JSONP · Aleen

JSONP Back
- Description
- Security

JSONP Back

Description

JSONP, also named JSON with padding or JSON-P, which is a JSON extension used by web developers to overcome the cross-domain restrictions with <script>. <script> is used to load JavaScript from a URL, and use a JavaScript engine to parse, rather than a JSON engine.

So, the difference from JSON is that you must return a executable JavaScript from the URL. In JSONP, the data in JSON will be wrapped by a callback function, which will be delivered to the server through URL parameters like the following:

<script type="text/javascript" 
    src="http://www.example.com/getData?dataId=123&jsonp=parseResponse">
</script>

Then, the browser will get a script like this:

parseResponse({ "name": "Aleen", "id": "123" });

Security

Due to corss-domain, including script tags from servers allows the remote server to inject any content into a website. If the remote servers have vulnerabilities(弱點) that allow JavaScript injection, the page served from the original server is exposed to an increased risk. That's CSRF/XSRF attack.

Empty Comments

As the plugin is integrated with a code management system like GitLab or GitHub, you may have to auth with your account before leaving comments around this article.

Notice: This plugin has used Cookie to store your token with an expiration.

Aleen^®

More than a coder, more than a designer

modified at 2016-09-12 09:33:50

20 issues reported

#35 [思] Handlebars 模板应该如何进行预处理2019-01-31 13:42:05Inspiration!

#32 [集] A collection of confusing problems met when developing JavaScript under IE2022-01-11 14:03:30Tasks!

#30 [思] 当需要传递多个不定参数时，该如何设计 JavaScript 函数？2017-05-29 09:42:07Inspiration!

#29 [歸納] 304 Status Code 下的头部信息2018-03-19 12:25:21Communication!Summary!

#28 [歸納] 你以为 JavaScript 没数据结构么？2018-03-19 12:25:04Communication!Summary!

#27 [歸納] JavaScript 之高性能2019-09-20 13:56:28Communication!Summary!

#26 Microtasks? Macrotasks?2017-02-26 18:05:36Communication!