问题
I've using Spring/AngularJS and to prevent JSON vulnerability, I'm trying to prefix all JSON array responses with ")]}',\n" - see reference.
I was able to prefix by
<mvc:annotation-driven>
<mvc:message-converters>
<bean id="mappingJackson2HttpMessageConverter" class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter" >
<property name="jsonPrefix" value=")]}',\n" />
</bean>
</mvc:message-converters>
</mvc:annotation-driven>
But the problem is it's prefixing all JSON responses with ")]}',\n" and I only need to prefix the JSON arrays. Is there a way I could only set the prefix for JSON array responses? Thanks.
回答1:
Instead of having a prefix which basically makes your response invalid JSON consider returning a object instead of an array. This will mitigate the attack vector as well.
{d: [1,2,3,4]}
来源:https://stackoverflow.com/questions/25249113/prefixing-json-in-mappingjackson2httpmessageconverter