Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configurable JSON prefix on MappingJackson2JsonView and MappingJacksonJsonView [SPR-10567] #15196

Closed
spring-issuemaster opened this issue May 15, 2013 · 2 comments
Assignees
Milestone

Comments

@spring-issuemaster
Copy link
Collaborator

@spring-issuemaster spring-issuemaster commented May 15, 2013

Luke Biddell opened SPR-10567 and commented

Spring MVC currently prevents JSON hijacking by prefixing the response with "{} &&" if the prefixJSON bean property is set.

Could we make the actual prefix a configurable bean property?

AngularJS, for example, has built in support for this prefix ")]}',".

See the docs here http://docs.angularjs.org/api/ng.$http.

This would allow us to employ other common prefixes such as "while(1);" and so forth.


Affects: 3.2 GA

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

@spring-issuemaster spring-issuemaster commented May 15, 2013

Juergen Hoeller commented

I've introduced a corresponding "jsonPrefix" bean property for 3.2.3 and 4.0 M1 now, to be released towards the end of this week.

Juergen

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

@spring-issuemaster spring-issuemaster commented May 15, 2013

Luke Biddell commented

Outstanding, many thanks for the quick turnaround.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.