I'm playing firebug with Google Calendar. I happens to find that some XHR request has response like below:
while(1);[['us','bW9yZ2FuLmNoZW5nbW9AZ21haWwuY29t 20090320/20090904 63378122163']]
It looks like a JSON with prefix dead-loop javascript statements.
I'm not sure why Google Calendar has such kind of XHR response. Is there any known AJAX practice about this?
This is to ensure some other site can't do nasty tricks to try to steal your data. For example, by replacing the array constructor, then including this JSON URL via a <script> tag, a malicious third-party site could steal the data from the JSON response. By putting a while(1); at the start, the script will crash instead.
A same-site request using XHR and a seperate JSON parser, on the other hand, can easily ignore the while(1); prefix.