A simple test on http://jsonlint.com shows an error
{}&&["foo","bar,"baz"]
=>
Parse error on line 3:
{ }&&[ "foo", "
------^
Expecting 'EOF', '}', ',', ']'
Le mardi 2 septembre 2014 23:01:32 UTC+2, [email protected] a écrit :
>
>
> http://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/http/converter/json/MappingJackson2HttpMessageConverter.html#setPrefixJson-boolean-
>
> Yeah, its somewhat common standard.
>
> On Monday, September 1, 2014 9:43:35 PM UTC+3, Simon Lindholm wrote:
>>
>> We do some forms of such JSON prefix stripping, but not for {}&&. See
>> https://github.com/firebug/firebug/blob/master/extension/content/firebug/lib/json.js.
>>
>> Is "{}&&" a common standard?
>>
>> Den söndagen den 31:e augusti 2014 kl. 22:25:19 UTC+2 skrev
>> [email protected]:
>>>
>>> Prefixing the JSON string in this manner is used to help prevent JSON
>>> Hijacking. The prefix renders the string syntactically invalid as a script
>>> so that it cannot be hijacked. However firebug does not seem to be able to
>>> evaluate it as JSON neither because firebug isn't creating the JSON tab for
>>> these kind of responses. Is this a bug, a feature or a defect?
>>>
>>> Would it be possible that when the returned JSON has {}&& prefix it
>>> would work the same way like it doesn't have it, just cutting it out?
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Firebug" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/firebug.
To view this discussion on the web visit
https://groups.google.com/d/msgid/firebug/a699c325-d5b9-410b-af6d-6adf3b6af385%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
