Home/ Questions/Q 6474251
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T06:33:56+00:00

I’ve created a simple C# asp.net web service function which returns a string message

  • 0

I’ve created a simple C# asp.net web service function which returns a string message
and I am calling it from page using jquery ajax.

C#:

[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Json)]
public string HelloWorld() {
    return DateTime.Now.ToString();
}

JS:

    $(document).ready(function() {
    //alert("ready");
        $.ajax({
            type: "POST",
            contentType: "application/json; chatset=utf-8",
            url: "WebService2.asmx/HelloWorld",
            data: "{}",
            dataType: "json",
            success: function(msg) {
                //alert(msg); //doesnt works
                alert(msg.d);
            }
        });
    });

My question is that why does alert(msg); doesnt works

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s a security hardening mechanism.

    Essentially, it helps protecting against CSRF type of attacks where the attacker reads a JavaScript array (downloaded as Json) from a victim website. They can do that by overriding JavaScript’s Array type. d causes the returned Json to not be an array and thus turns Array overriding useless for the attacker.

    See this great blog post: http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx

    • 0