Maybe this is obvious and I'm not seeing it, but... What exactly is the security concern here?
Assuming you trust your own javascript and google's javascript not to inject code you don't like... What's the difference between: <iframe src="http://www.google.com/calendar/embed?src=****&pvttk=****"/ > and <script src="http://www.google.com/calendar/feeds/****/private-****/ basic?alt=json-in-script"/> thanks, - Frank. On Mar 9, 9:14 am, "Ryan Boyd (Google)" <[EMAIL PROTECTED]> wrote: > On 3/9/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > > > > > > When i try to use the alt-json on one of my private calendars I get > > Invalid Feed Type returned ? > > But it works with the example url - google developer events. > > > doesn't work (added stars instead of actually key) : > > >http://www.google.com/calendar/feeds/qgtd0jfpima1chkrh1rqek7rug%40gro... > > number/full?alt=json > > > does work : > > > http://www.google.com/calendar/feeds/[EMAIL PROTECTED]/public/full?alt=json > > > Is JSON not supported on private calendar feeds? > > Correct -- JSON is currently not supported on any private calendar feeds due > to security concerns re cross-site-scripting. I have a bug filed to change > this in the future slightly to allow JSON output when the feed is > authenticated via ClientLogin or AuthSub, but this won't effect magic cookie > or real (http spec) cookie authentication. > > Cheers, > > -Ryan- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Calendar Data API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-calendar-help-dataapi?hl=en -~----------~----~----~----~------~----~------~--~---
