Is this a valid JSONP response?

Question

Apologies if this is a really basic question. I'm working with JSONP for the first time and trying to write some JQuery to fetch cross-domain data and extract some elements from it.

If I type in the URL for the service I get the following response

(function(){

    var data = {
        status: 1,
        content: {"name":"charliebrown", "resultCode":"0", "messageID":"1234"}
    };

    try{
        ;
    }catch(ex){}
})();

This fails validation checks when I check for a well-formed JSON response prior to trying to use something like jQuery.parseJSON().

Should I expect the response to be something like this instead?

my_jsonp_callback (
   {"name":"charliebrown", "resultCode":"0", "messageID":"1234"}
)

I'm only interested in the "content" part of the original response. Am I correct in assuming that I may not be receiving a valid JSONP response from the server?

Answer 1

Assuming that the the try/catch block is empty because you didn't put callback=something in the URL, then … "maybe".

JSONP is not a well defined format. The second code block in your question shows a typical JSONP response, but all JSONP really needs to do is to call a function and pass it some data.

(Going back to the typical response, by itself it can be vulnerable to Rosetta Flash. That isn't really a problem now that Adobe have fixed that security hole, but it does explain why the typical JSONP response can be undesirable)

Given my assumption mentioned in the first paragraph, you would get something(data); instead of ; on the third from bottom line, which would successfully execute as JSONP.

If my assumption is wrong, then that code does nothing at all, which makes it entirely pointless.

(This goes to highlight the fact that JSONP is JavaScript and the service you are requesting it from can run any JS they like in the response, which opens you up to XSS problems. Happily we have CORS now and that solves all the problems that JSONP solves but in cleaner and more flexible ways).