Reputation: 13
JSON Vulnerability Protection Filter in Web Api
I have an application in ASP.NET Web Api with AngularJS and I want to resolve the json vulnerability issue. I read the Phil Haack's article.
In the project I want to serialize a class object into JSON format using the JsonConvert class.
I read Sean Kenny's solution, but doesn't work because jsonwriter from json.net library can't serialize an invalid json format.
Can somebody give me a hint or what I can use to obtain a serialized json with string ")]}',\n" in front the json response?
Upvotes: 0
Views: 945
Answers (1)
Reputation: 4269
"...make sure that your JSON service always returns its response as a non-array JSON object" - Phil Haack.
Simply return your JSON as an object, not an array. You don't need to prepend those special characters. In other words, if your data is an array, like [1, 2, 3, 4], don't return the array. Instead wrap it in an object and return the object, { d: [1, 2, 3, 4] }.
However, if you feel really strongly about prepending those special characters, then just concatenate it. JsonConvert.SerializeObject() returns a string, so...
return ")]}',\n" + JsonConvert.SerializeObject(data);
But, in my opinion, that's unnecessary.
Upvotes: 2
Related Questions
- C# Web API Method Json Serialized
- How to avoid JSON deserialize / serialize in Web API?
- Web API filtering model properties
- JSON.NET - Ignore properties for serialization
- Right way to return JSON from Asp.net web api 2 filter attribute response
- conditionally ignore property serialization
- Web API, How to Override JSON Serialization For Specific DataType?
- Ignore c# fields dynamically from Json Serialize
- Validating JSON before it gets deserialized in asp.net web api
- Dynamic json serialization filtering via reflection