Martin Paul Eve bio photo

Martin Paul Eve

Professor of Literature, Technology and Publishing at Birkbeck, University of London

Email Books Twitter Google+ Github Stackoverflow MLA CORE Institutional Repo Hypothes.is ORCID ID   ORCID iD

Email Updates

GNUCITIZEN has been going on about this for some time now, but the truly devastating impact of what he has been saying only actually hit me today when reading about his JavaScript interface to Johnny's Google Hacking Database.

The scenario is as follows. The interface contains NO SERVER SIDE SCRIPTS and no iframes or other such methods for loading offsite data but instead utilises the JSON data format to include remote script files. GC's example uses Dapper to perform the remote data retrieval in JSON format and then loads it into a script tag. For example:

<script src="http://www.dapper.net/transform.php?dappName=GoogleHackingDatabaseCategoriesReader&amp;transformer=JSON&amp;

	extraArg_callbackFunctionWrapper=json_1179755998729&amp;applyToUrl=http%3A%2F%2Fjohnny.ihackstuff.com%2Fghdb.php" type="text/javascript"></script>

This loads the contents of the Google Hacking Database into a JavaScript object which can then be parsed. Essentially this is remote data retrieval entirely from JavaScript. If services like Dapper continue to develop (for example to allow access to an exact URL and return the output in JSON format) then the Same Origin Policy is history.