Why is there a for(;;); preamble in facebooks JSON responses?

 

This question already has an answer here:

  • Why does Google prepend while(1); to their JSON responses? 6 answers

    • See this StackOverflow post: How to restrict JSON access?

    In particular this comment within that thread: for/while loops in JSON responses

    Basically this is used so that attackers can't get the URL and include it on their page and have JavaScript now put the variables on the page because as soon as the request has been serviced the browser will go into an infinite loop not allowing other JavaScrip access to said variables which would potentially allow attackers to use your browser to get information that is meant to stay private.

    Basically this just runs an infinite loop when parsed. That way, the user's browser freezes (eventually providing a popup allowing the user to stop the script), and the data is never actually read. Hope this makes sense!

    链接地址: http://www.djcxy.com/p/8376.html

    上一篇: 为什么在使用json时使用CJSON编码?

    下一篇: 为什么有一个for(;;); 序言在Facebook的JSON响应?