Simon Willison’s Weblog
Don't serve JSON as text/html
. Another sneaky XSS trick.
Posted
5th July 2006
at 11:46 pm
security
399
json
115
xss
58
http
85
Source code
©
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022