What is the point to put deadlock code ahead of JSON in HTTP response?
When sniffing Gmail and Facebook traffic, I found there are leading deadlock code before JSON response of XmlHttpRequest.
For example
for (;;);{"t":"continue"}
and
while(1); [["v","nW3OxUDq0kU.en.","8","51bec53f21305d9c"],["di",86]]
开发者_JAVA技巧
What is the purpose of this "for(;;);" and "while(1);" deadlock?
It's to prevent people from remotely getting to that data from a remote domain by creating a <script>
to request it. Of course it has no effect on an XMLHttpRequest because with it you can just skip the infinite loop.
精彩评论