Difference between revisions of "JSONp"
| Line 32: | Line 32: | ||
* JSONP -- JSON With Padding: http://ajaxian.com/archives/jsonp-json-with-padding | * JSONP -- JSON With Padding: http://ajaxian.com/archives/jsonp-json-with-padding | ||
* Cross domain AJAX querying with jQuery: http://jquery-howto.blogspot.com/2009/04/cross-domain-ajax-querying-with-jquery.html | * Cross domain AJAX querying with jQuery: http://jquery-howto.blogspot.com/2009/04/cross-domain-ajax-querying-with-jquery.html | ||
| − | * Cross-domain requests with jQuery and | + | * Loading external content with Ajax using jQuery and YQL: http://www.wait-till-i.com/2010/01/10/loading-external-content-with-ajax-using-jquery-and-yql/ |
| + | * Cross-domain requests with jQuery and Google: http://james.padolsey.com/javascript/cross-domain-requests-with-jquery/ | ||
* Cross-domain RSS to JSON converter [jQuery plugin]: http://jquery-howto.blogspot.com/2009/11/cross-domain-rss-to-json-converter.html | * Cross-domain RSS to JSON converter [jQuery plugin]: http://jquery-howto.blogspot.com/2009/11/cross-domain-rss-to-json-converter.html | ||
| + | |||
Revision as of 18:31, 5 May 2010
JSON with Padding (commonly abbreviated JSONP) is a JSON extension wherein a prefix is specified as an input argument of the call itself. This padding prefix is typically the name of a callback function, but may also be a variable assignment, an if statement, or any other Javascript statement prefix. The original proposition appears to have been made in the MacPython blog in 2005 [17] and is now used by many Web 2.0 applications such as Dojo Toolkit Applications, Google Toolkit Applications[18] and Web Services. Further extensions of this protocol have been proposed by considering additional input arguments as, for example, is the case of JSONPP[1] supported by S3DB web services.
Because JSONP makes use of script tags, calls are essentially open to the world. For that reason, JSONP may be inappropriate to carry sensitive data.[20]
Including script tags from remote sites allows the remote sites to inject any content into a website. If the remote sites have vulnerabilities that allow JavaScript injection, the original site can also be affected.[2]
Examples
YouTube
- YouTube AJAX API integration (video/playlist search): http://www.yvoschaap.com/youtube.html
Flickr
- Flickr AJAX API integration (photo/photoset search): http://kylerush.net/javascript/tutorial-flickr-api-javascript-jquery-ajax-json-build-detailed-photo-wall/
- Twitter JSON/JSONP API URL: http://jquery-howto.blogspot.com/2009/04/twitter-jsonjsonp-api-url.html
External Links
- JSONP -- JSON With Padding: http://ajaxian.com/archives/jsonp-json-with-padding
- Cross domain AJAX querying with jQuery: http://jquery-howto.blogspot.com/2009/04/cross-domain-ajax-querying-with-jquery.html
- Loading external content with Ajax using jQuery and YQL: http://www.wait-till-i.com/2010/01/10/loading-external-content-with-ajax-using-jquery-and-yql/
- Cross-domain requests with jQuery and Google: http://james.padolsey.com/javascript/cross-domain-requests-with-jquery/
- Cross-domain RSS to JSON converter [jQuery plugin]: http://jquery-howto.blogspot.com/2009/11/cross-domain-rss-to-json-converter.html
See Also
JSON | AJAX | jQuery | JavaScript | XSS- ↑ Almeida, Jonas (June 11, 2008). "JSON, JSONP, JSONPP?". S3DB: http://sites.google.com/a/s3db.org/s3db/documentation/mis/json-jsonp-jsonpp. Retrieved April 26, 2009.
- ↑ wikipedia: JSONP#JSONP
