```html

Google Finance JSONP: A Historical Perspective

While Google Finance remains a popular platform for tracking market data, its historical use of JSONP (JSON with Padding) for providing real-time and delayed stock quotes is now largely defunct. It's important to understand why JSONP was used, and why it's no longer a viable approach.

JSONP: A Workaround for Cross-Origin Restrictions

JSONP emerged as a clever hack to bypass the Same-Origin Policy (SOP) enforced by web browsers. SOP prevents JavaScript code running within a web page from making requests to a different domain than the one that served the web page. This security measure is in place to protect users from malicious scripts accessing sensitive data from other websites.

However, the need to access data from different domains is legitimate in many scenarios. JSONP provided a loophole. It exploited the fact that the <script> tag is not subject to the same-origin policy. JSONP works by dynamically creating a <script> tag that points to a URL on the remote server. The server, instead of returning plain JSON, wraps the JSON data within a JavaScript function call.

For instance, a request to Google Finance might have looked like this:

<script src="https://www.google.com/finance/info?client=ig&q=AAPL&callback=myCallback"></script> 

Google Finance, instead of returning just {"symbol": "AAPL", "price": 150.00}, would return something like:

myCallback([{"symbol": "AAPL", "price": 150.00}]); 

The myCallback function, defined in your own JavaScript code, would then be executed with the JSON data as its argument. This effectively allowed the web page to access data from Google Finance's domain.

Why JSONP is Obsolete for Google Finance

JSONP has several drawbacks, making it less desirable than modern alternatives like CORS (Cross-Origin Resource Sharing):

• Security Risks: JSONP relies on trusting the remote server completely. Since the response is executed as JavaScript, a compromised server could inject malicious code into your website.
• GET Requests Only: JSONP only supports GET requests, limiting the types of data you can send to the server.
• Error Handling: Error handling with JSONP is clumsy and unreliable.

Modern browsers and web servers now support CORS, which provides a more secure and flexible way to enable cross-origin requests. CORS uses HTTP headers to control which domains are allowed to access resources on a given server. Because of these security enhancements and flexibility with other HTTP request methods, Google, along with many other APIs, has moved away from JSONP.

Modern Alternatives

If you need to access financial data from Google or other providers today, you'll typically use:

• Official APIs: Look for official APIs offered by financial data providers. These usually require authentication and provide data in JSON format.
• CORS-Enabled APIs: Use APIs that support CORS. These APIs can be accessed directly from your JavaScript code if the server explicitly allows your domain.
• Server-Side Proxy: If you need to access an API that doesn't support CORS or requires authentication, you can create a server-side proxy. Your JavaScript code makes requests to your server, which then forwards the request to the external API. Your server can then return the data to your client after sanitizing and filtering as needed. This approach gives you more control over the security and data handling process.

In conclusion, while Google Finance once used JSONP, it's no longer a viable or recommended method for accessing financial data. Modern APIs and CORS offer more secure and robust alternatives.

```