[whatwg] Behavior when <script> is removed from DOM
Mark S. Miller
erights at google.com
Thu Dec 8 16:51:11 PST 2011
The argument I was making is that there's no reason to carve out a special
case for JSON, as opposed to all text that parses as JavaScript. Since
then, Jonas made a sensible counterargument. At least for now, I withdraw
the suggestion.
On Thursday, December 8, 2011, Yehuda Katz wrote:
>
> Yehuda Katz
> (ph) 718.877.1325
>
>
> On Thu, Dec 8, 2011 at 4:31 PM, Mark S. Miller <erights at google.com> wrote:
>
>> On Thursday, December 8, 2011, Yehuda Katz wrote:
>>
>>>
>>> I'm probably still misunderstanding, but the current security
>>> infrastructure of the web supports cross-origin XHR only with a new kind of
>>> explicit server opt-in that most APIs do not support.
>>>
>>
>>
>> In that case you are understanding correctly. My point was that *except
>> for the lack of this header*, the rest of this JSONP API is just a one
>> liner.
>>
>
> Yes, but how does that help us?
>
>
>>
>>
>> --
>> Cheers,
>> --MarkM
>>
>
>
--
Cheers,
--MarkM
More information about the whatwg
mailing list