jquery, jsonp, error handling & security issues

Question

in jquery 1.3.2

for jsonp requests i used to this

var _options = {
        url: 'someexternal_url',
        type: 'GET',
        dataType: 'jsonp',
        success:_aSucFnToHandle,
        error: _anErrFnToHandle
    };

    $.ajax(_options);// this ignores any error if occurs on url

so i added below script and changed my ajax request

<script type="text/javascript" 
     src="http://jquery-jsonp.googlecode.com/files/jquery.jsonp-1.0.4.min.js"&gt;
</script>

$.jsonp(_options); // with this i can handle error if any occurs on url

My questions are:

1. is there any improvement in jquery 1.4.2 to handle error in jsonp request or how do u handle error if occurs while making jsonp request
2. list of security loop holes in jsonp request

Answer 1

There arn't many secuirty concerns with JavaScript. The two big issues are Dom Based XSS and Client Side Trust. For instance if you are making sure the user enters a valid email address with javascript, this is trivial to bypass because the clicent can do whatever they want using TamperData or GreaseMonkey.

Answer 2

For #1: Not yet, but you should revisit http://code.google.com/p/jquery-jsonp/ because it's up to version 2.1.x now ;)

As for #2, yes, there are loop holes as you give complete access to your javascript VM to a third-party (which could lead to data stealing). It's all about how trusty the JSONP provider actually is. Though, in the end, it's no different than remote linking third-party scripts.