14Data Served by JSONP
We know that the “padding” of JSON to JSONP is a workaround to avoid the rule of the same origin policy. JSONP was experimented on at the end of 2005 (Bob Ippolito), in order to allow an object literal (JSON format), to be readable as a valid JavaScript code when the script engine is triggered by the tag <script>. This technology is used by some major actors, such as Google, Adobe and Yahoo, but raises some concerns about the risk of “script injection”: in other words, the possibility of some malicious code hidden in the data.
Ultimately, the future of JSONP technology seems to be linked to the (commercial) decisions of these giants, but APIs are available today and are of interest wherever a SOP constraint is imposed. Below are three examples of this technology being used.
14.1. Serving RSS feeds through Yahoo Query Language
Yahoo proposes a request service whose syntax mimics an SQL command line: it is named Yahoo Query Language (YQL). For instance, a YQL request is able to query and send back data from an RSS feed.
This example is made up of two scripts. The first defines the function rssReturn which will be used as the callback wrapper in JSONP: it reads a selection of the RSS data, such as title, link and desc, and formats a printable answer. The second script is the HTTP request of the JSONP at the Yahoo server, with the YQL syntax: q=select*.., format=json and callback=rssReturn (the same callback name).
<h1> YQL and RSS: Yahoo serving "ycombinator.com" ...Get JavaScript and Open Data now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
