Is getting JSON data with jQuery safe?

后端 未结 4 1110
天涯浪人
天涯浪人 2021-02-09 04:30

JSON allows you to retrieve data in multiple formats from an AJAX call. For example:

$.get(sourceUrl, data, callBack, \'json\');

could be used

4条回答
  •  灰色年华
    2021-02-09 04:35

    All browsers I know of disable cross-site requests through Ajax. That is, if your page sits on my.example.com, you can't load anything using Ajax unless its URL is also at my.example.com.

    This actually can be something of a nuisance, and there are ways for an attacker to inject source in other ways, but ostensibly this restriction is in place to address exactly the concern you mention.

提交回复
热议问题