Do you prefer to wrap JSON arrays in another JSON object or always require POST to prevent JSON Hijacking?



I recently started looking into building web applications using .NET MVC and I stumbled upon this blog post by Phil Haack: JSON Hijacking. For those of you who aren't aware of this vulnerability when using JSON to transfer sensitive data it's really a must read.


It seems that there are three ways to handle this vulnerability.


Require a POST instead of GET in your JSON service.
Wrap your JSON array responses in a JSON object.
Don't expose sensitive data in any service that isn't protected by 1 or 2.

The third alternative isn't really an option since it really limits the use of JSON.


So wich o


Related to : Do you prefer to wrap JSON arrays in another JSON object or always require POST to prevent JSON Hijacking?
Json: How to extract inner Json objects from a single outer Json object using java
Development Tools & Services

I have the following Json string, resulting from a google search query:


{"responseData":{"results":[{"region":"IL","streetAddress":"1611 South Randall Road","titleNoFormatting":"Brunswick Zone XL Randall Road","staticMapUrl":"http://maps.google.com/maps/api/staticmap?maptype=roadmap&format=gif&sensor=false&size=150x100&zoom=13&markers=42.162958,-88.334155","listingType":"local","addressLines":["1611 South Randall Road","Algonquin, IL"],"lng":"-88.334155","phoneNumbers":[{"type":"","number":"(847) 658-2257"}],"url":"http://www.google.com/maps/place?source=uds&q=brunswick+zone&cid=8286591317090502839","country":"United States","city":"Algon
How to get the list of all tag names of json arrays within a json object in android/java
Development Tools & Services

I have a small problem parsing json response because it constantly keeps on getting updated whenever i send a request.All the examples I have seen makes us provide the tag name. My question is that I am trying to parse data from a request sent through an API and I want to list out all the tags of all JSON Arrays existing within a JSON Object before I start parsing. Is it possible in android. http://api.yamgo.tv/channel?apiKey=187abeefc53f900600dc0fc5b8f913a0&token=892e069fa48eead5e7f84cddafe7f0ba
This is the request I am sending and it gives me a json response. which has channels as a json object and within it many json arrays with tags like bollywood, entertainment, music,etc.

Clojure ring wrap-json-params messing up JSON arrays
Development Tools & Services

I'm currently doing some REST API stuff in clojure, and I am using the ring.middleware.format library with compojure to transform JSON to and from clojure data structures.


I am having a huge issue, in that and JSON posted to the ring app will have all arrays replaced with the first item that was in the array. I.E. it will turn this JSON posted to it from


{
"buyer":"Test Name",
"items":[
{"qty":1,"size":"S","product":"Red T-Shirt"},
{"qty":1,"size":"M","product":"Green T-Shirt"}
],
"address":"123 Fake St",
"shipping":"express"
}

to thi

Do you prefer to wrap JSON arrays in another JSON object or always require POST to prevent JSON Hijacking?
Development Tools & Services

I recently started looking into building web applications using .NET MVC and I stumbled upon this blog post by Phil Haack: JSON Hijacking. For those of you who aren't aware of this vulnerability when using JSON to transfer sensitive data it's really a must read.


It seems that there are three ways to handle this vulnerability.


Require a POST instead of GET in your JSON service.
Wrap your JSON array responses in a JSON object.
Don't expose sensitive data in any service that isn't protected by 1 or 2.

The third alternative isn't really an option since it really limits the use of JSON.


So wich o

Using getJSON to post JSON object to PHP page and also retrieve a JSON object
Development Tools & Services

I am trying to build an HTML5 application that heavily leverages JSON for data access. In several instances, I would like to use the getJSON object (using JavaScript and JQuery) to post a JSON object to a PHP page. That PHP page will then grab the JSON object, do some business logic, and then return a separate JSON object to the calling page.


I can get a valid JSON object returned to the calling page, but I can't seem to grab the JSON object that I passed in the original request. I've tried $_GET, $_POST and several other options. All to no avail.


Here is my code on the original page. It is very simple - when a user clicks the button we do an

how to parse some json objects and json arrays from url contaning lot of JSON data?
Development Tools & Services
I hava a URL/ Restful service which generate lot of JSON Data ,.. so i want to parse some of the contents and display them in android ,...for example ...{ "returnCode": "success", "RecievedData": { "results": [ {"details": [ { "moredetails": [{ "id": "123456", "price": "129.99", "recorded_at": 3223322, "lastrecorded_at": 0002020, "seller": "google", "availability": "Available", "currency": "USD" . . . }], "offers

Privacy Policy - Copyrights Notice - Feedback - Report Violation - RSS 2017 © bighow.org All Rights Reserved .