W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2006

[whatwg] JSONRequest

From: Anne van Kesteren <fora@annevankesteren.nl>
Date: Thu, 30 Mar 2006 17:30:17 +0200
Message-ID: <20060330173017.puvwf6c2mdj4000s@webmail.annevankesteren.nl>
Quoting Douglas Crockford <douglas at crockford.com>:
> The central idea with the JSONRequest is that it is exempted from the 
> Same Origin Policy. It allows for exchanging data with a server in 
> any domain that specifically accepts JSONRequests.
> In order to be exempted from the Same Origin Policy, there are 
> several restrictions on JSONRequest in order to avoid data leakage or 
> authorization leakage.
> JSONRequest is not intended to replace XMLHttpRequest. It is intended 
> to be an alternative to the use of dynamic script tags to access data 
> from other domains.

Given that it can't be used today anyway I'd rather have that the WHATWG, W3C
came up with a more broader solution to the cross domain security problem.
(AFAIK some work is going on at the W3C in that area.)

Anne van Kesteren
Received on Thursday, 30 March 2006 07:30:17 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:45 UTC