Menu
I've noticed that some web applications return AJAX responses with JSON data embedded within a comment block. For example, this would be a sample response:
/*{
"firstName": "John",
"lastName": "Smith",
"address": {
"streetAddress": "21 2nd Street",
"city": "New York",
"state": "NY",
"postalCode": 10021
},
"phoneNumbers": [
"212 555-1234",
"646 555-4567"
]} */
What is the benefit of embedding the JSON data in a comment block? Is there some sort of security exploit which is avoided by doing this?
320
It's done to avoid a third party site hijacking your data using a <script> tag and overriding the Object constructor to grab the data as it is built.
When the JSON data is surrounded by comments, it no longer is directly executable via a <script> tag, and thereby "more secure".
See the PDF at http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf for more information (with examples)
58
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
