Difference between revisions of "JSONp"

From BC$ MobileTV Wiki
Jump to: navigation, search
Line 32: Line 32:
 
* JSONP -- JSON With Padding: http://ajaxian.com/archives/jsonp-json-with-padding
 
* JSONP -- JSON With Padding: http://ajaxian.com/archives/jsonp-json-with-padding
 
* Cross domain AJAX querying with jQuery: http://jquery-howto.blogspot.com/2009/04/cross-domain-ajax-querying-with-jquery.html
 
* Cross domain AJAX querying with jQuery: http://jquery-howto.blogspot.com/2009/04/cross-domain-ajax-querying-with-jquery.html
* Cross-domain requests with jQuery and Yahoo!'s YQL: http://james.padolsey.com/javascript/cross-domain-requests-with-jquery/
+
* Loading external content with Ajax using jQuery and YQL: http://www.wait-till-i.com/2010/01/10/loading-external-content-with-ajax-using-jquery-and-yql/
 +
* Cross-domain requests with jQuery and Google: http://james.padolsey.com/javascript/cross-domain-requests-with-jquery/
 
* Cross-domain RSS to JSON converter [jQuery plugin]: http://jquery-howto.blogspot.com/2009/11/cross-domain-rss-to-json-converter.html
 
* Cross-domain RSS to JSON converter [jQuery plugin]: http://jquery-howto.blogspot.com/2009/11/cross-domain-rss-to-json-converter.html
 +
  
  

Revision as of 18:31, 5 May 2010

JSON with Padding (commonly abbreviated JSONP) is a JSON extension wherein a prefix is specified as an input argument of the call itself. This padding prefix is typically the name of a callback function, but may also be a variable assignment, an if statement, or any other Javascript statement prefix. The original proposition appears to have been made in the MacPython blog in 2005 [17] and is now used by many Web 2.0 applications such as Dojo Toolkit Applications, Google Toolkit Applications[18] and Web Services. Further extensions of this protocol have been proposed by considering additional input arguments as, for example, is the case of JSONPP[1] supported by S3DB web services.

Because JSONP makes use of script tags, calls are essentially open to the world. For that reason, JSONP may be inappropriate to carry sensitive data.[20]

Including script tags from remote sites allows the remote sites to inject any content into a website. If the remote sites have vulnerabilities that allow JavaScript injection, the original site can also be affected.[2]



Examples

YouTube


Flickr


Twitter



External Links



See Also

JSON | AJAX | jQuery | JavaScript | XSS
  1. Almeida, Jonas (June 11, 2008). "JSON, JSONP, JSONPP?". S3DB: http://sites.google.com/a/s3db.org/s3db/documentation/mis/json-jsonp-jsonpp. Retrieved April 26, 2009.
  2. wikipedia: JSONP#JSONP