What Is JSONP (JSON With Padding) - ITU Online

What is JSONP (JSON with Padding)

Definition: JSONP (JSON with Padding)

JSONP (JSON with Padding) is a technique used to overcome the limitations imposed by the same-origin policy in web browsers, which restricts how a web page can request data from another domain. By using JSONP, a web page can obtain JSON data from a server in a different domain through the insertion of a <script> tag, which is not subject to the same-origin policy.

Overview of JSONP (JSON with Padding)

JSONP stands for JSON with Padding, and it serves as a workaround to bypass the same-origin policy that limits cross-origin HTTP requests initiated from scripts. The same-origin policy is a critical security feature in web browsers that prevents malicious scripts on one page from obtaining sensitive data from another site. However, this policy can also limit legitimate cross-site interactions.

JSONP enables cross-domain requests by exploiting the fact that <script> tags are not bound by the same-origin policy. When a script is executed, the browser does not restrict it based on the origin of the request. JSONP leverages this by embedding the JSON data within a function call in a <script> tag, which the browser executes, thereby making cross-origin data retrieval possible.

How JSONP Works

  1. Client-Side Request: The client includes a <script> tag in its HTML, with the src attribute pointing to the server’s URL. This URL typically includes a callback parameter.

    <script src="https://example.com/data?callback=myCallback"></script>
  2. Server-Side Response: The server processes the request and returns the JSON data wrapped in the callback function specified in the query string.

    myCallback({ "name": "John", "age": 30 });
  3. Client-Side Execution: The browser executes the script, invoking the callback function with the JSON data as its argument.

    function myCallback(data) { console.log(data.name); // Outputs: John }

Benefits of JSONP

Cross-Domain Requests

The primary benefit of JSONP is its ability to facilitate cross-domain requests, which is essential for integrating services and APIs from different origins. This is particularly useful for web applications that need to interact with third-party services or APIs that reside on different domains.


JSONP is relatively simple to implement compared to other methods like CORS (Cross-Origin Resource Sharing). It requires minimal changes to the server-side code and can be quickly set up with basic JavaScript.

Browser Compatibility

JSONP is compatible with virtually all web browsers, making it a robust solution for cross-domain communication across different client environments.

Uses of JSONP

API Integration

JSONP is widely used for integrating third-party APIs that do not support CORS. It allows web applications to fetch data from these APIs without running into cross-origin issues.

Dynamic Content Loading

Web applications can use JSONP to load dynamic content from external sources, such as fetching real-time data from remote servers and displaying it on the webpage without needing to refresh the page.


JSONP enables the creation of mashups, where content from multiple sources is combined into a single web application. For instance, a web application can use JSONP to pull data from various APIs and present it in a unified interface.

Features of JSONP

Callback Function

The core feature of JSONP is the use of a callback function. This function is defined on the client-side and specified in the request URL. The server wraps the JSON data in this callback function, allowing the client to execute it upon retrieval.

Script Tag Injection

JSONP leverages the <script> tag to load external resources. By dynamically injecting this tag into the HTML document, the browser fetches and executes the script, effectively bypassing the same-origin policy.

JSON Format

The data retrieved through JSONP is in JSON format, making it easy to parse and manipulate using JavaScript. JSON is a lightweight data-interchange format that is easy for humans to read and write and easy for machines to parse and generate.

How to Implement JSONP

Server-Side Setup

On the server-side, you need to modify the endpoint to wrap the JSON response in a callback function. Here’s an example using Node.js:

Client-Side Setup

On the client-side, you include a <script> tag in your HTML or dynamically insert it using JavaScript:

Dynamic Script Injection

For more dynamic applications, you can insert the <script> tag programmatically:

Security Considerations

Risk of Script Injection

Since JSONP involves executing scripts from external sources, it poses a risk of script injection attacks. Malicious actors could potentially inject harmful scripts that get executed in the client’s browser.

Data Validation

To mitigate security risks, always validate and sanitize the data received from JSONP responses. Ensure that the data conforms to expected formats and does not contain executable scripts.

Use of CSP (Content Security Policy)

Implementing Content Security Policy (CSP) can help mitigate some of the security risks associated with JSONP. CSP allows you to specify the sources from which scripts can be loaded, thereby reducing the likelihood of malicious script execution.

Alternative: CORS

While JSONP provides a workaround for cross-domain requests, modern applications often use CORS as a more secure and flexible alternative. CORS allows servers to specify who can access their resources and how those resources can be accessed.

Frequently Asked Questions Related to JSONP (JSON with Padding)

What is JSONP (JSON with Padding)?

JSONP (JSON with Padding) is a technique used to bypass the same-origin policy in web browsers, allowing a web page to request data from a different domain by using a <script> tag to fetch JSON data wrapped in a callback function.

How does JSONP work?

JSONP works by including a <script> tag in the HTML with a source URL pointing to the server’s endpoint. The server responds with JSON data wrapped in a callback function, which the browser executes, allowing cross-origin data retrieval.

What are the benefits of JSONP?

JSONP allows cross-domain requests, making it useful for integrating third-party APIs and fetching data from external sources. It is simple to implement and compatible with virtually all web browsers.

What are the security considerations for JSONP?

JSONP poses security risks, such as script injection attacks. To mitigate these risks, validate and sanitize data received through JSONP, and consider implementing Content Security Policy (CSP) or using CORS as a more secure alternative.

How is JSONP different from CORS?

JSONP allows cross-domain requests by using <script> tags and callback functions, while CORS (Cross-Origin Resource Sharing) is a more secure method that uses HTTP headers to specify allowed origins and request methods. CORS provides better security and flexibility compared to JSONP.

All Access Lifetime IT Training

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
2626 Hrs 29 Min
13,344 On-demand Videos

Original price was: $699.00.Current price is: $289.00.

Add To Cart
All Access IT Training – 1 Year

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
2626 Hrs 29 Min
13,344 On-demand Videos

Original price was: $199.00.Current price is: $139.00.

Add To Cart
All Access Library – Monthly subscription

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
2626 Hrs 29 Min
13,344 On-demand Videos

Original price was: $49.99.Current price is: $16.99. / month with a 10-day free trial