In this, the sixth post in the rails 4 tutorial, we change our clubs list page to use ngGrid instead of our home-made table. We also implement an edit page for our clubs. A key difference from the rails 3 version of this tutorial is that we’re implementing our edit page as a page rather than a modal dialog.
If you have dropped into the middle of the tutorial you can find the code from the previous step in this tutorial at github:PaulL:tutorial_5, or you can find those tutorial pages either from the index page, or by hitting the tutorials menu in the menu bar above.
In reading the AngularJS documentation for the $http service, there is a very clear warning about a potential JSON/JSONP vulnerability. The short version of this is that JSONP was introduced as a technique to build mashups and composite applications, it allows one domain to call services on another domain.
The outline description of this can be found on the AngularJS $http page, in the security considerations section.
The CSRF vulnerability mentioned on that page is dealt with in this post on this blog. This post provides my current solution to the JSON/JSONP issue.