开发者

What is the point to put deadlock code ahead of JSON in HTTP response?

问答 作者:

When sniffing Gmail and Facebook traffic, I found there are leading deadlock code before JSON response of XmlHttpRequest.

For example

for (;;);{"t":"continue"}

and

while(1); [["v","nW3OxUDq0kU.en.","8","51bec53f21305d9c"],["di",86]]
开发者_JAVA技巧

What is the purpose of this "for(;;);" and "while(1);" deadlock?

It's to prevent people from remotely getting to that data from a remote domain by creating a <script> to request it. Of course it has no effect on an XMLHttpRequest because with it you can just skip the infinite loop.

继续阅读:deadlockhttpjavascriptjson

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9