2009/8/16 Michael Dale mdale@wikimedia.org:
the scraping the jsonfm solution actually worked pretty well (tested in Firefox and IE6-8 )
var doc = iframe.contentDocument ? iframe.contentDocument : frames[iframe.id].document; json_str = $j(doc.body).find('pre').html(); return window["eval"]("(" +json_str + ")");
Yay!
The IEContentAnalyzer looks like an interesting solution as well... but this seems to work reasonably well for the time being.
If your backend wasn't already relying on JSON output, you could've requested XML output instead and that would've worked just fine without any security issues. Running stuff through IEContentAnalyzer just so we can put a wrong MIME type on it (text/plain is not appropriate for JSON, should be either application/json or text/javascript) is a bad idea. I see you've already removed the text/plain option, so it's now back to using text/javascript for callbacks and application/json instead.
Roan Kattouw (Catrope)