Strange JSON response in Google Plus

Question

While I was debugging an error in Google Plus (while importing FB contacts from Yahoo) I've discovered strange JSON response:

)]}'

[[["er",,,,,500]
,["e",2,,,57]
],'45932b7d6d6dc08e']

Is it some variation of JSONP? Reminds me of an SQL injection rather... So, what's the purpose of the closing brackets and quote at the beginning?

Answer 1

It's basically JSON with nulls removed and the garbage added at the beginning to thwart XSRF. Here's some PHP code that will decode it (from an unofficial Google Plus API I'm working on).

https://github.com/jmstriegel/php.googleplusapi/blob/master/lib/GooglePlus/GoogleUtil.php

Answer 2

It might be an XSRF defense similar to the one described at What does a Ajax call response like 'for (;;); { json data }' mean?