JSONP is a method of loading JSON data into web application through a script tag. It is often vulnerable to XSS. Since the introduction of CORS, it has gone out of use.
Questions tagged [jsonp]
5 questions
28
votes
3 answers
Security risks with JSONP?
What are the security risks with JSONP? Is using JSONP in a new web application reasonable, from a security perspective, or is it better to use a different method for cross-origin web mashups?
If using JSONP is reasonable, what steps should I take…
D.W.
- 98,420
- 30
- 267
- 572
2
votes
1 answer
How to prevent JSONP injection?
Recently, I came across many web applications that are using callback parameters to retrieve JSON formatted data. This makes web application vulnerable to JSONP injection attacks.
What is the effective way to prevent JSONP injection? Can the…
PenGeek
- 189
- 1
- 11
1
vote
1 answer
Is it safe to call an untrusted service with jquery.ajax and dataType 'jsonp'
From what I understand, the JSON-P technique generates a script tag into the DOM of an HTML page to get across the single-origin restrictions imposed on the XMLHttpRequest JavaScript API for AJAX calls to web services not supporting CORS. Usually,…
oberlies
- 113
- 5
1
vote
0 answers
How to handle application/jsonp response
I am testing a Web Application and i have found a endpoint which is returning some data in json the endpoint is this.
/api/vtexid/pub/authenticated/user
Now i was testing to find out that if this endpoint supports JSONP by appending a query…
Osama Xäwãñz
- 111
- 1
0
votes
0 answers
How to make a HTTPrequest in JSONP callback?
I'm trying an XSS challenge. I found an exploit that breaks CSP by using a JSONP callback. I can get an alert to pop up by putting something like:
But I'm having trouble trying to…
Alex
- 1