Using JSONP with Hype (beginner level)

Here are some simple examples of using JSONP in Hype as it has some benefits

Examples based on the w3schools article:
https://www.w3schools.com/js/js_json_jsonp.asp

Simple
JSONP_example_simple.hype.zip (31,3 KB)

Dynamic script tag
JSONP_example_dynamic_script_tag.hype.zip (35,8 KB)

Lot's of room to improve (like a callback etc.)

2 Likes

Here is an advanced version using a UUIDv4 id to prevent code injection (although that could only happen if they have access to the HTML to begin with, but better safe than sorry) and it adds dynamic callback handling. Sound all more fancy than it actually is …

JSONP_example_dynamic_script_tag_and_callback.hype.zip (34,2 KB)

PS: But don't get me wrong the simple versions in the first post are as safe as it gets when requesting public information from a server. The vulnerabilities mentioned on the Wikipedia Page and in the previous post only arise if you allow dynamic callbacks that are feed back to the client and only really matter if the attacker has access to the sites DOM to begin with. In general even CORS isn't totally safe as it is implemented relying on the browser to prevent malicious calls and furthermore deliver the correct origin information (not spoofed). But all this talk is only really relevant if you start handling non-public data, and then you have to make considerations like HTTPS (always a good idea) and other was to secure the channel (including CORS). But for retrieving any data that is anyway part of the public page but dynamic it is a good way to get data and if you need a dynamic callback to have ultimate flexibility than just secure the possible callbacks, like in the advance example.