Reputation: 32107
jquery, jsonp, error handling & security issues
in jquery 1.3.2
for jsonp requests i used to this
var _options = {
url: 'someexternal_url',
type: 'GET',
dataType: 'jsonp',
success:_aSucFnToHandle,
error: _anErrFnToHandle
};
$.ajax(_options);// this ignores any error if occurs on url
so i added below script and changed my ajax request
<script type="text/javascript"
src="http://jquery-jsonp.googlecode.com/files/jquery.jsonp-1.0.4.min.js">
</script>
$.jsonp(_options); // with this i can handle error if any occurs on url
My questions are:
- is there any improvement in jquery 1.4.2 to handle error in jsonp request or how do u handle error if occurs while making jsonp request
- list of security loop holes in jsonp request
Upvotes: 3
Views: 3468
Answers (2)
Reputation: 11436
For #1: Not yet, but you should revisit http://code.google.com/p/jquery-jsonp/ because it's up to version 2.1.x now ;)
As for #2, yes, there are loop holes as you give complete access to your javascript VM to a third-party (which could lead to data stealing). It's all about how trusty the JSONP provider actually is. Though, in the end, it's no different than remote linking third-party scripts.
Upvotes: 4
Reputation: 67019
There arn't many secuirty concerns with JavaScript. The two big issues are Dom Based XSS and Client Side Trust. For instance if you are making sure the user enters a valid email address with javascript, this is trivial to bypass because the clicent can do whatever they want using TamperData or GreaseMonkey.
Upvotes: 0
Related Questions
- JSONP request error handling
- jQuery JSONP Security
- jQuery: Handling cross domain jsonp bad request error
- JQuery/ajax : Problem with jsonp call
- Issue with AJAX requests with in browser
- Issues with jQuery, ajax, and jsonp
- Using jsonp in jquery seems to always fail
- JQUERY JSONP issue
- Security Issues with JSONP in jQuery
- Security for JSONP