{“ d”：”在ASP.NET Web服务响应中是什么意思 [英] What does {"d":""} means in asp.net webservice response

问题描述

我创建了一个简单的C＃asp.net Web服务函数，该函数返回字符串消息

，我使用jquery ajax从页面调用它。

I've created a simple C# asp.net web service function which returns a string message
and I am calling it from page using jquery ajax.

C＃：

[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Json)]
public string HelloWorld() {
    return DateTime.Now.ToString();
}

JS：

    $(document).ready(function() {
    //alert("ready");
        $.ajax({
            type: "POST",
            contentType: "application/json; chatset=utf-8",
            url: "WebService2.asmx/HelloWorld",
            data: "{}",
            dataType: "json",
            success: function(msg) {
                //alert(msg); //doesnt works
                alert(msg.d);
            }
        });
    });

我的问题是为什么 alert（msg）; 不起作用

My question is that why does alert(msg); doesnt works

推荐答案

这是一种安全强化机制。

It's a security hardening mechanism.

从本质上讲，它有助于防止CSRF类型的攻击，其中攻击者从受害者的网站读取JavaScript数组（以Json下载）。他们可以通过覆盖JavaScript的Array类型来做到这一点。 d 导致返回的Json不是数组，从而使数组覆盖对攻击者无用。

Essentially, it helps protecting against CSRF type of attacks where the attacker reads a JavaScript array (downloaded as Json) from a victim website. They can do that by overriding JavaScript's Array type. d causes the returned Json to not be an array and thus turns Array overriding useless for the attacker.

请参阅此处很棒的博客文章： http：// haacked .com / archive / 2008/11/20 / anatomy-of-a-subtle-json-vulnerability.aspx

See this great blog post: http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx

这篇关于{“ d”：”在ASP.NET Web服务响应中是什么意思的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！