Skip to main content

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

4
  • 47
    For the record, do NOT use JSONP if you don't trust the server you're talking to 100%. If it is compromised, your webpage will be trivially compromised.
    – ninjagecko
    Commented Jan 27, 2012 at 20:56
  • 11
    Also note that JSONP can be hijacked if not implemented correctly.
    – Pacerier
    Commented Mar 29, 2015 at 7:20
  • 4
    I would like to give credit to the author of JSONP who gave the philosophy behind it: Bob Ippolito's archive on JSONP. He introduces JSONP as "a new technology agnostic standard methodology for the script tag method for cross-domain data fetching".
    – gawkface
    Commented Feb 10, 2017 at 6:05
  • 5
    For those who might arrive here more than a decade after the question through a search for something else and are confused: JSON-P is now also the name of a Java API for processing JSON, mainly parsing and writing it. It mirrors the XML StAX and DOM APIs, for streaming input/output and document modeling respectively. It supports JSON Pointer for querying, like XPath for XML. I think it also intends to provide the means to transform JSON through JSON Patch, like XML with XSLT and the Java XML Transformer API, but it's still a bit less advanced than XSLT. This question is about script injection.
    – G_H
    Commented Sep 29, 2021 at 21:18