How can I prepend “while(1);” to a Json Result?

Question

I've been reading about Preventing the Execution of Unauthorized Script in JSON, and i want to use this practice.

The problem is that i don't know how can i do this.

My json result is like this

return Json(new { elements = elements }, JsonRequestBehavior.AllowGet);

I tryied

return Json(new { "while(1);", elements = elements }, JsonRequestBehavior.AllowGet);

and it doesn't work.

How can i do this?

Answer 1

That's a good way to make your JSON invalid. You should instead focus on how you are parsing your JSON data. If you don't use eval to begin with, this won't be an issue. Invest in learning to use a framework such a jQuery. I believe jQuery avoids using eval altogether, meaning that it is safe for use even when malicious users attempt to inject scripts.

I would be quite surprised if GMail actually uses that technique to this day.

That being said, you are looking for either eval or JSON.Parse.