Also JSON with Padding, JSONP injection attack
JSONP injection definition
JSONP injection is a security vulnerability that can occur when a website uses JSONP to bypass the same-origin policy in web browsers.
JSONP allows a server to respond with data wrapped in a function call, which the client can then execute. The client includes a script tag on their web page, which points to the server’s response URL. This URL includes a query parameter that defines the name of the function that the JSON data should be wrapped in.
History of JSONP injection
During the late 2000s and beyond, awareness of JSONP Injection attacks increased. Security experts started recommending alternatives to JSONP, such as CORS (Cross-origin resource sharing), a technology that provides a safer way to handle requests to other domains.
Today, using JSONP is discouraged due to the associated security risks.