What is the purpose of adding "for (;;);" to the response for JSONP requests? E.g. a response like this:
for (;;);{a:...} (where {a:...} - a JSON string)
What is the difference between passing just {a:...} (if there is any).
Asked
Active
Viewed 143 times
1
-
It locks up people who suck down jsonp data with bad/brain-dead handlers. – Marc B Aug 08 '12 at 18:54
1 Answers
1
You find the answer here on SO.
I'll summarize it: The infinite loop restricts access to the JSON data to your own domain. You can load the script on your own site via XMLHttpRequest and remove the loop before using/executing the data/script. The loop prevents cross-domain requests though as these would have to use a <script> node and thus the loop would be executed.
Note that this doesn't work if someone loads the JSON data/script on a server which can remove the loop and then send the data to the client.
