Michael Dale wrote: > Turns out IE prompts the user to save the file irregardless of > "application/json" to 'text/javascript' format. (if its not include via > script tag ) > > Instead of witting or integrate an XML -> json converter that matches > the xml output with the json output ... I am inclined to just quickly > add a param that lets us output the json to "text/plain" purely because > its faster to integrate. added in r55113 > > for now this just solves the specific issue of submitting a > enctype="multipart/form-data" form to an iframe target and getting the > response in similar way that you grab other json api request. > > Also added type output per: > http://simonwillison.net/2009/Feb/6/json/#c43376 > > I don't see this as posing security risk as its just a mime type > interpretation issue the normal cross site ajax restrictions are still > in place. (ie you cant do an cross site iframe and view the result of > the output)
The problem is not the expected usage. Can you confirm that viewing something like http://test.wikipedia.org/w/api.php?action=query&prop=revisions&titles=User:Platonides/json-js&rvprop=timestamp|user|comment|content&format=json&callback=foo&ctypetext on Internet Explorer won't get the javascript executed? _______________________________________________ Mediawiki-api mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
