For the first, look into CORS: https://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing which allows you to be picky about cross-site access if you wish.
For the second, yes, JSON.parse is supported nearly everywhere except for IE, and there are polyfills there. All security boils down to trust and API design - JSON is generally the least of one's problems. On Mon, Apr 9, 2012 at 6:07 PM, Jim McAndrew <[email protected]> wrote: > There has been a lot of discussion today about geo data formats. It got > me thinking of some problems with loading JSON data into a map on another > server. > > I would like to allow users to save map data from a website in JSON and > host that JSON elsewhere, so the users can then share their saved map with > other users. There are two issues that could pose security problems for > this: > > * Loading the data from another website (cross site scripting). This may > lead us to use a "proxy.php" to load the JSON, or use something like JSONP. > * Executable code within the JSON. There are options such as JSON.parse() > and JSON.stringify(). > > I'm sure someone else has come up with a relatively secure solution to > this, and if not, what route have people gone for this kind of thing? > > ---- > Jim McAndrew > > _______________________________________________ > Geowanking mailing list > [email protected] > http://geowanking.org/mailman/listinfo/geowanking_geowanking.org > >
_______________________________________________ Geowanking mailing list [email protected] http://geowanking.org/mailman/listinfo/geowanking_geowanking.org
