Menu
I noticed an empty comment block in JSONP output returned by facebook graph api for all methods.
URL that I called :
https://graph.facebook.com/NUMERIC_FACEBOOK_ID/friends?access_token=ACCESS_TOKEN_STRING&callback=theGreatFunction
The JSONP output is :
/**/ theGreatFunction({
"data": [
{
"name": "First Friend",
"id": "XXXX"
},
{
"name": "Second Friend",
"id": "XXXXXX"
},
........
My question is : What does the empty comment block /* */ before the callback function signify ?
Does it have a peculiar purpose ? Does it fix any known javascript gotcha ?
204
We added this to protect against an attack where a third party site bypasses the content-type of the response by doing:
<object type="application/x-shockwave-flash"
data="http://graph.facebook.com?callback=[specifically crafted flash bytes]">
</object>
Google does something similar, except they use //... + \n (e.g. http://www.google.com/calendar/feeds/[email protected]/public/full?alt=json&callback=foo)
160
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
