Is this really a JSON response?

Question

Is this really a JSON response?

Guru Guru

I call the corporate application's REST APIs that remain nameless and they return JSON, for example the following:

throw 'allowIllegalResourceCall is false.';
{
  "data": ... loads of valid JSON stuff here ...
}

Is this really JSON? If (as I suspect) this is not the case, are there any good reasons for these types of fraud?

The answer I received from the application provider is that this is done for security purposes, but I'm struggling to figure out how this improves security, if at all.

Thanks in advance!

Peter

+5

json security rest

Peter May 23 '11 at 21:32

source share

6 answers

JSON. , , , JIVE:). JIVE api. V3 API. , . ( , JIVE )

//invalid jason response... https://developers.jivesoftware.com/community/thread/2153  
 jiveResponse = jiveResponse.Replace
 ("throw 'allowIllegalResourceCall is false.';",String.Empty);

+3

Hitesh 04 . '14 1:15

: CSRF. URL- JSON <script>, . , URL- JSON API, .

, Object.prototype / Array.prototype, , ( JSON javascript). throw , javascript, , <script>.

+1

Clueless 01 . '11 21:48

JSON. , , - ?

. , .

0

Diego Sevilla 23 '11 21:33

throw 'allowIllegalResourceCall is false.';, , JSON.

MIME ?

0

Stu Mackellar 23 '11 21:34

, , JSON Hijacking. JSON Hijacking , JSON. , , JSON .

, , JSON.

0

Behrang 05 '13 12:26

Kenoyer130 · Accepted Answer · 2011-05-23T21:33:40+0000

According to

http://jsonlint.com/

This is not true.

Something like below.

{
    "data": "test"
}

Do you expect to pull JSon load from the message above?

Is this really a JSON response?

More articles: