Commit6070919

committed

Update JSONP docs to mention protection against hijacking

1 parente35968d commit6070919Copy full SHA for 6070919

File tree

+20

-4

lines changed

+20

-4

lines changed

Lines changed: 20 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -517,7 +517,7 @@ plus the relevant HTTP Header information.`
`517`	`517`	`<preclass="terminal">`
`518`	`518`	`$ curl https://api.github.com?callback=foo`
`519`	`519`
`520`		`-foo({`
	`520`	`+/**/foo({`
`521`	`521`	`"meta": {`
`522`	`522`	`"status": 200,`
`523`	`523`	`"X-RateLimit-Limit": "5000",`
`@@ -533,14 +533,30 @@ foo({`
`533`	`533`	`})`
`534`	`534`	`</pre>`
`535`	`535`
`536`		`-You can write a JavaScript handler to process the callback like this:`
	`536`	`+You can write a JavaScript handler to process the callback. Here's a minimal example you can try out:`
`537`	`537`
`538`		`-<pre><codeclass="language-javascript">function foo(response) {`
	`538`	`+<pre><codeclass="language-html"><html>`
	`539`	`+<head>`
	`540`	`+<script type="text/javascript">`
	`541`	`+function foo(response) {`
`539`	`542`	`var meta = response.meta`
`540`	`543`	`var data = response.data`
`541`	`544`	`console.log(meta)`
`542`	`545`	`console.log(data)`
`543`		`-}</code></pre>`
	`546`	`+}`
	`547`	`+`
	`548`	`+var script = document.createElement('script');`
	`549`	`+script.src = 'https://api.github.com?callback=foo'`
	`550`	`+`
	`551`	`+document.getElementsByTagName('head')[0].appendChild(script);`
	`552`	`+</script>`
	`553`	`+</head>`
	`554`	`+`
	`555`	`+<body>`
	`556`	`+<p>Open up your browser's console.</p>`
	`557`	`+</body>`
	`558`	`+`
	`559`	`+</html></code></pre>`
`544`	`560`
`545`	`561`	`All of the headers are the same String value as the HTTP Headers with one`
`546`	`562`	`notable exception: Link. Link headers are pre-parsed for you and come`

Comments

(0)