Yahoo! adds JSON support

JSON (Javascript Object Notation) is a simple method for doing web services with Javascript. JSON does not require use of XmlHttpRequest and is unlike REST, XML-RPC or SOAP in that it doesn’t use XML. JSON can bypass the browser’s same-origin policy because it does not use XmlHttpRequest. The same-origin policy is what stops one site from using the XmlHttpRequest object to make a request to another site.

In JSON, you use HTML script tags to call a script from another server. You can dynamically add any arguments on the fly to customize your request to the web service (add search terms, etc.) The server/web service will return a simple line of Javascript code which will call a callback function with an the results of the web service query as an argument. There is an example at the Yahoo! Developer Network.

There is a potential security risk in JSON in that the web service could potentially return any Javascript code it wanted and could do evil things such as redirect the user to another web site or steal cookies. You can prevent this by ensuring only JSON code was returned.

Via Simon Willison

Leave a Reply

Your email address will not be published. Required fields are marked *