为什么有（;;）; facebook中的序言JSON响应？ [英] Why is there a for(;;); preamble in facebooks JSON responses?

问题描述

为什么有（;;）; facebook中的序言JSON响应？

Why is there a for(;;); preamble in facebooks JSON responses?

推荐答案

请参阅此StackOverflow帖子：如何限制JSON访问？

See this StackOverflow post: How to restrict JSON access?

特别是该帖子中的这条评论：用于JSON响应中的/ while循环

In particular this comment within that thread: for/while loops in JSON responses

基本上这是用来让攻击者无法获取URL并将其包含在他们的页面上并让JavaScript现在将变量放在页面上，因为只要请求已被服务，浏览器将进入无限循环，不允许其他JavaScrip访问所述变量，这可能允许攻击者使用您的浏览器获取旨在保持私密的信息。

Basically this is used so that attackers can't get the URL and include it on their page and have JavaScript now put the variables on the page because as soon as the request has been serviced the browser will go into an infinite loop not allowing other JavaScrip access to said variables which would potentially allow attackers to use your browser to get information that is meant to stay private.

这篇关于为什么有（;;）; facebook中的序言JSON响应？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！