prefixing JSON在MappingJackson2HttpMessageConverter [英] Prefixing JSON in MappingJackson2HttpMessageConverter

查看:215
本文介绍了prefixing JSON在MappingJackson2HttpMessageConverter的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已经使用Spring / AngularJS和prevent JSON漏洞,我想preFIX所有JSON阵列响应)]}',\\ n - 看的引用

I've using Spring/AngularJS and to prevent JSON vulnerability, I'm trying to prefix all JSON array responses with ")]}',\n" - see reference.

我能够preFIX通过

I was able to prefix by 

     <mvc:annotation-driven>
     <mvc:message-converters>
     <bean id="mappingJackson2HttpMessageConverter" class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter" >
     <property name="jsonPrefix" value=")]}',\n" />
     </bean>
     </mvc:message-converters>
     </mvc:annotation-driven>

但问题是它的prefixing所有JSON响应与)]}',\\ n,我只需要preFIX的JSON阵列。有没有办法我只能设置JSON阵列响应的preFIX?谢谢你。

But the problem is it's prefixing all JSON responses with ")]}',\n" and I only need to prefix the JSON arrays. Is there a way I could only set the prefix for JSON array responses? Thanks.

推荐答案

而不是有preFIX这基本上使你的反应无效JSON考虑返回一个对象,而不是一个数组的。这将减轻攻击向量为好。

Instead of having a prefix which basically makes your response invalid JSON consider returning a object instead of an array. This will mitigate the attack vector as well.

{d: [1,2,3,4]}

这篇关于prefixing JSON在MappingJackson2HttpMessageConverter的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
JavaScript最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆