javascript - Empty "for" loop in Facebook ajax - Stack Overflow

While surfing facebook and using the Firebug network debugger I noticed that facebook's AJAX responses all start with an empty for loop.

Example:

for(;;);{...}

Does anyone know why this is done? I assume it's to prevent some sort of XSS attack but I don't totally understand. Thanks!

While surfing facebook and using the Firebug network debugger I noticed that facebook's AJAX responses all start with an empty for loop.

Example:

for(;;);{...}

Does anyone know why this is done? I assume it's to prevent some sort of XSS attack but I don't totally understand. Thanks!

• javascript
• ajax
• facebook

Share Improve this question Follow asked Jun 17, 2010 at 1:49 celticpridecelticpride 51611 gold badge55 silver badges99 bronze badges 2

• Looks like it tries to hang the JS engine if the response is eval'd. Probably to make users of the Facebook API use their JSON-parsing library instead of eval? – strager Commented Jun 17, 2010 at 1:51
• 2 Possible duplicate of Why does Google prepend while(1); to their JSON responses? – gengkev Commented Feb 19, 2016 at 2:32

Add a ment  | 

1 Answer 1

Sorted by: Reset to default 11

Like google's

while(1);

it done for preventing of including this in <script> with further using the data