On Mar 30, 2006, at 17:21, Douglas Crockford wrote:
The central idea with the JSONRequest is that it is exempted from the Same Origin Policy. It allows for exchanging data with a server in any domain that specifically accepts JSONRequests.
Why is it necessary to allow this in the browser? When would you be able actually use the feature even if Opera, Apple and Mozilla shipped support today?
What's wrong with having the browser talking to the origin server using XMLHttpRequest and the server talking to the third party (sanitizing data as necessary before passing it to the browser)?
-- Henri Sivonen [EMAIL PROTECTED] http://hsivonen.iki.fi/
