
Also known as JSON with Padding
thumb | right | alt=Graphical logo for JSONP | Graphical logo for JSONP JSONP, or JSON-P (JSON with Padding), is a JavaScript technique for requesting data via the HTML element. It was proposed by Bob Ippolito in 2005. JSONP enables sharing of data bypassing same-origin policy, which disallows running JavaScript code to read media DOM elements or XMLHttpRequest data fetched from outside the page's originating site. The originating site is indicated by a combination of URI scheme, hostname, and port number.
Remote JSON - JSONP
bob.ippoli.to →The browser security model dictates that XMLHttpRequest, frames, etc. must have the same domain in order to communicate. That's not a terrible idea, for security reasons, but it sure does make distributed (service oriented, mash-up, whatever it's called this week) web development suck. Needs infrastructure (can't run a serverless client) and you get double-taxed on bandwidth and latency (remote - proxy - client). Remote host needs to deploy a crossdomain.xml file, Flash is relatively proprietary and opaque to use, requires learning a one-off moving target programming langage. I'm proposing a new technology agnostic standard methodology for the script tag method for cross-domain data fetching: JSON with Padding , or simply JSONP . The client decides on the arbitrary prepended text by using a query argument named jsonp with the text to prepend. Simple! With an empty jsonp argument, the result document is simply JSON wrapped in parentheses. Let's take the del.icio.us JSON API as an example. This API has a "script tag" variant that looks like this: See, because we're wrapping with parentheses, a JSONP request can translate into a function call or a plain old JSON literal. All the server needs to do differently is prepend a little bit of text to the beginning and wrap the JSON in parentheses! Now, of course, you'd have libraries like MochiKit , Dojo , etc. abstracting JSONP so that you don't have to write the ugly DOM script tag insertion yourself, etc. Of course, this just solves the standardization problem. Your page is still toast if the remote host decides to inject malicious code instead of JSON data. However, if implemented, it'd save a lot of developers some time and allow for generic abstractions, tutorials, and documentation to be built.
Excerpt from a page describing this subject · 4,471 chars · not written by Vinony
~9 min read
thumb | right | alt=Graphical logo for JSONP | Graphical logo for JSONP JSONP, or JSON-P (JSON with Padding), is a JavaScript technique for requesting data via the HTML element. It was proposed by Bob Ippolito in 2005. JSONP enables sharing of data bypassing same-origin policy, which disallows running JavaScript code to read media DOM elements or XMLHttpRequest data fetched from outside the page's originating site. The originating site is indicated by a combination of URI scheme, hostname, and port number.
JSONP requests are vulnerable to the data source replying with malicious code, which is why it has been enhanced by CORS (cross-origin resource sharing, available since 2009) in modern applications.
via Wikidata · CC0
via Wikidata sitelinks · CC0
Discovered by embedding cosine similarity (sentence-transformers MiniLM, 384-dim).