While surfing facebook and using the Firebug network debugger I noticed that facebook's AJAX responses all start with an empty for loop.
Example:
for(;;);{...}
Does anyone know why this is done? I assume it's to prevent some sort of XSS attack but I don't totally understand. Thanks!
While surfing facebook and using the Firebug network debugger I noticed that facebook's AJAX responses all start with an empty for loop.
Example:
for(;;);{...}
Does anyone know why this is done? I assume it's to prevent some sort of XSS attack but I don't totally understand. Thanks!
Share Improve this question asked Jun 17, 2010 at 1:49 celticpridecelticpride 5161 gold badge5 silver badges9 bronze badges 2- Looks like it tries to hang the JS engine if the response is eval'd. Probably to make users of the Facebook API use their JSON-parsing library instead of eval? – strager Commented Jun 17, 2010 at 1:51
- 2 Possible duplicate of Why does Google prepend while(1); to their JSON responses? – gengkev Commented Feb 19, 2016 at 2:32
1 Answer
Reset to default 11Like google's
while(1);
it done for preventing of including this in <script> with further using the data