[wp-trac] [WordPress Trac] #28523: wp_send_json to allow for JSONP
WordPress Trac
noreply at wordpress.org
Fri Jun 13 00:04:12 UTC 2014
#28523: wp_send_json to allow for JSONP
-------------------------+------------------------------
Reporter: sc0ttkclark | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.5
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------+------------------------------
Comment (by georgestephanis):
Replying to [comment:4 sc0ttkclark]:
> If callback is a new parameter not currently used by any existing
endpoints using wp_send_json, would it?
I mean, custom endpoints that use `wp_send_json` would instantly start
working cross-domain. They could already be abused via shell scripts and
the like, but with the callback, any other website could cross-domain
hijack your cookies / authentication to pull data that they shouldn't be
able to.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28523#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list