Databases
StackOverflow2013
Postsdbo
POSpring JSON tainting response from JacksonMessageConverter
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSpring JSON tainting response from JacksonMessageConverter
    text
    copied!<p>I have a JacksonMessageConverter in my Spring application for returning JSON response. But before the JSON is returned, I would like to taint the JSON as given in <a href="http://books.google.com/books?id=AIm_LV5a528C&amp;pg=PT204&amp;lpg=PT204&amp;dq=json%20tainting&amp;source=bl&amp;ots=W2JbKZtaDk&amp;sig=WRPejR2QHALjXOxkvanpwJRgT-E&amp;hl=en&amp;sa=X&amp;ei=sUZiT4GrMYnLtgfkhKCDCw&amp;ved=0CCwQ6AEwAQ#v=onepage&amp;q=json%20tainting&amp;f=false" rel="nofollow noreferrer">Ajax Security - Preventing JSON hijacking</a>. Is it possible to do so when using a message converter?</p> <p><strong>Update</strong></p> <p>Am looking for a solution similar to this <a href="https://stackoverflow.com/questions/4440607/spring-prefixjson-with-responsebody">spring prefixjson with responsebody</a> but I already have the configuration set up correctly. PFB</p> <pre><code>&lt;bean id="jacksonMessageConverter" class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter"&gt; &lt;property name="prefixJson" value="true" /&gt; &lt;property name="supportedMediaTypes" value = "text/plain;charset=UTF-8" /&gt; &lt;/bean&gt; &lt;bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"&gt; &lt;property name="messageConverters"&gt; &lt;list&gt; &lt;ref bean="jacksonMessageConverter"/&gt; &lt;/list&gt; &lt;/property&gt; &lt;/bean&gt; </code></pre> <p>But still the returned JSON is not prefixed with "&amp;&amp;{}".</p> <p>NOTE : I would like to use a different prefix for the JSON as explained in <a href="http://books.google.com/books?id=AIm_LV5a528C&amp;pg=PT204&amp;lpg=PT204&amp;dq=json%20tainting&amp;source=bl&amp;ots=W2JbKZtaDk&amp;sig=WRPejR2QHALjXOxkvanpwJRgT-E&amp;hl=en&amp;sa=X&amp;ei=sUZiT4GrMYnLtgfkhKCDCw&amp;ved=0CCwQ6AEwAQ#v=onepage&amp;q=json%20tainting&amp;f=false" rel="nofollow noreferrer">Ajax Security - Preventing JSON hijacking</a> but even the default support provided in Jackson does not seem to work. Any ideas?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload