[uf-rest] Introducing JAHAH (regarding JSONP)
David Janes -- BlogMatrix
davidjanes at blogmatrix.com
Thu Jan 5 11:41:49 PST 2006
You're free not to use it, of course.
My personal prediction, take that for what is worth, is that this "hole"
will not be filled -- it is too useful. The most severe form of
cross-domain hijacking -- being able to control, manipulate, and modify
an IFRAME -- doesn't have techniques that translate into JSON/SCRIPT
loading.
Most web users run Javascript from all over the place now -- every time
you visit a web page in fact, mostly. The biggest concern is for content
providers that "can I trust a web service being provided over JSON". If
you're doing e-commerce, probably not. If you're a weblog or static web
page displaying data, probably.
I will state this: if JSON is not for you (i.e. some generic person out
there), JAHAH isn't either.
Regards, etc...
David
Justin Maxwell wrote:
> This is an interesting approach. However, I can't even consider using
> it. How can exploiting browser flaws to bypass necessary security
> measures provide a permanent, dependable solution to anything?
More information about the microformats-rest
mailing list