Tav's Blog » Sanitising JSONP Callback Identifiers For SecurityCode: http://github.com/tav/scripts/blob/master/validate_jsonp.py Whilst web developers have started to take XSS and CSRF seriously, a tiny detail often goes unnoticed — JSONP callback values. The idea behind JSONP is to allow for composable client-side apps by allowing for cross-domain data fetching. It's a brilliantly simple idea and the callback parameter is used to specify the name of a callba
