Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am writing an app that my client uses given javascript, which will collect some HTML data and post to my server. No data will be returned from my server.
Iframe and Jsonp are two options. I wonder what’s the pro and con of each given my situation. Is there any security hole involved in one of them?
another question is how can i identify the user? say one person copied the javascript and put on his website.
JsonP allows you to get a response, while iframe (for the most part) doesn’t. The security issue with jsonP is that they must trust you not to return malicious javascript, since the “json” returned is really just arbitrary javascript that is essentially eval’d within the page on their domain. If you were evil, you could steal their customers’ cookies or other info and post them back to your server.