Turns out IE prompts the user to save the file irregardless of "application/json" to 'text/javascript' format. (if its not include via script tag )
Instead of witting or integrate an XML -> json converter that matches the xml output with the json output ... I am inclined to just quickly add a param that lets us output the json to "text/plain" purely because its faster to integrate. added in r55113
for now this just solves the specific issue of submitting a enctype="multipart/form-data" form to an iframe target and getting the response in similar way that you grab other json api request.
Also added type output per: http://simonwillison.net/2009/Feb/6/json/#c43376
I don't see this as posing security risk as its just a mime type interpretation issue the normal cross site ajax restrictions are still in place. (ie you cant do an cross site iframe and view the result of the output)
On the topic... I eventually I do want to support a iframe api proxy system. Initially just for inner-site uploading ie uploading an image to commons while editing a wikipedia article. But after that want to think more broadly about iframe proxies so we can do all the fancy "facebook connect" type systems and full editable mediawiki api engagement from user-trusted external sites and participation contexts. (ie imagine a /volunteerlet/ that use give you a 10 second task based on your user profile ie translate x know user proficient language to y proficient language ) embeddable in any web context. (will follow up with more detailed proposal to wikitech-l and of-course more code ;)
peace, --michael
Roan Kattouw wrote:
2009/8/15 Michael Dale mdale@wikimedia.org:
Would anyone object to changing the output mime type of ApiFormatJson.php from "application/json" to 'text/javascript' ? committed in r55084
This is needed for iframe target background upload tasks. ie you upload a file and then you want to take the name of the file you uploaded and use that to insert the image into the edit window. With mime as "application/json" the browser promts the user to "save" the file and we can't eval the document text result in the iframe.
A good suggestion I read at http://simonwillison.net/2009/Feb/6/json/#c43376 is to use text/javascript only for &format=json when a callback is used, and use application/json when it's not (&format=jsonfm uses text/html in all cases, of course).
Roan Kattouw (Catrope)
Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api