JSONP
Sign in to savethumb | right | alt=Graphical logo for JSONP | Graphical logo for JSONP JSONP, or JSON-P (JSON with Padding), is a JavaScript technique for requesting data via the HTML element. It was proposed by Bob Ippolito in 2005. JSONP enables sharing of data bypassing same-origin policy, which disallows running JavaScript code to read media DOM elements or XMLHttpRequest data fetched from outside the page's originating site. The originating site is indicated by a combination of URI scheme, hostname, and port number.
Article
12 sectionsContents
- Functionality
- Script element injection
- Security concerns
- Untrusted third-party code
- Whitespace differences
- Callback name manipulation and reflected file download attack
- Cross-site request forgery
- Rosetta Flash
- History
- See also
- References
- External links
thumb | right | alt=Graphical logo for JSONP | Graphical logo for JSONP JSONP, or JSON-P (JSON with Padding), is a JavaScript technique for requesting data via the HTML element. It was proposed by Bob Ippolito in 2005. JSONP enables sharing of data bypassing same-origin policy, which disallows running JavaScript code to read media DOM elements or XMLHttpRequest data fetched from outside the page's originating site. The originating site is indicated by a combination of URI scheme, hostname, and port number.
JSONP requests are vulnerable to the data source replying with malicious code, which is why it has been enhanced by CORS (cross-origin resource sharing, available since 2009) in modern applications.