In light of posts such as these:
JSON unparseable cruft: Why so serious?
Why do people put code like "throw 1; <dont be evil>" and "for(;;);" in front of json responses?
Why does Google prepend while(1); to their JSON responses?
I would like to follow the advice laid out in the following answer: How should web app developers defend against JSON hijacking?
Is there an easy way to add an unparsable cruft to JSON responses built using System.Web.Mvc.JsonResult
? The security.se
post suggests that I use </*
at the beginning of the response.