Quoting Douglas Crockford <[EMAIL PROTECTED]>:
The central idea with the JSONRequest is that it is exempted from the
Same Origin Policy. It allows for exchanging data with a server in
any domain that specifically accepts JSONRequests.
In order to be exempted from the Same Origin Policy, there are
several restrictions on JSONRequest in order to avoid data leakage or
authorization leakage.
JSONRequest is not intended to replace XMLHttpRequest. It is intended
to be an alternative to the use of dynamic script tags to access data
from other domains.
Given that it can't be used today anyway I'd rather have that the WHATWG, W3C
came up with a more broader solution to the cross domain security problem.
(AFAIK some work is going on at the W3C in that area.)
--
Anne van Kesteren
<http://annevankesteren.nl/>
