W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2006

[whatwg] JSONRequest

From: Gervase Markham <gerv@mozilla.org>
Date: Thu, 16 Mar 2006 21:13:43 +0000
Message-ID: <4419D507.9080706@mozilla.org>
Hallvord R M Steen wrote:
> You are right, if no variables are created one can't see the data by
> loading it in a  SCRIPT tag. Are you aware of intranets/CMSes that use
> this as a security mechanism?

That's not actually right. I'm pretty sure this came across a public
security list, so...

You can override the constructor on the prototype of the Object object
and get access to JSON objects before the JavaScript engine throws them
away when it realises they don't get assigned to a variable.

Or something like that, anyway. I can't remember exactly how it worked.
But I'm pretty sure that it's true that you can get JSON data if it's
not protected.

Received on Thursday, 16 March 2006 13:13:43 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:45 UTC