开发者

What is the point to put deadlock code ahead of JSON in HTTP response?

When sniffing Gmail and Facebook traffic, I found there are leading deadlock code before JSON response of XmlHttpRequest.

For example

for (;;);{"t":"continue"}

and

while(1); [["v","nW3OxUDq0kU.en.","8","51bec53f21305d9c"],["di",86]]
开发者_JAVA技巧

What is the purpose of this "for(;;);" and "while(1);" deadlock?


It's to prevent people from remotely getting to that data from a remote domain by creating a <script> to request it. Of course it has no effect on an XMLHttpRequest because with it you can just skip the infinite loop.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜