We do some forms of such JSON prefix stripping, but not for {}&&. See
https://github.com/firebug/firebug/blob/master/extension/content/firebug/lib/json.js.
Is "{}&&" a common standard?
Den söndagen den 31:e augusti 2014 kl. 22:25:19 UTC+2 skrev
[email protected]:
>
> Prefixing the JSON string in this manner is used to help prevent JSON
> Hijacking. The prefix renders the string syntactically invalid as a script
> so that it cannot be hijacked. However firebug does not seem to be able to
> evaluate it as JSON neither because firebug isn't creating the JSON tab for
> these kind of responses. Is this a bug, a feature or a defect?
>
> Would it be possible that when the returned JSON has {}&& prefix it would
> work the same way like it doesn't have it, just cutting it out?
>
--
You received this message because you are subscribed to the Google Groups
"Firebug" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/firebug.
To view this discussion on the web visit
https://groups.google.com/d/msgid/firebug/89440778-e548-4d31-9e47-4c7d1b8c1405%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
