W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2006

[whatwg] JSONRequest

From: Anne van Kesteren <fora@annevankesteren.nl>
Date: Thu, 30 Mar 2006 17:30:17 +0200
Message-ID: <20060330173017.puvwf6c2mdj4000s@webmail.annevankesteren.nl>
Quoting Douglas Crockford <douglas at crockford.com>:
> The central idea with the JSONRequest is that it is exempted from the 
> Same Origin Policy. It allows for exchanging data with a server in 
> any domain that specifically accepts JSONRequests.
>
> In order to be exempted from the Same Origin Policy, there are 
> several restrictions on JSONRequest in order to avoid data leakage or 
> authorization leakage.
>
> JSONRequest is not intended to replace XMLHttpRequest. It is intended 
> to be an alternative to the use of dynamic script tags to access data 
> from other domains.

Given that it can't be used today anyway I'd rather have that the WHATWG, W3C
came up with a more broader solution to the cross domain security problem.
(AFAIK some work is going on at the W3C in that area.)


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
Received on Thursday, 30 March 2006 07:30:17 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:45 UTC