JSON Vulnerability Protection - asp.net MVC and angular

Question

I was reading the documentation for the $HTTP service on Angular JS and noticed the section "JSON Vulnerability Protection". in MVC 5, how can I add the string ")]}',\n" in front of the JSON response or is it even needed?

Answer 1

According to the article here there are two ways alternative ways to prevent it:

1. Wrap JSON arrays into an JSON object.

   Instead of ["a", "b"] return {data: ["a", "b"]}

2. Only response to HTTP POSTs. This is the default behaviour of JsonResult in MVC

I believe that implementing Cross Site Request Forgery (XSRF) Protection would also prevent JSON Vulnerability since XSRF ensures that only you can make the JSON request.

If you still want to implement the recommendation by AngularJS, you must implement your own JsonResult. See the JsonResult source code here: