Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Inspecting what facebook is doing in my navigator, I see this code:
for (;;);{"t":"refresh"}
If you try to evaluate it, you can figure what happens (infinite loop).
Do you Know what it is?
Am I correct if this was inside the response from an ajax call?
This is a one of the strategies employed to avoid XSS when dynamically adding scripts that contain user-specific content.
If it had not been here, an [evil] page could have requested this script inside a regular script tag, and have access to the methods and objects defined by it.
The code loading this script from Facebook using xhr will remove the first section before evaluating it to get its content. It this case the result would be
{"t":"refresh"}.A script from a different domain is not able to do this.