Cross-domain JSON resources may be exposed as JavaScript variable data – Opera Security Advisories
Severity Moderate Description JSON strings are sometimes exported by sites as a resource that cannot be read cross-domain, and may contain confidential data. The format of a JSON string ensures that it cannot be read as the contents of a variable, if it is included as a normal script. In some cases, Opera does not…