cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Venkatesh Laguduva <lbvenkat...@gmail.com>
Subject JSON Vulnerability Protection in CXF REST
Date Wed, 14 Sep 2016 13:58:16 GMT
I am using AngularJS for the UI and CXF for RESTful services; as part of
securing my webapp, I am trying to code for "JSON Vulnerability
Protection"; AngularJS document is asking us to prefix certain characters
to the JSON responses :

extract from AngularJS Document: For example if your server needs to return:

['one','two'] which is vulnerable to attack, your server can return:

)]}', ['one','two'] Angular will strip the prefix, before processing the
JSON.

To do this, I tried unsuccessfully to add ')]}' in an out interceptor but
the content in that cxf message is still object, not yet marshalled into
string - so I am wondering what could be the best place to do this
prefixing.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message