JSONP Vulnerabilities

Same Origin Policy (SOP) is a key security mechanism within the browser that I’ve written about previously. In short, it prevents applications at different origins from interacting with each other. An origin is defined as the domain name, application protocol, and port number. There are now features in HTML5 that allow cross origin communication called Cross Origin Resource Sharing and Cross Domain Messaging (postMessage) which addresses the possible business need for cross origin sharing, however before this a workaround was developed called JavaScript Serialised Object Notation with Padding (JSONP).

Read More