Is getting JSON data with jQuery safe?

后端 未结 4 1109
天涯浪人
天涯浪人 2021-02-09 04:30

JSON allows you to retrieve data in multiple formats from an AJAX call. For example:

$.get(sourceUrl, data, callBack, \'json\');

could be used

4条回答
  •  北荒
    北荒 (楼主)
    2021-02-09 04:37

    $.getJSON() is used to execute (rather than using eval) javascript code from remote sources (using the JSONP idiom if a callback is specified). When using this method, it is totally up to you to trust the source, because they will have control to your entire page (they can even be sending cookies around).

    From Douglas Crockford site about The Script Tag Hack (jsonp):

    So the script can access and use its cookies. It can access the originating server using the user's authorization. It can inspect the DOM and the JavaScript global object, and send any information it finds anywhere in the world. The Script Tag Hack is not secure and should be avoided.

提交回复
热议问题