Why does Google append while(1); in front of their JSON responses?
Posted
by Andrew Koester
on Stack Overflow
See other posts from Stack Overflow
or by Andrew Koester
Published on 2010-04-19T18:00:09Z
Indexed on
2010/04/19
18:03 UTC
Read the original article
Hit count: 229
This is something I've always been curious about, is exactly why Google appends while(1); in front of their (private) JSON responses.
For example, here's a response while turning a calendar on and off in Google Calendar:
while(1);[['u',[['smsSentFlag','false'],['hideInvitations','false'],['remindOnRespondedEventsOnly','true'],['hideInvitations_remindOnRespondedEventsOnly','false_true'],['Calendar ID stripped for privacy','false'],['smsVerifiedFlag','true']]]]I would assume this is to prevent people from doing an eval() on it, but all you'd really have to do is replace the while and then you'd be set. I would assume eval prevention is to make sure people write safe JSON parsing code.
I've seen this used in a couple other places, too, but a lot more so with Google (Mail, Calendar, Contacts, etc.) Strangely enough, Google Docs starts with &&&START&&& instead, and Google Contacts seems to start with while(1); &&&START&&&.
Does anyone know what's going on here?
© Stack Overflow or respective owner
