mike | Shared With: Everyone - Nov 07 2009 | google, search, api, ajax, json, jsonp
The Google Search API can be used by directly calling the URL and getting JSONP formatting data back. They recommend this for "non-JavaScript" environments where you can use the Search API library directly. But it's also a nice light-weight way to get search results into a web page.
- mike | Shared With: Everyone - Jan 18 2009 | search, twitter, api, development, json, javascript
Twitter Search API
- mike | Shared With: Everyone - Dec 01 2008 | javascript, database, schema, erlang, json, indexing, views
Very similar in concepts to some of the work I have been doing in PageForest.
Quoted: Apache,CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API.
- mike | Shared With: Everyone - Oct 16 2008 | json, g02.me, tinyurl, appengine, javascript
JSON API documention for my URL shortening service, g02.me.
- mike | Shared With: Everyone - Jul 11 2008 | api, friendfeed, json, python, php
FriendFeed API has client-side JSON as well as uthenticated HTTP using a "Remote Key" that is unique to each user.
Also, Python and PHP API libraries here:
- mike | Shared With: Everyone - Jun 28 2008 | startpad, widget, json, javascript, twitter
I'd like to use the Summize API to build a nice Twitter widget in StartPad.org.
- mike | Shared With: Everyone - Aug 13 2007 | json, xslt
Quoted: Adopting that concept I have been experimenting with a set of transformation rules (written in JSON).
...
As a result in analogy to XML/XSLT the combination JSON/JSONT can be used to transform JSON data into any other format by applying a specific set of rules. - mike | Shared With: Everyone - Aug 13 2007 | security, javascript, json, JSONRequest
Proposal to implement a JSONRequest object in every browser. Proposed method supports anonymous sending and reveiving of JSON (no cookies transmitted), and therefor exempts from the same-origin policy of XMLHttpRequest.
- mike | Shared With: Everyone - Jul 16 2007 | asp, .net, handler, http, json, ajax
Rather than use aspx file, create handlers to respond to RSS, and JSON requests, w/o the overhead of the Web Forms architecture.
- mike | Shared With: Everyone - Apr 22 2007 | javascript, programming, security, web development, ajax, json, csrf
Good reference to a paper on cross-site scripting vulnerabilites is AJAX code.
http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
The attack using a hook to capture any event that sets a know property:
function Object()
{
this.email setter = captureObject;
}Note the flame-war between antibozo and kentaromiura in the comments. It actually resolves itself quite amicably in the end.
Quoted: An application can be mashup-friendly or it can be secure, but it cannot be both.
...
Solutions:
o Include a hard-to-guess identifier, such as the session identifier, as part of each request
that will return JavaScript. This defeats cross-site request forgery attacks by allowing the
server to validate the origin of the request.
o Include characters in the response that prevent it from being successfully handed off to a
JavaScript interpreter without modification. This prevents an attacker from using a
<script> tag to witness the execution of the JavaScript.Vulnerable frameworks include: Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, and MochiKit.
Related Content from Around Faves
json
-
Twitter Search API
2 FaversViewed: 6 Times - mike - Jul 11 20082 FaversViewed: 5 Times
- ku0522 - Jul 01 20081 FaverViewed: 4 Times
