[whatwg] Behavior when <script> is removed from DOM

Mark S. Miller erights at google.com
Thu Dec 8 16:51:11 PST 2011


The argument I was making is that there's no reason to carve out a special
case for JSON, as opposed to all text that parses as JavaScript. Since
then, Jonas made a sensible counterargument. At least for now, I withdraw
the suggestion.


On Thursday, December 8, 2011, Yehuda Katz wrote:

>
> Yehuda Katz
> (ph) 718.877.1325
>
>
> On Thu, Dec 8, 2011 at 4:31 PM, Mark S. Miller <erights at google.com> wrote:
>
>> On Thursday, December 8, 2011, Yehuda Katz wrote:
>>
>>>
>>> I'm probably still misunderstanding, but the current security
>>> infrastructure of the web supports cross-origin XHR only with a new kind of
>>> explicit server opt-in that most APIs do not support.
>>>
>>
>>
>> In that case you are understanding correctly. My point was that *except
>> for the lack of this header*, the rest of this JSONP API is just a one
>> liner.
>>
>
> Yes, but how does that help us?
>
>
>>
>>
>> --
>>     Cheers,
>>     --MarkM
>>
>
>

-- 
    Cheers,
    --MarkM



More information about the whatwg mailing list