{"d":""} 在 asp.net webservice 响应中是什么意思 [英] What does {"d":""} means in asp.net webservice response
问题描述
我创建了一个简单的 C# asp.net web 服务函数,它返回一个字符串消息
我正在使用 jquery ajax 从页面调用它.
I've created a simple C# asp.net web service function which returns a string message
and I am calling it from page using jquery ajax.
C#:
[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Json)]
public string HelloWorld() {
return DateTime.Now.ToString();
}
JS:
$(document).ready(function() {
//alert("ready");
$.ajax({
type: "POST",
contentType: "application/json; chatset=utf-8",
url: "WebService2.asmx/HelloWorld",
data: "{}",
dataType: "json",
success: function(msg) {
//alert(msg); //doesnt works
alert(msg.d);
}
});
});
我的问题是为什么 alert(msg);
不起作用
My question is that why does alert(msg);
doesnt works
推荐答案
这是一种安全加固机制.
It's a security hardening mechanism.
本质上,它有助于防止攻击者从受害者网站读取 JavaScript 数组(下载为 Json)的 CSRF 类型的攻击.他们可以通过覆盖 JavaScript 的 Array 类型来做到这一点.d
导致返回的 Json 不是数组,从而使 Array 覆盖对攻击者无用.
Essentially, it helps protecting against CSRF type of attacks where the attacker reads a JavaScript array (downloaded as Json) from a victim website. They can do that by overriding JavaScript's Array type. d
causes the returned Json to not be an array and thus turns Array overriding useless for the attacker.
查看这篇很棒的博文:http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx
这篇关于{"d":""} 在 asp.net webservice 响应中是什么意思的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!