Principle and application of jsonp

2020-03-26 21:44:13
OfStack

The json principle
Despite the limitation of the same origin policy, not all resources in HTML must be in the same domain. Our common pages adopt jQuery CDN from Google or Microsoft in order to save traffic or load speed. We can refer to jQuery on the page by writing it like this


<script  type="text/javascript"
    src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js">
</script>

SRC attributes of iframe, img, style, script and other elements can directly request resources from different domains. Jsonp formally USES script tags to cross-domain request resources

Security problem
Of course, using jsonp can cause security problems to some extent, and if the requested site is not a new site, you may include some malicious code in the method call returned. So try to send requests to trusted sites. In addition, XSS often USES jsonp to inject malicious code into the site.