开发者

Curious: what is this syntax that Facebook's polling services is using during the callback

I was watching the Network Monitor on Chrome's developer tool seeing how Facebook updates content throughout their news feed.

All of the responses from AJAX begin with the following:

for (;;);{"__ar":1,"payload":[]}

What is the for(;;); piece doing?

Is this part of their custom JS framework? Or is this native and just something开发者_如何转开发 I am unfamiliar with?

It seems to be loading as a json object when I preview it.


It appears to be a lame attempt at content protection (DRM). The for() loop is basically infinite. The intention appears to be that anyone sourcing their AJAX request with javascript naively will end up with code that hangs because of the infinite loop.

The for() loop would also generate errors for standard JSON parsers like those found in jQuery or YUI or even from JSON.org. To consume the request you need to write your own parser or first remove the for() loop from the request.

Which is why I said this looks lame. Because it isn't difficult to remove the for() loop from the string with a bit of code.


It's not really content protection per se; as has been noted, it is trivial to work around it. The likely purpose is to "break" apps that simply take the string and feed it to a javascript eval() function. That approach was once quite common, and still can be found more often than you would think. I suspect there are quite a few programmers out there who think that is actually the proper way to parse a JSON string into javascript variables. Adding the for-loop to the beginning of the string loosely enforces a parse-instead-of-eval rule. Of course it's still trivial to work around it if the programmer is dead set on using eval. I would say it's meant more as a broken-code detector that will force old (and lazy) coding to be corrected.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜