W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2006

[whatwg] JSONRequest

From: Douglas Crockford <douglas@crockford.com>
Date: Mon, 13 Mar 2006 11:23:15 -0800 (PST)
Message-ID: <20060313192315.8818.qmail@web31804.mail.mud.yahoo.com>
>> I am proposing a new mechanism for doing data transport in Ajax/Comet
>> applications. It is called JSONRequest. It is a minimal communications
>> facility that can be exempted from the Same Origin Policy.
>> You can read about it here: http://json.org/JSONRequest.html

> Unfortunately your security analysis is lacking some situations,
> Indeed the statement

> " It provides this highly valuable service while introducing no new
> security vulnerabilities. "

> is false, please remove it to avoid any confusion.

It would be very helpful if you could list the situations that you have determined are lacking.
Received on Monday, 13 March 2006 11:23:15 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:45 UTC