It's not really _a JSON_ standard, it's more of securing the JSON, as it
says "The prefix renders the string syntactically invalid as a script so
that it cannot be hijacked". IBM is also using this in some of its
products. Support for it would be pretty simple. Just adding these lines:
if (jsonString.length > 4 && jsonString.substring(0, 4) == "{}&&") {
jsonString = jsonString.substring(4);
}
in
https://github.com/firebug/firebug/blob/master/extension/content/firebug/lib/json.js
line 24
On Wednesday, September 3, 2014 4:26:11 PM UTC+3, Alexandre Morgaut wrote:
>
> A simple test on http://jsonlint.com shows an error
>
> {}&&["foo","bar,"baz"]
>
> =>
>
> Parse error on line 3:
> { }&&[ "foo", "
> ------^
> Expecting 'EOF', '}', ',', ']'
>
>
> Le mardi 2 septembre 2014 23:01:32 UTC+2, [email protected] a écrit :
>>
>>
>> http://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/http/converter/json/MappingJackson2HttpMessageConverter.html#setPrefixJson-boolean-
>>
>> Yeah, its somewhat common standard.
>>
>> On Monday, September 1, 2014 9:43:35 PM UTC+3, Simon Lindholm wrote:
>>>
>>> We do some forms of such JSON prefix stripping, but not for {}&&. See
>>> https://github.com/firebug/firebug/blob/master/extension/content/firebug/lib/json.js.
>>>
>>> Is "{}&&" a common standard?
>>>
>>> Den söndagen den 31:e augusti 2014 kl. 22:25:19 UTC+2 skrev
>>> [email protected]:
>>>>
>>>> Prefixing the JSON string in this manner is used to help prevent JSON
>>>> Hijacking. The prefix renders the string syntactically invalid as a script
>>>> so that it cannot be hijacked. However firebug does not seem to be able to
>>>> evaluate it as JSON neither because firebug isn't creating the JSON tab
>>>> for
>>>> these kind of responses. Is this a bug, a feature or a defect?
>>>>
>>>> Would it be possible that when the returned JSON has {}&& prefix it
>>>> would work the same way like it doesn't have it, just cutting it out?
>>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Firebug" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/firebug.
To view this discussion on the web visit
https://groups.google.com/d/msgid/firebug/d67dfbfa-a9e9-4355-b460-71a5421a866d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
