Kilise Kilise - 2 months ago 6
Javascript Question

Securing JSON response through ajax in javascript (for(;;);)

I've been reading and I know there are similar questions, but I found no answer of what I'm looking for.

So it's about, for(;;); while(1); before the json string is outputted by an Ajax response.

Now what I wonder is how will this work? I'd like to try to use the same technique as many famous sites does like Facebook with for(;;);

So in the ajax.php file this is what I think has to be done:

ajax.php

$arr = array("value" => "something", "moreValues" => "moreSomething");
die("for(;;);".json_encode($arr));


Now the respone would be:

for(;;);{"value":"something","moreValues":"moreSomething"}


What shall I do with this string now? shall i remove for(;;); with a substr or something and then use JSON.parse(string); (Then why did I even send the for(;;); in the response if i'm going to remove it directly..?

And how will this help me with security issues, and how will a "user" enter the infinity loop for(;;); if something is wrong?

I know I am missing something, and I haven't found any example which demonstrates how to perform this. Anyone? And please if you find this question as a duplicate, please refer to an example where it's demonstrated in CODE not in words. Thanks!

Answer

I solved this with some simple Javascript, that might be used like this:

$.ajax({
    url: mylink',
    type: 'post',
    complete: function(){
        self.removeAttr('disabled');    
        removeLoading();
    },
    success: function(data){
        s1 = new handleData(data);
        if(s1.getError()){
            return setMsgPopup(s1.getError(),1);
        }

        arr = s1.getResult();

    }
});

Here is the handleData class:

var handleData = (function(){
    var result=false;
    var error=false;
    var objSize=0;

    var handleData = function(data){
        fixedData = data;
        arr = data.split('for (;;);'); 

        if(!arr[1]){
            this.result = false;
        }else{
            fixedData = arr[1];
        }

        try{
            this.result = JSON.parse(fixedData);
        }catch(e){
            this.result = false;
        }

        if(this.result){
            if(this.result['t'] == undefined){
                if(this.result['error'] != undefined)
                    this.setError(this.result['msg']);
                else
                    this.setError("An error have occured.");
            }
            if(this.result['error'] != undefined)
                this.setError(this.result['msg']);

            if(this.result['t'])
                delete this.result['t'];            
        }else
            this.setError("An error have occured.");

        this.setSize();
    };

    handleData.prototype.setError = function(msgError){
        this.error = msgError;
    };

    handleData.prototype.getError = function(){
        return this.error;
    };

    handleData.prototype.getResult = function(){
        return this.result;
    };

    handleData.prototype.setSize = function(){
        if(!this.result)
            return;

        var size =0;
        for(key in this.result) {
            if(this.result.hasOwnProperty(key))
                size++;
        }
        this.objSize = size;
    }

    handleData.prototype.getSize = function(){
        return this.objSize;
    };

    return handleData;
})();

Notice this code is old as the question itself. It could be done better, but this is how I fixed it that time.

Comments