Christian Heilmann

Safer JSON-P? An interesting feature of the Bing API

Monday, June 15th, 2009 at 10:38 am

I just looked through the API of Microsoft’s new Bing search (which is really a re-branding of the live search – also, switch to “low bandwidth view” to be able to use the docs much more smoothly) and I found an interesting step in protecting code from throwing errors.

When you provide a JSON output for developers it does make sense to also allow for a callback parameter. That way your code can be used in script nodes without having to use any backend at all. If you for example provide an API to return the names of the Beatles you could have a data endpoint like getBeatles and a parameter for output format:

http://example.com/API/getBeatles?output=json

The return data then will be:

{
"members":
[
'Paul':{ ... more info ... },
'Ringo':{ ... more info ... },
'John':{ ... more info ... },
'George':{ ... more info ... }
]
}

This I cannot use in JavaScript without hacks. I’d need to eval (or to be safe JSON parse) the results and with conventional Ajax I cannot reach data outside my domain. To make JSON work as easy as possible you can provide a callback parameter.

http://example.com/API/getBeatles?output=json&callback=eleanorRigby

This should wrap the code in a function call which means the output is already evaluated and the user has to define a callback method to read that information. The output would be:

eleanorRigby({
"members":
[
'Paul':{ ... more info ... },
'Ringo':{ ... more info ... },
'John':{ ... more info ... },
'George':{ ... more info ... }
]
});

If I define a function like eleanorRigby(o){} o will be the object returned from the data and I can use it immediately:

Now the issue there is if eleanorRigby is not defined it throws an error.

The Bing API is the first instance where I have seen that they worked around that as the output is this:


if(typeof eleanorRigby  'function') eleanorRigby(
{
"SearchResponse":
{
Version",
"Query":
{
SearchTerms hard day's night"
},
"Translation":
{
"Results":
[
{TranslatedTerm harten Tag-Nacht "}
]
}
}
} /* pageview_candidate */);

I have no clue what the /* pageview_candidate */ is about and frown upon omitting the {} of the if statement, but I must say I do like this.

The issue is now that errors are silent, which might make debugging a pain. Maybe a better option would be to have an error case where the API writes out an error to the console when the callback is not defined:

if(typeof callback = ‘function’) {
callback(... data … );
} else {
if (typeof console!==’undefined’ &&
typeof console.log !== ‘undefined’){
console.log(‘Error: Callback method not defined’);
}
}

All in all an interesting approach though!

Tags: , , , , ,

Share on Mastodon (needs instance)

Share on BlueSky

Newsletter

Check out the Dev Digest Newsletter I write every week for WeAreDevelopers. Latest issues:

Word is Doomed, Flawed LLM benchmarks, hard sorting and CSS mistakes Spot LLM benchmark flaws, learn why sorting is hard, how to run Doom in Word and how to say "no" like a manager.
30 years of JS, Browser AI, how attackers use GenAI, whistling code Learn how to use AI in your browser and not on the cloud, why AI makes different mistakes than humans and go and whistle up some code!
197: Dunning-Kruger steroids, state of cloud security, puppies>beer
196: AI killed devops, what now? LLM Political bias & AI security Learn how AI killed DevOps, create long tasks in JS, why 1 in 5 security breaches are AI generated code & play "The Scope Creep"
195: End of likes, JS Zoo and Tim Berners-Lee doesn't see AI vs Web Meta kills like buttons, Tim-Berners-Lee thinks AI won't kill the web, GitHub is ending toasts and the worst selling Microsoft product.

My other work: