comments (not for humans)
In my previous posts JSONp - What's the risk? and Web2.0 - Who do you trust? I talked about the potential security problems that can occur when adding script tags and/or using jsonp. In this post I will show a couple of demos.
[...]
I just read about CSSHttpRequest (or AJACSS as it's also know) - a new way to do cross domain request like JSONp, but without using dynamic javascript tags.
[...]
Using JSONp imposes some risk on your system, whether you are a providing data or using data published as JSONp.
[...]