JSON and Why I am glad security is the way it is with Web Services in IE

As I am working on our "AJAX with ASP.NET" book, I have had this one nagging question "Why can't I make a request against a web service on another server?"  I still don't have a specific answer, but as I have been reading and studying JSON, I am glad that this would cause a security violation.  With JSON, the data is converted from string communication format to something that a program may use by using the Javascript eval() command.  The Javascript eval() command executes all commands within the string object that is passed.  Thats why I am glad that this is happening.  If you are on a web site, then you implictly trust the site (obviously there are types of holes in that statement). To get what you want, you most likely want to use a JSON parser.  A JSON parser will only recognize and process JSON text.  Here is a JSON parser.


1 Comment

Comments have been disabled for this content.