Re: Comments on: Access Control for Cross-site Requests

I think JSON is great, but the main problem with JSONRequest is
implementations in other browsers.

Doug: Can you add any links to http://json.org/JSONRequest.html ?

Jon Ferraiolo:  I know you have been working with Microsoft on
OpenAjax - Do you know how IE8 _might_ support JSON natively?

Thanks,
Ric Johnson
http://json.Com

On Jan 2, 2008 12:58 PM, Douglas Crockford <douglas <at> crockford.com> wrote:
>
> > > Below are comments from Doug Crockford:
> >
> > > [...] I believe there are more elegant and reliable approaches to
> > > providing a safe alternatives to the script tag hack.
>
> > I'd be interested in hearing about such a proposal.
>
> One such proposal is JSONRequest (http://json.org/JSONRequest.html). An implementation for FireFox
is available at http://crypto.stanford.edu/jsonrequest/.
>
> JSONRequest does not allow the server to abdicate its responsibility of deciding if the data should be
delivered to the browser. Therefore, no policy language is needed. JSONRequest requires explicit
authorization. Cookies and other tokens of ambient authority are neither sent nor delivered.
>
> JSONRequest has a significantly nicer programming model than XMLHttpRequest.