0

I am using struts2 jquery grid in my current project.The dataType used in jquery grid is json. Everything works like charm. There was a security audit of my application and they pinpointed the JSON Hijacking vulnerability. I searched the internet for mitigating the json hijacking in general & solution in struts2. I quite fing good documentation. Json Hijacking

Prevent Struts2 from JSON Hijacking

I used the prefix param set to true in json result type in struts.xml. All is working fine , i got the json data prefixed with {}&&. As described in Link 2 this is used to mitigate the json hijacking.

The problem i faced is that jQuery Grid is not able to load Data.

My struts.xml

<action name="myjson" class="action.JsonTable">
<result type="json">
<param name="prefix">true</param>
</result>

The grid is not able to populate.Wen i remove <param name="prefix">true</param> from the action defnition, everything works fine. But it is vulnerable :(

Jibran
  • 873
  • 7
  • 12
  • The plugin loads it just fine, you need to post the code that shows the error you made. – Roman C Apr 22 '14 at 11:30
  • @Roman There is no error.The grid does not get populated when i use prefix param in json result type. – Jibran Apr 23 '14 at 04:45

0 Answers0