An attacker targets a system that uses JavaScript Object Notation (JSON)
						as a transport mechanism between the client and the server (common in Web
						2.0 systems using AJAX) to steal possibly confidential information
						transmitted from the server back to the client inside the JSON object by
						taking advantage of the loophole in the browser's Single Origin Policy that
						does not prohibit JavaScript from one website to be included and executed in
						the context of another website.