prefixing JSON在MappingJackson2HttpMessageConverter [英] Prefixing JSON in MappingJackson2HttpMessageConverter
问题描述
我已经使用Spring / AngularJS和prevent JSON漏洞,我想preFIX所有JSON阵列响应)]}',\\ n - 看的引用。
I've using Spring/AngularJS and to prevent JSON vulnerability, I'm trying to prefix all JSON array responses with ")]}',\n" - see reference.
我能够preFIX通过
I was able to prefix by
<mvc:annotation-driven>
<mvc:message-converters>
<bean id="mappingJackson2HttpMessageConverter" class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter" >
<property name="jsonPrefix" value=")]}',\n" />
</bean>
</mvc:message-converters>
</mvc:annotation-driven>
但问题是它的prefixing所有JSON响应与)]}',\\ n,我只需要preFIX的JSON阵列。有没有办法我只能设置JSON阵列响应的preFIX?谢谢你。
But the problem is it's prefixing all JSON responses with ")]}',\n" and I only need to prefix the JSON arrays. Is there a way I could only set the prefix for JSON array responses? Thanks.
推荐答案
而不是有preFIX这基本上使你的反应无效JSON考虑返回一个对象,而不是一个数组的。这将减轻攻击向量为好。
Instead of having a prefix which basically makes your response invalid JSON consider returning a object instead of an array. This will mitigate the attack vector as well.
{d: [1,2,3,4]}
这篇关于prefixing JSON在MappingJackson2HttpMessageConverter的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!