W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008

Re: Comments on: Access Control for Cross-site Requests

From: Ric Johnson <ricjohnsoniii@gmail.com>
Date: Wed, 2 Jan 2008 15:29:16 -0500
Message-ID: <cecfffbf0801021229n1316999emaee4d24c906a7992@mail.gmail.com>
To: douglas@crockford.com
Cc: public-appformats@w3.org, "Jon Ferraiolo" <jferrai@us.ibm.com>

I think JSON is great, but the main problem with JSONRequest is
implementations in other browsers.

Doug: Can you add any links to http://json.org/JSONRequest.html ?

Jon Ferraiolo:  I know you have been working with Microsoft on
OpenAjax - Do you know how IE8 _might_ support JSON natively?

Ric Johnson

On Jan 2, 2008 12:58 PM, Douglas Crockford <douglas@crockford.com> wrote:
> > > Below are comments from Doug Crockford:
> >
> > > [...] I believe there are more elegant and reliable approaches to
> > > providing a safe alternatives to the script tag hack.
> > I'd be interested in hearing about such a proposal.
> One such proposal is JSONRequest (http://json.org/JSONRequest.html). An implementation for FireFox is available at http://crypto.stanford.edu/jsonrequest/.
> JSONRequest does not allow the server to abdicate its responsibility of deciding if the data should be delivered to the browser. Therefore, no policy language is needed. JSONRequest requires explicit authorization. Cookies and other tokens of ambient authority are neither sent nor delivered.
> JSONRequest has a significantly nicer programming model than XMLHttpRequest.
> JSONRequest only supports one encoding format: JSON. Some people see this as a disadvantage, but I think it is not. It can be used to wrap any other format.
>     {"xml": "<?xml..."}
Received on Wednesday, 2 January 2008 20:29:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:56:21 UTC