search

luyadev / luya

LUYA is a scalable web framework and content management system with the goal to please developers, clients and users alike.
https://luya.io
MIT License
812 stars 207 forks source link

Json API unparseable cruft #1789

Closed nadar closed 6 years ago

nadar commented 6 years ago

Every json api response should be preprended by a unparseable cruft.

example 1 throw 1; <dont be evil> { foo: bar} example 2 for(;;); { foo: bar }

infos: http://blog.portswigger.net/2016/11/json-hijacking-for-modern-web.html

luya-bot commented 6 years ago

Issue moved to https://github.com/luyadev/luya-module-admin/issues/93