admin管理员组

文章数量:1323157

I noticed an empty ment block in JSONP output returned by facebook graph api for all methods.

URL that I called :

;callback=theGreatFunction

The JSONP output is :

/**/ theGreatFunction({
   "data": [
      {
         "name": "First Friend",
         "id": "XXXX"
      },
      {
         "name": "Second Friend",
         "id": "XXXXXX"
      },
     ........

My question is : What does the empty ment block /* */ before the callback function signify ? Does it have a peculiar purpose ? Does it fix any known javascript gotcha ?

I noticed an empty ment block in JSONP output returned by facebook graph api for all methods.

URL that I called :

https://graph.facebook./NUMERIC_FACEBOOK_ID/friends?access_token=ACCESS_TOKEN_STRING&callback=theGreatFunction

The JSONP output is :

/**/ theGreatFunction({
   "data": [
      {
         "name": "First Friend",
         "id": "XXXX"
      },
      {
         "name": "Second Friend",
         "id": "XXXXXX"
      },
     ........

My question is : What does the empty ment block /* */ before the callback function signify ? Does it have a peculiar purpose ? Does it fix any known javascript gotcha ?

Share edited Nov 7, 2011 at 9:25 DhruvPathak asked Nov 7, 2011 at 9:10 DhruvPathakDhruvPathak 43.3k17 gold badges124 silver badges179 bronze badges
Add a ment  | 

2 Answers 2

Reset to default 15

We added this to protect against an attack where a third party site bypasses the content-type of the response by doing:

<object type="application/x-shockwave-flash"
 data="http://graph.facebook.?callback=[specifically crafted flash bytes]">
</object>

Google does something similar, except they use //... + \n (e.g. http://www.google./calendar/feeds/[email protected]/public/full?alt=json&callback=foo)

Could be some kind of seperator to have a fixed start. I guess Facebook had a reason to but it there but we can only guess and it does not really matter does it? :)

本文标签: