Internet Explorer's introduction of XmlHttpRequest allowed for a relatively simple means for web applications to communicate with the server after page load, spawning the Ajax craze. XMLHttpRequests's same origin policy restricts request to the originating site, which prevents third-party sites from making cookie-authenticated requests to other sites and capturing and forwarding private information. This is a good thing.

There are, however, legitimate cases in which client-side code would make a request across domains to XML that is not restricted by authentication. If no other means are provided, there is no way to get at this data with pure JavaScript code. This is a bad thing.

The problem has prompted the popularity of JSONP in web APIs, in which the output is JSON, and a callback parameter may be specified. This allows data to be fetched across domains by appending dynamically created script tags. While servers must be careful to not serve any non-public information with this method, it has been adopted as a workable solution. Many popular API such as Flickr and Twitter support this format.

Still, this leaves the problem of XML payloads fetchable by GET that do not offer JSON output. JSON Proxy exists to provide a mechanism for client-side JavaScript to access resources at these locations. The form at http://jsonproxy.appspot.com/proxy takes GET requests with (at present) two parameters. They are:

url=<url> The URL to fetch the document from. Required.
callback=<callback> The callback to call with the resulting JSON object. Must be made of these characters: "A-Za-z0-9._". Optional.

JSON Proxy will fetch the XML document specified in url (it may cache up to an hour) and convert that document to JSON. At present, it follows, roughly, the conventions at BadgerFish, with the exception of namespace handling, which will be added.

By converting to JSON, the JSON proxy can act as the intermediary between the third-party server and your browser. Also, JSON Proxy will make its requests without cookies, so there's no chance of accidentally fetching restricted content.

In short, the resulting JSON will be roughly as follows.

• A single tag will be a direct hash from tag name to a new object:
  <foo><bar>...</bar></foo> -> {"foo" : {"bar" : {...}}}
• Multiple tag will be a direct hash from the tag name to an array:
  <foo><bar>...</bar><bar>...</bar></foo> -> {"foo" : {"bar" : [{...}, {...}]}}
• Attributes will be prefaced with "@" in the hash:
  <foo key="value"></foo> -> { "foo" : {"@key" : "value"}}
• Text will be under the key "$":
  <foo>bar</foo> -> { "foo" : {"$" : "bar"}}

If there is an error of some sort (URL not found, bad XML, etc), the error string will be at the root of the JSON object under the special key "$error". For example: {"$error": "error string"}

This proxy was written by Nathan Naze. The source is available at http://code.google.com/p/jsonproxy/.