- From: Anne van Kesteren <fora@annevankesteren.nl>
- Date: Thu, 30 Mar 2006 17:30:17 +0200
Quoting Douglas Crockford <douglas at crockford.com>: > The central idea with the JSONRequest is that it is exempted from the > Same Origin Policy. It allows for exchanging data with a server in > any domain that specifically accepts JSONRequests. > > In order to be exempted from the Same Origin Policy, there are > several restrictions on JSONRequest in order to avoid data leakage or > authorization leakage. > > JSONRequest is not intended to replace XMLHttpRequest. It is intended > to be an alternative to the use of dynamic script tags to access data > from other domains. Given that it can't be used today anyway I'd rather have that the WHATWG, W3C came up with a more broader solution to the cross domain security problem. (AFAIK some work is going on at the W3C in that area.) -- Anne van Kesteren <http://annevankesteren.nl/>
Received on Thursday, 30 March 2006 07:30:17 UTC