struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Newfield <>
Subject Re: Comments in JSON
Date Sat, 09 Jul 2011 15:34:33 GMT
Below are a few (of many that I found with a simple google search) 
explaining the issue in detail.  Basically the problem is that <script 
/> tags don't abide by the same-origin policy, so if your response to a 
GET request is a valid json object, that data can be fetched by a script 
tag in pages on other sites, and then sent back to that other site 
without the user knowing.  Wrapping the response in a comment protects 
that data.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message