Unfortunately your security analysis is lacking some situations,
> Indeed the statement

> " It provides this highly valuable service while introducing no new
> security vulnerabilities. "

> is false, please remove it to avoid any confusion.

It would be very helpful if you could list the situations that you have determined are lacking.

Received on Monday, 13 March 2006 11:23:15 UTC