> A hacker exploits a JSON (javascript) object that has information of interest > for example holding some values for cookies. A lot of times that exploits the > same policy origin. The JSON object returned from a server can be forged over > writing javascript function that create the object. This happens because of > the same origin policy problem in browsers that cannot say if js execution it > different for two different sites.
To be honest, I'm not sure I follow, but I'm fairly confident that my original point stands. If you believe that well-formed JSON objects without padding can be read across origins within the browser, I would love to see more information about that. (In this particular case, it still wouldn't matter because the response doesn't contain secrets, but it would certainly break a good chunk of the Internet.) JSONP is a different animal. /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/