Reputation: 297
what is this facebook code?
Inspecting what facebook is doing in my navigator, I see this code:
for (;;);{"t":"refresh"}
If you try to evaluate it, you can figure what happens (infinite loop).
Do you Know what it is?
Upvotes: 2
Views: 200
Answers (1)
Reputation: 38046
Am I correct if this was inside the response from an ajax call?
This is a one of the strategies employed to avoid XSS when dynamically adding scripts that contain user-specific content.
If it had not been here, an [evil] page could have requested this script inside a regular script tag, and have access to the methods and objects defined by it.
The code loading this script from Facebook using xhr will remove the first section before evaluating it to get its content. It this case the result would be {"t":"refresh"}.
A script from a different domain is not able to do this.
Upvotes: 5
Related Questions
- What is this weird script I found on facebook?
- The following JavaScript code relate to Facebook
- Could someone explain this facebook script? XSS?
- How Can This Unnamed Function Be Called?
- Explanation of Facebook spam code
- What does this function do in Facebook's JavaScript source?
- what does it do? (function(){...}());
- What does this JS code do?
- What exactly does this piece of JavaScript do?
- What does this code do?