Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
--- jquery.1.7.1.js 2011-11-29 11:11:43.000000000 -0700
+++ jquery.1.7.1.patched.js 2011-11-29 11:11:21.000000000 -0700
@@ -560,6 +560,9 @@
// Make sure leading/trailing whitespace is removed (IE can't handle it)
data = jQuery.trim( data );
+ // Remove any prefixing while(1);, which is protection against CSRF
+ data = data.replace(/^while\(1\);/, "");
+
// Attempt to parse using the native JSON parser first
if ( window.JSON && window.JSON.parse ) {
return window.JSON.parse( data );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment