5

Possible Duplicate:
Empty “for” loop in Facebook ajax
what does AJAX call response like for (;;); { json data } mean?

While analyzing some facebook ajax requests body i noticed that every code starts with for (;;);, folloed by an json object

something like 

for (;;); {"a":1,"b":"\u003cdiv"}

I googled after this structure but found nothing.

What could be the reason for this "for" structure at the beginning of every ajax response?

Community
  • 1
  • 1
humeniuc
  • 211
  • 1
  • 2
  • 8

2 Answers2

1

A for like this (note that there isn't the ';' after the bracket):

for (;;)

means an infinite loop where the statements executed are those between the brackets.

Instead, a for like this:

for (;;);

means an infinite loop with no statement.

Aurelio De Rosa
  • 20,508
  • 8
  • 45
  • 69
0

Its for security, it keeps out other clients that try to intercept their AJAX calls. Basicly if you'd eval it straight away your browser would crash because of the endless loop, they just add another layer of (ob)security.

Nothing to worry about for you.

TJHeuvel
  • 11,562
  • 3
  • 35
  • 46
  • That doesn't strike me as secure. Or even remotely hard to get around. – Thor84no Oct 20 '11 at 14:09
  • And now that I know about it, what prevents me from removing the first part of the response and evaluating the rest? – Felix Kling Oct 20 '11 at 14:09
  • Its something, and it keeps some script-kiddies out. – TJHeuvel Oct 20 '11 at 14:09
  • @Felix, absolutely nothing, and thats what Facebook most likely does itself. However that argument could be used for every type of security, what prevents you from just NOP-ing out the security routines. You have to start somewhere. – TJHeuvel Oct 20 '11 at 14:10
  • I'm not saying you're wrong about why it's added, but it won't keep anyone out. If you have the will to work out how to intercept it it won't have to crash more than a couple of times before you work out why.. – Thor84no Oct 20 '11 at 14:11
  • That argument could certainly not be used for every type of security. Two way hashing/encryption comes to mind for example. – Thor84no Oct 20 '11 at 14:13