Roan Kattouw wrote:
<snip>
If your backend wasn't already relying on JSON output, you could've
requested XML output instead and that would've worked just fine
without any security issues. Running stuff through IEContentAnalyzer
just so we can put a wrong MIME type on it (text/plain is not
appropriate for JSON, should be either application/json or
text/javascript) is a bad idea. I see you've already removed the
text/plain option, so it's now back to using text/javascript for
callbacks and application/json instead.
I agree. IEContentAnalyzer is over the top especially since the escaped
white-spaced json content plays nice with eval so there is no reason to
make things more complicated. Just have to remember not to change the
<pre> tag for jsonfm output ;)
--michael