// JSONscriptRequest -- a simple class for accessing JSON servers
// using dynamically generated script tags
//
// Author: James Inge, 16 Jun 2008
// Original Author: Jason Levitt, 7 Dec 2005
//
// A SECURITY WARNING FROM DOUGLAS CROCKFORD:
// "The dynamic <script> tag hack suffers from a problem. It allows a page 
// to access data from any server in the web, which is really useful. 
// Unfortunately, the data is returned in the form of a script. That script 
// can deliver the data, but it runs with the same authority as scripts on 
// the base page, so it is able to steal cookies or misuse the authorization 
// of the user with the server. A rogue script can do destructive things to 
// the relationship between the user and the base server."
//
// So, be extremely cautious in your use of this script.
//

// Use: -- pass a JSON URL to the function
//

// Static script ID counter
JSONscriptCounter = 1;

function JSONrequest(fullUrl) {
    // Keep IE from caching requests
    var noCacheIE = '&noCacheIE=' + (new Date()).getTime();
    // Get the DOM location to put the script tag
    var headLoc = document.getElementsByTagName("head").item(0);
    // Generate a unique script tag id
    var scriptId = 'JSONscript' + JSONscriptCounter++;

    // Create the script tag
    var scriptObj = document.createElement("script");
    
    // Add script object attributes
    scriptObj.setAttribute("type", "text/javascript");
    scriptObj.setAttribute("src", fullUrl + noCacheIE);
    scriptObj.setAttribute("id", scriptId);

    // Create the script tag (executing the server script)
    headLoc.appendChild(scriptObj);

    // Destroy the script tag
//    headLoc.removeChild(scriptObj);  
}