I recently ran into a few problems with a third party vendor integration. In order to get a piece of data from them I had to do a cross-domain request, which we implemented using Jason (via jQuery.getScript()).

My concern is that this is equivalent to throwing a script tag with the URL as the source and I have no chance to wrap a try/catch block around the incoming javasript. This seems pretty dangerous, basically we’ve gone from having a pretty strict same origin policy (with Ajax) to having a free for all load any script from any domain without any control mechanism.

Any way to make this more safe/robust? The issue I had is that my vendor had syntax errors in their script every once in a while, which screwed up the javascript already running on the site. They eventually fixed everything, but I’d like to know if there’s a more robust mechanism for doing this.