Ignore leading garbage in JSON responses.

This accomodates a workaround for a known JSON flaw, which involves prepending "while(1);" to otherwise-valid JSON responses. See http://ejohn.org/blog/re-securing-json/ for more info.
stcui · Dec 12, 2011 · 6f400f3 · 6f400f3
1 parent c23a554
commit 6f400f3
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/JSON Formatter.safariextension/Info.plist b/JSON Formatter.safariextension/Info.plist
@@ -5,15 +5,15 @@
 	<key>Author</key>
 	<string>Rick Fletcher</string>
 	<key>Builder Version</key>
-	<string>7534.48.3</string>
+	<string>7534.52.7</string>
 	<key>CFBundleDisplayName</key>
 	<string>JSON Formatter</string>
 	<key>CFBundleIdentifier</key>
 	<string>ch.flet.safari.jsonformatter</string>
 	<key>CFBundleInfoDictionaryVersion</key>
 	<string>6.0</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.0.2</string>
+	<string>1.0.3</string>
 	<key>CFBundleVersion</key>
 	<string>3</string>
 	<key>Chrome</key>
@@ -48,6 +48,6 @@
 	<key>Update Manifest URL</key>
 	<string>http://github.com/rfletcher/safari-json-formatter/raw/latest/Update.plist</string>
 	<key>Website</key>
-	<string>http://github.com/rfletcher/safari-json-formatter</string>
+	<string>http://github.com/bjhomer/safari-json-formatter</string>
 </dict>
 </plist>
diff --git a/JSON Formatter.safariextension/formattedJSON.js b/JSON Formatter.safariextension/formattedJSON.js
@@ -10,7 +10,11 @@
       }
       // attempt to parse the body as JSON
       try {
-        var obj = JSON.parse( document.body.textContent
+        var content = document.body.textContent;;
+        var startAt = formatJSON._firstJSONCharIndex( content );
+        content = content.substring(startAt);
+
+        var obj = JSON.parse( content
           .split( "\\" ).join( "\\\\" ) // double-up on escape sequences
           .split( '\\\"' ).join( "\\\\\"" ) // at this point quotes have been unescaped.  re-escape them.
         );
@@ -170,7 +174,21 @@
           el.className += " " + t;
           return el;
       }
+    },
+
+    _firstJSONCharIndex: function ( s ) {
+      var arrayIdx = s.indexOf('[');
+      var objIdx = s.indexOf('{');
+      var idx = 0;
+      if (arrayIdx != -1) {
+        idx = arrayIdx;
+      }
+      if (objIdx != -1) {
+        idx = Math.min(objIdx, idx);
+      }
+      return idx;
     }
+
   };
 
   // initialize!