If you are building an AJA~Xy application, are there any flaws in using JSONP requests / responses even if you are not planning on which cross-domain or cross-domain requests?
The only thing I can think of is that there are a couple extra bytes for the callback shell ...
Edit:
I found this, which also suggests security and error handling as potential problems ...
There is no error handling. script injection either works or not. If an error occurred during injection , it will go to the page, and, except for the error handler in the wide window (bad, bad, very bad), you need to make sure that the return value is valid on the server side .
I donβt think error handling is a big problem ... most of us use the library to generate JSON ... the correctness of my answer does not matter for this question.
and safety:
There are documents on the Internet that can help, but as a quick check, I would check the referrer in the script on the server side .
this seems like a potential problem with any type of answer ... of course, there is nothing unique to JSONP in security ...?
json javascript jsonp ajax
danb
source share