Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Maximally Consumable Data
 anyway it is a security hazard because when you do that the script executes when you get it, That you are getting JSON in this way does not change the fact that you are allowing a JavaScript to execute inside of your client side application spac, opening up for all sorts of attacks. However there is some interesting work being done that may, at some point, allow one to get around this problem - look at CAJA. However currently I stand be earlier statement that the XML is a better solution because of better security control of data entering into the application. Cheers, Bryan Rasmussen On Mon, Apr 7, 2008 at 8:18 PM, Costello, Roger L. <costello@m...> wrote: > Hi Mukul, > > > > IMHO, what's different (great) about this scenario? > > I need to give more detail about how it works. > > A JavaScript Ajax application that is running in a browser can only > fetch data from the domain that it came from. It does this using the > XMLHttpRequest object. > > Quoting now from Bulletproof Ajax: > > "We can't use XMLHttpRequest to access the Web APIs offered by so many > sites these days. That's a real shame because most APIs return their > data in XML, which would be available in responseXML. > > The script element has no such security restrictions. It's possible to > access a JavaScript file from another domain in this way: > > <script type="text/javascript" > > src="http://www.xfront.com/us_states/json/javascript/us_states.js"></sc > ript> > > If you can request a JavaScript file from another domain, then you can > also request a JSON file. Remember, JSON is nothing more than > JavaScript." > > -- the author shows how this can be generated dynamically -- > > Thus, through this technique, the JavaScript running in your browser > can pull in data from any web service that serves up JSON (such as the > Yahoo web services). > > /Roger > > > > _______________________________________________________________________ > > XML-DEV is a publicly archived, unmoderated list hosted by OASIS > to support XML implementation and development. To minimize > spam in the archives, you must subscribe before posting. > > [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ > Or unsubscribe: xml-dev-unsubscribe@l... > subscribe: xml-dev-subscribe@l... > List archive: http://lists.xml.org/archives/xml-dev/ > List Guidelines: http://www.oasis-open.org/maillists/guidelines.php > > 
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
