There exist an AJAX vulnerability in Javascript. An attacker can execute the JSON responses of an AJAX request as Javascript. Angular mitigates the problem, by accepting malformed JSON that can never be executed.
Angular accepts the following malformed JSON: The string ")]}',\n" prepended to regular JSON. For example:
There exist an AJAX vulnerability in Javascript. An attacker can execute the JSON responses of an AJAX request as Javascript. Angular mitigates the problem, by accepting malformed JSON that can never be executed.
Angular accepts the following malformed JSON: The string
")]}',\n"
prepended to regular JSON. For example:There exists a Django middleware to create these malformed, but safe, JSON responses: https://github.com/appliedsec/djangular#enabling-csrf-protection-in-angularjs-templates
AngularJS documentation (JSON Vulnerability Protection) https://docs.angularjs.org/api/ng/service/$http#json-vulnerability-protection
Stacoverflow (answer 2) https://stackoverflow.com/questions/28700626/why-do-i-get-loose-closing-brackets-for-my-django-rest-framework-endpoint