Home/ Questions/Q 8269831
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T06:21:39+00:00

I’m trying to understand how JSONP works, and from my so far very basic

  • 0

I’m trying to understand how JSONP works, and from my so far very basic understanding, I feel like it’s used to circumvent the same origin policy browsers enforce. I guess this main reason behind the policy is to prevent stuff like XSS exploits (where say someone could inject a script that makes use of the local cookies on a users machine to get valuable information, say when the user has logged into their bank account….is that right?) Now if JSONP is circumventing this policy, can’t it be exploited for stuff like this? Sorry if this question is very basic….I just started trying to pickup javascript a few days back, and I’m still trying to wrap my head around it 🙂

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The real question is, do you trust that other domain? Since the other domain is essentially being given FULL access to your page (via JavaScript) you should be absolutely sure that you trust them. If they wanted they could quite easily vandalize your page, redirect the user, or worse: steal your cookies (which leads to a whole bunch of potential problems).

    From: http://james.padolsey.com/javascript/cross-domain-requests-with-jsonp-safe/

    So, basically, yes, it can be used for XSS exploits. Therefore, it’s important that you trust the host domain. If you’re unsure about the integrity of the host domain, avoid using JSONP.

    • 0