{"d":""} 在 asp.net webservice 响应中是什么意思 [英] What does {"d":""} means in asp.net webservice response

问题描述

我创建了一个简单的 C# asp.net web 服务函数，它返回一个字符串消息
我正在使用 jquery ajax 从页面调用它.

I've created a simple C# asp.net web service function which returns a string message
and I am calling it from page using jquery ajax.

C#:

[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Json)]
public string HelloWorld() {
    return DateTime.Now.ToString();
}

JS:

    $(document).ready(function() {
    //alert("ready");
        $.ajax({
            type: "POST",
            contentType: "application/json; chatset=utf-8",
            url: "WebService2.asmx/HelloWorld",
            data: "{}",
            dataType: "json",
            success: function(msg) {
                //alert(msg); //doesnt works
                alert(msg.d);
            }
        });
    });

我的问题是为什么 alert(msg); 不起作用

My question is that why does alert(msg); doesnt works

推荐答案

这是一种安全加固机制.

It's a security hardening mechanism.

本质上，它有助于防止攻击者从受害者网站读取 JavaScript 数组(下载为 Json)的 CSRF 类型的攻击.他们可以通过覆盖 JavaScript 的 Array 类型来做到这一点.d 导致返回的 Json 不是数组，从而使 Array 覆盖对攻击者无用.

Essentially, it helps protecting against CSRF type of attacks where the attacker reads a JavaScript array (downloaded as Json) from a victim website. They can do that by overriding JavaScript's Array type. d causes the returned Json to not be an array and thus turns Array overriding useless for the attacker.

查看这篇很棒的博文:http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx

这篇关于{"d":""} 在 asp.net webservice 响应中是什么意思的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！