Thanks Sergey! I have implemented JAX-RS WriterInterceptor and provided as a provioder in my blueprint and I could get what I required.
Thanks Venkatesh Laguduva On Wed, Sep 14, 2016 at 9:48 PM, Sergey Beryozkin <[email protected]> wrote: > Hi > > You can write a custom JSON JAX-RS MessageBodyWriter - ex, by extending > CXF JSONProvider or Jackson and overriding writeTo(...) - you'd push this > prefix to the output stream first and then delegate to the super.writeTo. > > Or may be a much simpler option is to register JAX-RS WriterInterceptor > and only write the prefix from it. I might consider adding such a helper > writer to CXF > > Or you can register a CXF Out interceptor with any phase which is earlier > than Phase.MARSHALL which is where CXF JAXRSOutInterceptor sits. Even > Phase.MARSHALL will do for your custom interceptor, it will run first > because it is a custom interceptor. > > HTH, Sergey > > > On 14/09/16 14:58, Venkatesh Laguduva wrote: > >> I am using AngularJS for the UI and CXF for RESTful services; as part of >> securing my webapp, I am trying to code for "JSON Vulnerability >> Protection"; AngularJS document is asking us to prefix certain characters >> to the JSON responses : >> >> extract from AngularJS Document: For example if your server needs to >> return: >> >> ['one','two'] which is vulnerable to attack, your server can return: >> >> )]}', ['one','two'] Angular will strip the prefix, before processing the >> JSON. >> >> To do this, I tried unsuccessfully to add ')]}' in an out interceptor but >> the content in that cxf message is still object, not yet marshalled into >> string - so I am wondering what could be the best place to do this >> prefixing. >> >> > > -- > Sergey Beryozkin > > Talend Community Coders > http://coders.talend.com/ >
