- don't use javascript arrays to return as a json string
It really doesn't matter if it's an array or object, if it's valid json that
the browser will attempt to execute it's vulnerable.
http://haacked.com/archive/2009/06/25/json-hijacking.aspx
The fact that this is a JSON array is important.
On 7/10/11 4:34 AM, Christian Grobmeier wrote:
Maybe there are other exploits, but only know what you sent as links.
And those are saying you need a JSON array because JSON objects are
not valid js statements.
You clearly didn't read all the links I included, or do your own search
as I
On Thu, Jun 30, 2011 at 4:12 AM, Johannes Geppert jo...@apache.org wrote:
What about further development as a plugin outside of the Struts Project?
We can create a project at Google Code or Github like the jQuery Plugin.
Who is we? If we is a group of Struts committers, why would we
take the
Maybe there are other exploits, but only know what you sent as links.
And those are saying you need a JSON array because JSON objects are
not valid js statements.
...
Yesterday, I blogged about how to steal data from JSON by overriding the
Array constructor. Today, we break into Objects too.