Why does Google append while(1); in front of their JSON responses?

Posted by Andrew Koester on Stack Overflow See other posts from Stack Overflow or by Andrew Koester
Published on 2010-04-19T18:00:09Z Indexed on 2010/04/19 18:03 UTC
Read the original article Hit count: 233

Filed under:
|
|
|

This is something I've always been curious about, is exactly why Google appends while(1); in front of their (private) JSON responses.

For example, here's a response while turning a calendar on and off in Google Calendar:

while(1);[['u',[['smsSentFlag','false'],['hideInvitations','false'],['remindOnRespondedEventsOnly','true'],['hideInvitations_remindOnRespondedEventsOnly','false_true'],['Calendar ID stripped for privacy','false'],['smsVerifiedFlag','true']]]]

I would assume this is to prevent people from doing an eval() on it, but all you'd really have to do is replace the while and then you'd be set. I would assume eval prevention is to make sure people write safe JSON parsing code.

I've seen this used in a couple other places, too, but a lot more so with Google (Mail, Calendar, Contacts, etc.) Strangely enough, Google Docs starts with &&&START&&& instead, and Google Contacts seems to start with while(1); &&&START&&&.

Does anyone know what's going on here?

© Stack Overflow or respective owner

Related posts about google

Related posts about JSON