On Thu, Dec 8, 2011 at 12:24 PM, Brian Tingle <brian.tingle.cdlib....@gmail.com> wrote: > most sense for what you are trying to do. And for things that work that > way now, I don't see a need to rush and change it all to JSONP callbacks > because of some vague security concern.
My comment wasn't security-related. Also, I wasn't talking about cross-domain JSONP. Obviously, you need to trust the producer there. That said, I do buy the security argument that HTML is much harder to verify for absence of, for instance, XSS vulnerabilities. At least that's what can be inferred from the high frequency with which they're occurring. Reducing the number of times (specifically places in the code) where one generates and transmits it could certainly help here. - Godmar
