0

I've been reading and I know there are similar questions, but I found no answer of what I'm looking for.

So it's about, for(;;); while(1); before the json string is outputted by an Ajax response.

Now what I wonder is how will this work? I'd like to try to use the same technique as many famous sites does like Facebook with for(;;);

So in the ajax.php file this is what I think has to be done:

ajax.php

$arr = array("value" => "something", "moreValues" => "moreSomething");
die("for(;;);".json_encode($arr));

Now the respone would be:

for(;;);{"value":"something","moreValues":"moreSomething"}

What shall I do with this string now? shall i remove for(;;); with a substr or something and then use JSON.parse(string); (Then why did I even send the for(;;); in the response if i'm going to remove it directly..?

And how will this help me with security issues, and how will a "user" enter the infinity loop for(;;); if something is wrong?

I know I am missing something, and I haven't found any example which demonstrates how to perform this. Anyone? And please if you find this question as a duplicate, please refer to an example where it's demonstrated in CODE not in words. Thanks!

Kilise
  • 947
  • 4
  • 14
  • 30
  • http://stackoverflow.com/questions/2669690/why-does-google-prepend-while1-to-their-json-responses **and** http://stackoverflow.com/questions/6339790/what-does-a-ajax-call-response-like-for-json-data-mean – Ian May 31 '13 at 18:26
  • i've read those articles 20 times, i'd like a better demonstrations in more code less words – Kilise May 31 '13 at 18:28
  • If you've read those questions and answer 20 times, you wouldn't be asking questions like `What shall I do with this string now?`, `Then why did I even send the for(;;); in the response if i'm going to remove it directly..?`, `And how will this help me with security issues, and how will a "user" enter the infinity loop for(;;); if something is wrong?` – Ian May 31 '13 at 18:30
  • if you know the answer, could you show me in code how this works ? – Kilise May 31 '13 at 18:32
  • You've already solved it - `shall i remove for(;;); with a substr or something and then use JSON.parse(string);`. The reasoning for everything is in the questions/answer I linked, the code is up to you, how you want to implement it. The response is just a string, so that seems fine to me – Ian May 31 '13 at 18:34
  • What you're missing is that when one refers to a URL via a ` – Barmar May 31 '13 at 18:34
  • alright starts to make some sense but I'm still stuck, could you show me an example? – Kilise May 31 '13 at 18:37
  • 1
    It would just repeat the examples from the questions Ian linked to. – Barmar May 31 '13 at 18:41

1 Answers1

0

I solved this with some simple Javascript, that might be used like this:

$.ajax({
    url: mylink',
    type: 'post',
    complete: function(){
        self.removeAttr('disabled');    
        removeLoading();
    },
    success: function(data){
        s1 = new handleData(data);
        if(s1.getError()){
            return setMsgPopup(s1.getError(),1);
        }

        arr = s1.getResult();

    }
});

Here is the handleData class:

var handleData = (function(){
    var result=false;
    var error=false;
    var objSize=0;

    var handleData = function(data){
        fixedData = data;
        arr = data.split('for (;;);'); 

        if(!arr[1]){
            this.result = false;
        }else{
            fixedData = arr[1];
        }

        try{
            this.result = JSON.parse(fixedData);
        }catch(e){
            this.result = false;
        }

        if(this.result){
            if(this.result['t'] == undefined){
                if(this.result['error'] != undefined)
                    this.setError(this.result['msg']);
                else
                    this.setError("An error have occured.");
            }
            if(this.result['error'] != undefined)
                this.setError(this.result['msg']);

            if(this.result['t'])
                delete this.result['t'];            
        }else
            this.setError("An error have occured.");

        this.setSize();
    };

    handleData.prototype.setError = function(msgError){
        this.error = msgError;
    };

    handleData.prototype.getError = function(){
        return this.error;
    };

    handleData.prototype.getResult = function(){
        return this.result;
    };

    handleData.prototype.setSize = function(){
        if(!this.result)
            return;

        var size =0;
        for(key in this.result) {
            if(this.result.hasOwnProperty(key))
                size++;
        }
        this.objSize = size;
    }

    handleData.prototype.getSize = function(){
        return this.objSize;
    };

    return handleData;
})();

Notice this code is old as the question itself. It could be done better, but this is how I fixed it that time.

Kilise
  • 947
  • 4
  • 14
  • 30