I am using AngularJS for the UI and CXF for RESTful services; as part of securing my webapp, I am trying to code for "JSON Vulnerability Protection"; AngularJS document is asking us to prefix certain characters to the JSON responses :
extract from AngularJS Document: For example if your server needs to return: ['one','two'] which is vulnerable to attack, your server can return: )]}', ['one','two'] Angular will strip the prefix, before processing the JSON. To do this, I tried unsuccessfully to add ')]}' in an out interceptor but the content in that cxf message is still object, not yet marshalled into string - so I am wondering what could be the best place to do this prefixing.
