User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1) Gecko/20060601 Firefox/2.0 (Ubuntu-edgy) Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1) Gecko/20060601 Firefox/2.0 (Ubuntu-edgy) The specification is available from: http://www.json.org/JSONRequest.html Would it be possible for this to make it sometime for JS2? Reproducible: Always

Wrong component. JavaScript Engine is the core language, not various APIs that are properly (or not) part of the DOM or browser object model. Is this a dup? /be

dupe of 340987 *** This bug has been marked as a duplicate of 340987 ***

No, it isn't. JSONRequest and parseJSON/toJSONString aren't the same thing.

why can we have just one "Request" and use it for getting XML, JSON, image, or text, instead of separate JSONRequest, XMLHttpRequest, new Image() etc. depending on security.

(In reply to comment #4) > why can we have just one "Request" "CrossSiteRequest" seems more to the point of addressing security. > and use it for getting XML, JSON, image, or > text, instead of separate JSONRequest, XMLHttpRequest, new Image() etc. > depending on security. > That was my initial reaction, 30 seconds into reading the JSONRequest spec. Why is JSON is the only valid transfer encoding/type. The name 'JSONRequest' seems only more suitable to the interface described in the JSONRequest whitepaper than 'XMLHttpRequest' is to the XMLHttpRequest interface due to JSONRequest's encoding limitations (JSON), which do not appear to be justified. The JSONRequest specification appears to be biased towards JSON. This was argued well by Jim Ley on WHAT WG: http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2006-March/006083.html Should Security and Encoding be decoupled?

Some security is obtained because the encoding is limited to a single format.

A JSONRequest Firefox extension by Collin Jackson can be found at http://crypto.stanford.edu/jsonrequest/

Doug, your input on the the W3C CrossSiteRequest could be helpful: http://www.w3.org/TR/access-control/

The addon mentioned in comment 7 is at AMO now: https://addons.mozilla.org/en-US/firefox/addon/5615 /be

What are the chances of this going in for 3.1? Could the addon be included as is or does it require further work (if so, what?)? Or will we need a different implementation? CrossSiteRequest is much more complex and still in working draft status. JSONRequest fits more cleanly and simply with the way we are building AJAX sites, so it would really be nice to have it available as early as possible.

The addon is currently implemented in JavaScript. I think we'd probably want a C++ implementation if native support is desired.

(In reply to comment #10) > CrossSiteRequest is much more complex and still in working draft status. > JSONRequest fits more cleanly and simply with the way we are building AJAX > sites, so it would really be nice to have it available as early as possible. An implementation of Cross-Site XMLHttpRequest is already complete and is queued to go in Gecko 1.9.1. See bug 389508 and bug 408098.

Wontfix?

Yes, use fetch() or XMLHttpRequest. Both have JSON support.