PDA

View Full Version : json hijacking



louis.maconi
18 Mar 2015, 12:24 PM
Just wondering if sencha has implemented anything in extjs for developers to use to mitigate the possibility of json hijacking. Anyone know of anything already built-in for that?

skirtle
18 Mar 2015, 6:09 PM
Not as far as I'm aware.

Most techniques to defend against this can be enforced purely on the server. If you're thinking of adding something like the while(1) trick then you could trivially override Ext.decode and Ext.JSON.decode to strip it out. Always using a root-level object (as opposed to an array) seems easier though.