Turns out IE prompts the user to save the file
irregardless of
"application/json" to 'text/javascript' format. (if its not include via
script tag )
Instead of witting or integrate an XML -> json converter that matches
the xml output with the json output ... I am inclined to just quickly
add a param that lets us output the json to "text/plain" purely because
its faster to integrate. added in r55113
for now this just solves the specific issue of submitting a
enctype="multipart/form-data" form to an iframe target and getting the
response in similar way that you grab other json api request.
Also added type output per:
http://simonwillison.net/2009/Feb/6/json/#c43376
I don't see this as posing security risk as its just a mime type
interpretation issue the normal cross site ajax restrictions are still
in place. (ie you cant do an cross site iframe and view the result of
the output)
The problem is not the expected usage.
Can you confirm that viewing something like