Difference between revisions of "JSONp"

From BC$ MobileTV Wiki
Jump to: navigation, search
(One intermediate revision by the same user not shown)
Line 80: Line 80:
* JSON-P: http://json-p.org
* JSON-P: http://json-p.org
* Security risks with JSONP?: https://security.stackexchange.com/questions/23438/security-risks-with-jsonp/23439#23439
Line 115: Line 116:
== See Also ==
== See Also ==
[[JSON]] | [[AJAX]] | [[jQuery]] | [[JavaScript]] | [[XSS]]
[[JSON]] | [[AJAX]] | [[jQuery]] | [[JavaScript]] | [[XSS]] | [[CORS]]

Latest revision as of 15:33, 26 September 2018

JSON with Padding (commonly abbreviated JSONP) is a JSON extension wherein a prefix is specified as an input argument of the call itself. This padding prefix is typically the name of a callback function, but may also be a variable assignment, an if statement, or any other Javascript statement prefix. The original proposition appears to have been made in the MacPython blog in 2005 [17] and is now used by many Web 2.0 applications such as Dojo Toolkit Applications, Google Toolkit Applications[18] and Web Services. Further extensions of this protocol have been proposed by considering additional input arguments as, for example, is the case of JSONPP[1] supported by S3DB web services.

Because JSONP makes use of script tags, calls are essentially open to the world. For that reason, JSONP may be inappropriate to carry sensitive data.[20]

Including script tags from remote sites allows the remote sites to inject any content into a website. If the remote sites have vulnerabilities that allow JavaScript injection, the original site can also be affected.[2]


BC$ MobileTV

oEmbed - JSON endpoint:


oEmbed - special JSONp endpoint (direct):












  • JSONPify - a simple way to access feeds and web services from a client based web application: http://jsonpify.com/



External Links


  1. Almeida, Jonas (June 11, 2008). "JSON, JSONP, JSONPP?". S3DB: http://sites.google.com/a/s3db.org/s3db/documentation/mis/json-jsonp-jsonpp. Retrieved April 26, 2009.
  2. wikipedia: JSONP#JSONP
  3. Facebook Connect JavaScript SDK: http://github.com/facebook/connect-js
  4. Facebook JavaScript Client Library: http://wiki.developers.facebook.com/index.php/JavaScript_Client_Library
  5. Old JavaScript SDK: http://developers.facebook.com/docs/reference/oldjavascript/
  6. Building a Better Photo Uploader (with JSONp): http://www.facebook.com/note.php?note_id=178492968919
  7. Cross-domain communications with JSONP, Part 1 -- Combine JSONP and jQuery to quickly build powerful mashups: http://www.ibm.com/developerworks/web/library/wa-aj-jsonp1/index.html
  8. Cross-domain communications with JSONP, Part 2 -- Building mashups with JSONP, jQuery, and Yahoo! Query Language: http://www.ibm.com/developerworks/web/library/wa-aj-jsonp2/index.html
  9. YQL and JSONP-X (aka. json-p-x, jsonpx, json-px): http://paul.donnelly.org/2009/07/08/yql-and-jsonp-x/
  10. Mashups with JSONP, jQuery and YQL: http://projects.ischool.washington.edu/tabrooks/343INFOAutumn09/JSONP/jsonpJqueryYQL.htm

See Also

JSON | AJAX | jQuery | JavaScript | XSS | CORS