{“ d”:”在ASP.NET Web服务响应中是什么意思 [英] What does {"d":""} means in asp.net webservice response
问题描述
我创建了一个简单的C#asp.net Web服务函数,该函数返回字符串消息
,我使用jquery ajax从页面调用它。
I've created a simple C# asp.net web service function which returns a string message
and I am calling it from page using jquery ajax.
C#:
[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Json)]
public string HelloWorld() {
return DateTime.Now.ToString();
}
JS:
$(document).ready(function() {
//alert("ready");
$.ajax({
type: "POST",
contentType: "application/json; chatset=utf-8",
url: "WebService2.asmx/HelloWorld",
data: "{}",
dataType: "json",
success: function(msg) {
//alert(msg); //doesnt works
alert(msg.d);
}
});
});
我的问题是为什么 alert(msg);
不起作用
My question is that why does alert(msg);
doesnt works
推荐答案
这是一种安全强化机制。
It's a security hardening mechanism.
从本质上讲,它有助于防止CSRF类型的攻击,其中攻击者从受害者的网站读取JavaScript数组(以Json下载)。他们可以通过覆盖JavaScript的Array类型来做到这一点。 d
导致返回的Json不是数组,从而使数组覆盖对攻击者无用。
Essentially, it helps protecting against CSRF type of attacks where the attacker reads a JavaScript array (downloaded as Json) from a victim website. They can do that by overriding JavaScript's Array type. d
causes the returned Json to not be an array and thus turns Array overriding useless for the attacker.
请参阅此处很棒的博客文章: http:// haacked .com / archive / 2008/11/20 / anatomy-of-a-subtle-json-vulnerability.aspx
See this great blog post: http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx
这篇关于{“ d”:”在ASP.NET Web服务响应中是什么意思的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!