{"id":477747,"date":"2023-08-09T09:19:35","date_gmt":"2023-08-09T09:19:35","guid":{"rendered":""},"modified":"2023-09-05T11:15:18","modified_gmt":"2023-09-05T11:15:18","slug":"json-hijacking","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/ar\/wiki\/json-hijacking\/","title":{"rendered":"\u0627\u062e\u062a\u0637\u0627\u0641 JSON"},"content":{"rendered":"

\u0627\u062e\u062a\u0637\u0627\u0641 JSON\u060c \u0648\u0627\u0644\u0645\u0639\u0631\u0648\u0641 \u0623\u064a\u0636\u064b\u0627 \u0628\u0627\u0633\u0645 "\u0627\u062e\u062a\u0637\u0627\u0641 JavaScript Object Notation"\u060c \u0647\u0648 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062a\u0624\u062b\u0631 \u0639\u0644\u0649 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u062e\u062f\u0645 JSON (JavaScript Object Notation) \u0643\u062a\u0646\u0633\u064a\u0642 \u0644\u062a\u0628\u0627\u062f\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a. \u062a\u0633\u0645\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0633\u0631\u0642\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0645\u0646 \u0645\u062a\u0635\u0641\u062d \u0627\u0644\u0636\u062d\u064a\u0629 \u0639\u0646\u062f\u0645\u0627 \u0644\u0627 \u064a\u0643\u0648\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0645\u0624\u0645\u0646\u064b\u0627 \u0628\u0634\u0643\u0644 \u0635\u062d\u064a\u062d \u0636\u062f \u0645\u062b\u0644 \u0647\u0630\u0647 \u0627\u0644\u0647\u062c\u0645\u0627\u062a. \u064a\u0633\u062a\u063a\u0644 \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0646\u0641\u0633\u0647\u060c \u0648\u0647\u0648 \u0625\u062c\u0631\u0627\u0621 \u0623\u0645\u0646\u064a \u064a\u0645\u0646\u0639 \u0635\u0641\u062d\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0645\u0646 \u062a\u0642\u062f\u064a\u0645 \u0637\u0644\u0628\u0627\u062a \u0625\u0644\u0649 \u0646\u0637\u0627\u0642 \u0645\u062e\u062a\u0644\u0641 \u0639\u0646 \u0627\u0644\u0646\u0637\u0627\u0642 \u0627\u0644\u0630\u064a \u064a\u062e\u062f\u0645 \u0635\u0641\u062d\u0629 \u0627\u0644\u0648\u064a\u0628.<\/p>\n

\u062a\u0627\u0631\u064a\u062e \u0623\u0635\u0644 \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0648\u0623\u0648\u0644 \u0630\u0643\u0631 \u0644\u0647.<\/h2>\n

\u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u0648\u062a\u0648\u062b\u064a\u0642 \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0644\u0623\u0648\u0644 \u0645\u0631\u0629 \u0628\u0648\u0627\u0633\u0637\u0629 Jeremiah Grossman \u0641\u064a \u0639\u0627\u0645 2006. \u0648\u0641\u064a \u0628\u062d\u062b\u0647\u060c \u0648\u062c\u062f \u0623\u0646 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u062e\u062f\u0645 \u0627\u0633\u062a\u062c\u0627\u0628\u0627\u062a JSON \u0643\u0627\u0646\u062a \u0639\u0631\u0636\u0629 \u0644\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0628\u0633\u0628\u0628 \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u0637\u0631\u064a\u0642\u0629 \u0642\u064a\u0627\u0633\u064a\u0629 \u0644\u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u0646\u0647\u0627. \u0644\u0641\u062a \u0627\u0644\u0630\u0643\u0631 \u0627\u0644\u0623\u0648\u0644 \u0644\u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0627\u0644\u0627\u0646\u062a\u0628\u0627\u0647 \u0625\u0644\u0649 \u0627\u0644\u0645\u062e\u0627\u0637\u0631 \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629 \u0627\u0644\u0645\u0631\u062a\u0628\u0637\u0629 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 JSON \u0643\u062a\u0646\u0633\u064a\u0642 \u0644\u062a\u0628\u0627\u062f\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u062f\u0648\u0646 \u0627\u062a\u062e\u0627\u0630 \u0627\u0644\u062a\u062f\u0627\u0628\u064a\u0631 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0646\u0627\u0633\u0628\u0629.<\/p>\n

\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062a\u0641\u0635\u064a\u0644\u064a\u0629 \u062d\u0648\u0644 \u0627\u062e\u062a\u0637\u0627\u0641 JSON. \u062a\u0648\u0633\u064a\u0639 \u0645\u0648\u0636\u0648\u0639 \u0627\u062e\u062a\u0637\u0627\u0641 JSON.<\/h2>\n

\u064a\u062d\u062f\u062b \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0639\u0646\u062f\u0645\u0627 \u064a\u0642\u062f\u0645 \u062a\u0637\u0628\u064a\u0642 \u0648\u064a\u0628 \u0628\u064a\u0627\u0646\u0627\u062a JSON \u062f\u0648\u0646 \u062a\u0646\u0641\u064a\u0630 \u0622\u0644\u064a\u0627\u062a \u0627\u0644\u0623\u0645\u0627\u0646 \u0627\u0644\u0645\u0646\u0627\u0633\u0628\u0629\u060c \u0645\u062b\u0644 \u0645\u062c\u0645\u0651\u0639 \u0627\u0633\u062a\u062c\u0627\u0628\u0629 JSON \u0627\u0644\u0622\u0645\u0646. \u0639\u0627\u062f\u0629\u064b\u060c \u0639\u0646\u062f\u0645\u0627 \u062a\u0637\u0644\u0628 \u0635\u0641\u062d\u0629 \u0648\u064a\u0628 \u0628\u064a\u0627\u0646\u0627\u062a JSON \u0645\u0646 \u0627\u0644\u062e\u0627\u062f\u0645\u060c \u0641\u0625\u0646\u0647\u0627 \u062a\u062a\u0644\u0642\u0649 \u0643\u0627\u0626\u0646 JSON \u0634\u0631\u0639\u064a\u064b\u0627 \u064a\u0645\u0643\u0646 \u062a\u062d\u0644\u064a\u0644\u0647 \u0628\u0633\u0647\u0648\u0644\u0629 \u0648\u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647 \u0628\u0648\u0627\u0633\u0637\u0629 \u0643\u0648\u062f JavaScript \u0627\u0644\u0645\u0648\u062c\u0648\u062f \u0639\u0644\u0649 \u0627\u0644\u0635\u0641\u062d\u0629.<\/p>\n

\u0648\u0645\u0639 \u0630\u0644\u0643\u060c \u0641\u064a \u062d\u0627\u0644\u0629 \u0627\u062e\u062a\u0637\u0627\u0641 JSON\u060c \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0646\u0641\u0633\u0647 \u0644\u0633\u0631\u0642\u0629 \u0628\u064a\u0627\u0646\u0627\u062a JSON. \u064a\u062e\u062f\u0639 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u062a\u0635\u0641\u062d \u0627\u0644\u0636\u062d\u064a\u0629 \u0644\u062a\u0642\u062f\u064a\u0645 \u0637\u0644\u0628 \u0639\u0628\u0631 \u0627\u0644\u0623\u0635\u0644 \u0625\u0644\u0649 \u062e\u0627\u062f\u0645 \u0636\u0627\u0631 \u064a\u062a\u062d\u0643\u0645 \u0641\u064a\u0647 \u0627\u0644\u0645\u0647\u0627\u062c\u0645. \u0646\u0638\u0631\u064b\u0627 \u0644\u0623\u0646 \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0646\u0641\u0633\u0647 \u0644\u0627 \u062a\u0646\u0637\u0628\u0642 \u0639\u0644\u0649 \u0637\u0644\u0628\u0627\u062a JSON (\u0639\u0644\u0649 \u0639\u0643\u0633 \u0637\u0644\u0628\u0627\u062a Ajax \u0627\u0644\u062a\u0642\u0644\u064a\u062f\u064a\u0629)\u060c \u0641\u064a\u0645\u0643\u0646 \u0644\u0644\u062e\u0627\u062f\u0645 \u0627\u0644\u0636\u0627\u0631 \u062a\u0644\u0642\u064a \u0628\u064a\u0627\u0646\u0627\u062a JSON \u0645\u0628\u0627\u0634\u0631\u0629\u064b.<\/p>\n

\u0625\u0646 \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u0631\u0624\u0648\u0633 \u0623\u0645\u0627\u0646 \u0645\u0646\u0627\u0633\u0628\u0629 \u0623\u0648 \u0623\u063a\u0644\u0641\u0629 \u0627\u0633\u062a\u062c\u0627\u0628\u0629\u060c \u0645\u062b\u0644 "X-Content-Type-Options: nosniff" \u0623\u0648 "while(1);"\u060c \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u0646\u0641\u064a\u0630 \u0647\u062c\u0648\u0645 \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0646\u0627\u062c\u062d. \u0648\u0645\u0646 \u062e\u0644\u0627\u0644 \u0633\u0631\u0642\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629\u060c \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0623\u0646 \u064a\u0639\u0631\u0636\u0648\u0627 \u062e\u0635\u0648\u0635\u064a\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0648\u0623\u0645\u0627\u0646\u0647 \u0644\u0644\u062e\u0637\u0631.<\/p>\n

\u0627\u0644\u0647\u064a\u0643\u0644 \u0627\u0644\u062f\u0627\u062e\u0644\u064a \u0644\u0627\u062e\u062a\u0637\u0627\u0641 JSON. \u0643\u064a\u0641 \u064a\u0639\u0645\u0644 \u0627\u062e\u062a\u0637\u0627\u0641 JSON.<\/h2>\n

\u064a\u0633\u062a\u0647\u062f\u0641 \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0641\u064a \u0627\u0644\u0645\u0642\u0627\u0645 \u0627\u0644\u0623\u0648\u0644 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u062e\u062f\u0645 \u0627\u0633\u062a\u062c\u0627\u0628\u0627\u062a JSON \u062f\u0648\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062a\u0642\u0646\u064a\u0627\u062a \u0623\u0645\u0627\u0646 \u0645\u062d\u062f\u062f\u0629. \u064a\u062a\u0636\u0645\u0646 \u0627\u0644\u0647\u064a\u0643\u0644 \u0627\u0644\u062f\u0627\u062e\u0644\u064a \u0644\u0644\u0647\u062c\u0648\u0645 \u0627\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629:<\/p>\n

    \n
  1. \u064a\u0631\u0633\u0644 \u0645\u062a\u0635\u0641\u062d \u0627\u0644\u0636\u062d\u064a\u0629 \u0637\u0644\u0628\u064b\u0627 \u0644\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a JSON \u0625\u0644\u0649 \u062e\u0627\u062f\u0645 \u0627\u0644\u0648\u064a\u0628.<\/li>\n
  2. \u064a\u0639\u0627\u0644\u062c \u062e\u0627\u062f\u0645 \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u0637\u0644\u0628 \u0648\u064a\u0631\u0633\u0644 \u0628\u064a\u0627\u0646\u0627\u062a JSON \u0641\u064a \u0627\u0644\u0627\u0633\u062a\u062c\u0627\u0628\u0629.<\/li>\n
  3. \u064a\u062e\u062f\u0639 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u062a\u0635\u0641\u062d \u0627\u0644\u0636\u062d\u064a\u0629 \u0644\u062a\u0642\u062f\u064a\u0645 \u0637\u0644\u0628 \u0625\u0636\u0627\u0641\u064a \u0639\u0628\u0631 \u0627\u0644\u0623\u0635\u0644\u060c \u0648\u0627\u0644\u0630\u064a \u064a\u0648\u062c\u0647 \u0625\u0644\u0649 \u062e\u0627\u062f\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645.<\/li>\n
  4. \u064a\u0639\u062a\u0631\u0636 \u062e\u0627\u062f\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u062c\u0627\u0628\u0629 JSON \u0645\u0628\u0627\u0634\u0631\u0629 \u0645\u0646 \u0645\u062a\u0635\u0641\u062d \u0627\u0644\u0636\u062d\u064a\u0629 \u0646\u0638\u0631\u064b\u0627 \u0644\u0623\u0646 \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0646\u0641\u0633\u0647 \u0644\u0627 \u062a\u0646\u0637\u0628\u0642 \u0639\u0644\u0649 \u0637\u0644\u0628\u0627\u062a JSON.<\/li>\n
  5. \u064a\u062a\u0645\u062a\u0639 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u0622\u0646 \u0628\u0625\u0645\u0643\u0627\u0646\u064a\u0629 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a JSON \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0627\u0644\u062a\u064a \u0643\u0627\u0646 \u064a\u0646\u0628\u063a\u064a \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u064a\u0647\u0627 \u0641\u0642\u0637 \u0636\u0645\u0646 \u0646\u0637\u0627\u0642 \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0648\u064a\u0628.<\/li>\n<\/ol>\n

    \u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u0633\u0645\u0627\u062a \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629 \u0644\u0627\u062e\u062a\u0637\u0627\u0641 JSON.<\/h2>\n

    \u062a\u0634\u0645\u0644 \u0627\u0644\u0645\u064a\u0632\u0627\u062a \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629 \u0644\u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0645\u0627 \u064a\u0644\u064a:<\/p>\n

      \n
    • \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0646\u0641\u0633\u0647: \u064a\u0633\u062a\u0641\u064a\u062f \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0645\u0646 \u0625\u0639\u0641\u0627\u0621 \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0646\u0641\u0633\u0647 \u0644\u0637\u0644\u0628\u0627\u062a JSON\u060c \u0645\u0645\u0627 \u064a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0639\u062a\u0631\u0627\u0636 \u0627\u0633\u062a\u062c\u0627\u0628\u0627\u062a JSON.<\/li>\n
    • \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u0623\u063a\u0644\u0641\u0629 \u0627\u0633\u062a\u062c\u0627\u0628\u0629 \u0645\u0646\u0627\u0633\u0628\u0629: \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u0623\u063a\u0644\u0641\u0629 \u0627\u0633\u062a\u062c\u0627\u0628\u0629 JSON \u0622\u0645\u0646\u0629\u060c \u0645\u062b\u0644 "while(1);" \u0623\u0648 "X-Content-Type-Options: nosniff"\u060c \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u062a\u0631\u0643 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0639\u0631\u0636\u0629 \u0644\u0627\u062e\u062a\u0637\u0627\u0641 JSON.<\/li>\n
    • \u0627\u0644\u062a\u0631\u0643\u064a\u0632 \u0639\u0644\u0649 \u0646\u0642\u0627\u0637 \u0646\u0647\u0627\u064a\u0629 JSON: \u064a\u062a\u0645\u062d\u0648\u0631 \u0627\u0644\u0647\u062c\u0648\u0645 \u062d\u0648\u0644 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u062e\u062f\u0645 \u0646\u0642\u0627\u0637 \u0646\u0647\u0627\u064a\u0629 JSON \u0644\u062a\u0628\u0627\u062f\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.<\/li>\n<\/ul>\n

      \u0623\u0646\u0648\u0627\u0639 \u0627\u062e\u062a\u0637\u0627\u0641 JSON<\/h2>\n

      \u064a\u0645\u0643\u0646 \u062a\u0635\u0646\u064a\u0641 \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0625\u0644\u0649 \u0646\u0648\u0639\u064a\u0646 \u0631\u0626\u064a\u0633\u064a\u064a\u0646 \u0628\u0646\u0627\u0621\u064b \u0639\u0644\u0649 \u0627\u0644\u0623\u0633\u0627\u0644\u064a\u0628 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0629 \u0644\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0647\u062c\u0648\u0645:<\/p>\n

        \n
      1. \n

        \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0627\u0644\u0645\u0628\u0627\u0634\u0631:<\/strong> \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0646\u0648\u0639 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a\u060c \u064a\u062e\u062f\u0639 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u062a\u0635\u0641\u062d \u0627\u0644\u0636\u062d\u064a\u0629 \u0644\u0625\u0631\u0633\u0627\u0644 \u0637\u0644\u0628 JSON \u0645\u0628\u0627\u0634\u0631\u0629 \u0625\u0644\u0649 \u062e\u0627\u062f\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645. \u064a\u062a\u0644\u0642\u0649 \u062e\u0627\u062f\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0639\u062f \u0630\u0644\u0643 \u0628\u064a\u0627\u0646\u0627\u062a JSON \u0645\u0628\u0627\u0634\u0631\u0629 \u062f\u0648\u0646 \u0623\u064a \u062e\u0637\u0648\u0627\u062a \u0625\u0636\u0627\u0641\u064a\u0629.<\/p>\n<\/li>\n

      2. \n

        \u0627\u062e\u062a\u0637\u0627\u0641 JSONP (JSON \u0645\u0639 \u0627\u0644\u062d\u0634\u0648):<\/strong> JSONP \u0647\u064a \u062a\u0642\u0646\u064a\u0629 \u062a\u064f\u0633\u062a\u062e\u062f\u0645 \u0644\u0644\u062a\u063a\u0644\u0628 \u0639\u0644\u0649 \u0642\u064a\u0648\u062f \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0646\u0641\u0633\u0647 \u0644\u062a\u0642\u062f\u064a\u0645 \u0627\u0644\u0637\u0644\u0628\u0627\u062a \u0639\u0628\u0631 \u0627\u0644\u0623\u0635\u0644. \u0641\u064a \u0639\u0645\u0644\u064a\u0629 \u0627\u062e\u062a\u0637\u0627\u0641 JSONP\u060c \u064a\u062a\u0644\u0627\u0639\u0628 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0648\u0638\u064a\u0641\u0629 \u0631\u062f \u0627\u062a\u0635\u0627\u0644 JSONP \u0644\u062a\u0644\u0642\u064a \u0628\u064a\u0627\u0646\u0627\u062a JSON \u0648\u0631\u0628\u0645\u0627 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0633\u0627\u0633\u0629.<\/p>\n<\/li>\n<\/ol>\n

        \u064a\u0648\u062c\u062f \u0623\u062f\u0646\u0627\u0647 \u062c\u062f\u0648\u0644 \u0645\u0642\u0627\u0631\u0646\u0629 \u064a\u0633\u0644\u0637 \u0627\u0644\u0636\u0648\u0621 \u0639\u0644\u0649 \u0627\u0644\u0627\u062e\u062a\u0644\u0627\u0641\u0627\u062a \u0628\u064a\u0646 \u0646\u0648\u0639\u064a \u0627\u062e\u062a\u0637\u0627\u0641 JSON:<\/p>\n\n\n\n\n\n\n
        \u064a\u0643\u062a\u0628<\/th>\n\u0637\u0631\u064a\u0642\u0629<\/th>\n\u0645\u0632\u0627\u064a\u0627<\/th>\n\u0633\u0644\u0628\u064a\u0627\u062a<\/th>\n<\/tr>\n<\/thead>\n
        \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0627\u0644\u0645\u0628\u0627\u0634\u0631<\/td>\n\u064a\u0633\u062a\u063a\u0644 \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0646\u0641\u0633\u0647 \u0644\u0637\u0644\u0628\u0627\u062a JSON<\/td>\n\u0627\u0644\u0628\u0633\u0627\u0637\u0629 \u0641\u064a \u0627\u0644\u062a\u0646\u0641\u064a\u0630 \u0648\u0627\u0644\u0648\u0635\u0648\u0644 \u0627\u0644\u0645\u0628\u0627\u0634\u0631 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a JSON<\/td>\n\u0623\u0643\u062b\u0631 \u0648\u0636\u0648\u062d\u064b\u0627 \u0641\u064a \u0627\u0644\u0633\u062c\u0644\u0627\u062a\u060c \u0648\u064a\u0633\u0647\u0644 \u0627\u0643\u062a\u0634\u0627\u0641\u0647<\/td>\n<\/tr>\n
        \u0627\u062e\u062a\u0637\u0627\u0641 JSONP<\/td>\n\u064a\u0639\u0627\u0644\u062c \u0648\u0638\u064a\u0641\u0629 \u0631\u062f \u0627\u0644\u0627\u062a\u0635\u0627\u0644 JSONP<\/td>\n\u0645\u0646 \u0627\u0644\u0645\u062d\u062a\u0645\u0644 \u0623\u0646 \u064a\u062a\u062c\u0627\u0648\u0632 \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0623\u0635\u0644 \u0646\u0641\u0633\u0647<\/td>\n\u064a\u062a\u0637\u0644\u0628 \u062a\u0646\u0641\u064a\u0630 JSONP \u0627\u0644\u0636\u0639\u064a\u0641<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

        \u0637\u0631\u0642 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 JSON hijacking \u0648\u0645\u0634\u0627\u0643\u0644\u0647\u0627 \u0648\u062d\u0644\u0648\u0644\u0647\u0627 \u0627\u0644\u0645\u062a\u0639\u0644\u0642\u0629 \u0628\u0627\u0644\u0627\u0633\u062a\u062e\u062f\u0627\u0645.<\/h2>\n

        \u0637\u0631\u0642 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644<\/h3>\n

        \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0644\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0633\u0627\u0633\u0629\u060c \u0645\u062b\u0644 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0623\u0648 \u0631\u0645\u0648\u0632 \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0627\u0644\u0645\u0645\u064a\u0632\u0629 \u0623\u0648 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0627\u0644\u0623\u062e\u0631\u0649 \u0627\u0644\u0645\u062e\u0632\u0646\u0629 \u0641\u064a \u0627\u0633\u062a\u062c\u0627\u0628\u0627\u062a JSON. \u064a\u0645\u0643\u0646 \u0628\u0639\u062f \u0630\u0644\u0643 \u0625\u0633\u0627\u0621\u0629 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0633\u0631\u0648\u0642\u0629 \u0645\u0646 \u0642\u0628\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0644\u0623\u063a\u0631\u0627\u0636 \u0636\u0627\u0631\u0629 \u0645\u062e\u062a\u0644\u0641\u0629.<\/p>\n

        \u0627\u0644\u0645\u0634\u0627\u0643\u0644 \u0648\u0627\u0644\u062d\u0644\u0648\u0644<\/h3>\n

        \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629 \u0641\u064a \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0647\u064a \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0642\u064a\u0627\u0633\u064a\u0629 \u0641\u064a \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u062e\u062f\u0645 JSON \u0643\u062a\u0646\u0633\u064a\u0642 \u0644\u062a\u0628\u0627\u062f\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a. \u0644\u0644\u062a\u062e\u0641\u064a\u0641 \u0645\u0646 \u0627\u0644\u0645\u062e\u0627\u0637\u0631 \u0627\u0644\u0645\u0631\u062a\u0628\u0637\u0629 \u0628\u0627\u062e\u062a\u0637\u0627\u0641 JSON\u060c \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0637\u0648\u0631\u064a\u0646 \u0648\u0645\u0633\u0624\u0648\u0644\u064a \u0645\u0648\u0627\u0642\u0639 \u0627\u0644\u0648\u064a\u0628 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062d\u0644\u0648\u0644 \u0627\u0644\u062a\u0627\u0644\u064a\u0629:<\/p>\n

          \n
        1. \n

          \u063a\u0644\u0627\u0641 \u0627\u0633\u062a\u062c\u0627\u0628\u0629 JSON \u0627\u0644\u0622\u0645\u0646:<\/strong> \u0642\u0645 \u0628\u062a\u0636\u0645\u064a\u0646 \u0627\u0633\u062a\u062c\u0627\u0628\u0627\u062a JSON \u0636\u0645\u0646 \u063a\u0644\u0627\u0641 \u0622\u0645\u0646\u060c \u0645\u062b\u0644 "while(1);" \u0623\u0648 "\u062e\u064a\u0627\u0631\u0627\u062a \u0646\u0648\u0639 \u0627\u0644\u0645\u062d\u062a\u0648\u0649 X: nosniff." \u0648\u064a\u0645\u0646\u0639 \u0647\u0630\u0627 \u0627\u0644\u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u0645\u0628\u0627\u0634\u0631 \u0644\u0628\u064a\u0627\u0646\u0627\u062a JSON \u0628\u0648\u0627\u0633\u0637\u0629 \u0627\u0644\u0645\u062a\u0635\u0641\u062d\u060c \u0645\u0645\u0627 \u064a\u062c\u0639\u0644 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u064a\u0647\u0627 \u063a\u064a\u0631 \u0645\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u064a\u0646.<\/p>\n<\/li>\n

        2. \n

          \u0645\u0634\u0627\u0631\u0643\u0629 \u0627\u0644\u0645\u0648\u0627\u0631\u062f \u0639\u0628\u0631 \u0627\u0644\u0623\u0635\u0644 (CORS):<\/strong> \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0624\u062f\u064a \u062a\u0646\u0641\u064a\u0630 \u0633\u064a\u0627\u0633\u0627\u062a CORS \u0625\u0644\u0649 \u062a\u0642\u064a\u064a\u062f \u0627\u0644\u0648\u0635\u0648\u0644 \u0639\u0628\u0631 \u0627\u0644\u0623\u0635\u0644 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a JSON\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u0639 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0634\u0643\u0644 \u0641\u0639\u0627\u0644 \u0645\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0633\u062a\u062b\u0646\u0627\u0621 \u0633\u064a\u0627\u0633\u0629 \u0646\u0641\u0633 \u0627\u0644\u0623\u0635\u0644.<\/p>\n<\/li>\n

        3. \n

          \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0627\u0644\u0645\u0633\u062a\u0646\u062f\u0629 \u0625\u0644\u0649 \u0627\u0644\u0631\u0645\u0632 \u0627\u0644\u0645\u0645\u064a\u0632:<\/strong> \u0627\u0633\u062a\u062e\u062f\u0645 \u0623\u0633\u0627\u0644\u064a\u0628 \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0627\u0644\u0645\u0633\u062a\u0646\u062f\u0629 \u0625\u0644\u0649 \u0627\u0644\u0631\u0645\u0632 \u0627\u0644\u0645\u0645\u064a\u0632 \u0645\u062b\u0644 OAuth\u060c \u0648\u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0633\u0627\u0639\u062f \u0641\u064a \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u063a\u064a\u0631 \u0627\u0644\u0645\u0635\u0631\u062d \u0628\u0647 \u0648\u062a\u062e\u0641\u064a\u0641 \u062a\u0623\u062b\u064a\u0631 \u0627\u062e\u062a\u0637\u0627\u0641 JSON.<\/p>\n<\/li>\n

        4. \n

          \u0633\u064a\u0627\u0633\u0629 \u0623\u0645\u0627\u0646 \u0627\u0644\u0645\u062d\u062a\u0648\u0649 (CSP):<\/strong> \u0645\u0646 \u062e\u0644\u0627\u0644 \u062a\u0643\u0648\u064a\u0646 \u0631\u0624\u0648\u0633 CSP\u060c \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0633\u0624\u0648\u0644\u064a\u0646 \u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u0646\u0637\u0627\u0642\u0627\u062a \u0627\u0644\u0645\u0633\u0645\u0648\u062d \u0644\u0647\u0627 \u0628\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0646\u0635\u064a\u0629 \u0639\u0644\u0649 \u0635\u0641\u062d\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0647\u0645\u060c \u0645\u0645\u0627 \u064a\u0642\u0644\u0644 \u0645\u0646 \u062e\u0637\u0631 \u0627\u062e\u062a\u0637\u0627\u0641 JSON.<\/p>\n<\/li>\n<\/ol>\n

          \u0627\u0644\u062e\u0635\u0627\u0626\u0635 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629 \u0648\u0645\u0642\u0627\u0631\u0646\u0627\u062a \u0623\u062e\u0631\u0649 \u0645\u0639 \u0645\u0635\u0637\u0644\u062d\u0627\u062a \u0645\u0645\u0627\u062b\u0644\u0629 \u0641\u064a \u0634\u0643\u0644 \u062c\u062f\u0627\u0648\u0644 \u0648\u0642\u0648\u0627\u0626\u0645.<\/h2>\n

          \u064a\u0648\u062c\u062f \u0623\u062f\u0646\u0627\u0647 \u062c\u062f\u0648\u0644 \u0645\u0642\u0627\u0631\u0646\u0629 \u0644\u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0645\u0639 \u0627\u0644\u0645\u0635\u0637\u0644\u062d\u0627\u062a \u0627\u0644\u0645\u0645\u0627\u062b\u0644\u0629 \u0648\u0627\u0644\u0645\u0641\u0627\u0647\u064a\u0645 \u0630\u0627\u062a \u0627\u0644\u0635\u0644\u0629:<\/p>\n\n\n\n\n\n\n\n
          \u0634\u0631\u0637<\/th>\n\u0648\u0635\u0641<\/th>\n\u0627\u062e\u062a\u0644\u0627\u0641<\/th>\n<\/tr>\n<\/thead>\n
          \u0627\u062e\u062a\u0637\u0627\u0641 JSON<\/td>\n\u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062a\u0633\u062a\u063a\u0644 \u0627\u0633\u062a\u062b\u0646\u0627\u0621 \u0633\u064a\u0627\u0633\u0629 \u0646\u0641\u0633 \u0627\u0644\u0645\u0635\u062f\u0631 \u0644\u0637\u0644\u0628\u0627\u062a JSON.<\/td>\n\u062e\u0627\u0635 \u0628\u0627\u0633\u062a\u062c\u0627\u0628\u0627\u062a JSON\u060c \u0648\u064a\u0633\u062a\u0647\u062f\u0641 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0628\u062f\u0648\u0646 \u0623\u063a\u0644\u0641\u0629 \u0627\u0633\u062a\u062c\u0627\u0628\u0629 JSON \u0627\u0644\u0622\u0645\u0646\u0629.<\/td>\n<\/tr>\n
          \u0639\u0628\u0631 \u0645\u0648\u0642\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u0629<\/td>\n\u064a\u0642\u0648\u0645 \u0627\u0644\u0647\u062c\u0648\u0645 \u0628\u0625\u062f\u062e\u0627\u0644 \u0646\u0635\u0648\u0635 \u0628\u0631\u0645\u062c\u064a\u0629 \u0636\u0627\u0631\u0629 \u0641\u064a \u062a\u0637\u0628\u064a\u0642 \u0648\u064a\u0628 \u0644\u0633\u0631\u0642\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0623\u0648 \u0627\u062e\u062a\u0637\u0627\u0641 \u062c\u0644\u0633\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645.<\/td>\n\u064a\u0631\u0643\u0632 \u0639\u0644\u0649 \u062d\u0642\u0646 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0646\u0635\u064a\u0629\u060c \u0641\u064a \u062d\u064a\u0646 \u064a\u0633\u062a\u0647\u062f\u0641 \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0627\u0644\u0648\u0635\u0648\u0644 \u0627\u0644\u0645\u0628\u0627\u0634\u0631 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a JSON.<\/td>\n<\/tr>\n
          \u062a\u0632\u0648\u064a\u0631 \u0627\u0644\u0637\u0644\u0628 \u0639\u0628\u0631 \u0627\u0644\u0645\u0648\u0627\u0642\u0639 (CSRF)<\/td>\n\u0647\u062c\u0648\u0645 \u064a\u062e\u062f\u0639 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0644\u062a\u0646\u0641\u064a\u0630 \u0625\u062c\u0631\u0627\u0621\u0627\u062a \u063a\u064a\u0631 \u0645\u0631\u063a\u0648\u0628 \u0641\u064a\u0647\u0627 \u0639\u0644\u0649 \u0645\u0648\u0642\u0639 \u0645\u0648\u062b\u0648\u0642 \u0628\u0647.<\/td>\n\u064a\u0631\u0643\u0632 CSRF \u0639\u0644\u0649 \u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u060c \u0628\u064a\u0646\u0645\u0627 \u064a\u062a\u0639\u0627\u0645\u0644 \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0645\u0639 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0623\u0635\u0644 \u0646\u0641\u0633\u0647 \u0644\u0640 JSON.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

          \u0648\u062c\u0647\u0627\u062a \u0646\u0638\u0631 \u0648\u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u0642\u0628\u0644 \u0627\u0644\u0645\u062a\u0639\u0644\u0642\u0629 \u0628\u0627\u062e\u062a\u0637\u0627\u0641 JSON.<\/h2>\n

          \u0645\u0639 \u062a\u0637\u0648\u0631 \u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u0648\u064a\u0628\u060c \u062a\u062a\u0632\u0627\u064a\u062f \u0623\u064a\u0636\u064b\u0627 \u0627\u0644\u0645\u062e\u0627\u0637\u0631 \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629 \u0627\u0644\u0645\u0631\u062a\u0628\u0637\u0629 \u0628\u0627\u062e\u062a\u0637\u0627\u0641 JSON. \u064a\u0628\u062d\u062b \u0627\u0644\u0645\u0637\u0648\u0631\u0648\u0646 \u0648\u062e\u0628\u0631\u0627\u0621 \u0627\u0644\u0623\u0645\u0646 \u0628\u0627\u0633\u062a\u0645\u0631\u0627\u0631 \u0639\u0646 \u0637\u0631\u0642 \u0645\u0628\u062a\u0643\u0631\u0629 \u0644\u0645\u0646\u0639 \u0645\u062b\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629. \u0642\u062f \u062a\u062a\u0636\u0645\u0646 \u0628\u0639\u0636 \u0648\u062c\u0647\u0627\u062a \u0627\u0644\u0646\u0638\u0631 \u0648\u0627\u0644\u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u0642\u0628\u0644\u064a\u0629 \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629 \u0627\u0644\u0645\u062a\u0639\u0644\u0642\u0629 \u0628\u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0645\u0627 \u064a\u0644\u064a:<\/p>\n

            \n
          1. \n

            \u062a\u0648\u062d\u064a\u062f \u0623\u063a\u0644\u0641\u0629 \u0627\u0633\u062a\u062c\u0627\u0628\u0629 JSON \u0627\u0644\u0622\u0645\u0646\u0629:<\/strong> \u0625\u0646 \u0627\u0639\u062a\u0645\u0627\u062f \u0645\u062c\u0645\u0651\u0639 \u0627\u0633\u062a\u062c\u0627\u0628\u0629 JSON \u0627\u0644\u0622\u0645\u0646 \u0648\u0627\u0644\u0645\u0648\u062d\u062f \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u0647\u0644 \u0639\u0644\u0649 \u0627\u0644\u0645\u0637\u0648\u0631\u064a\u0646 \u062d\u0645\u0627\u064a\u0629 \u0628\u064a\u0627\u0646\u0627\u062a JSON \u0636\u062f \u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0627\u062e\u062a\u0637\u0627\u0641.<\/p>\n<\/li>\n

          2. \n

            \u062a\u062d\u0633\u064a\u0646 \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0646\u0641\u0633\u0647 \u0644\u0640 JSON:<\/strong> \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0624\u062f\u064a \u0627\u0644\u062a\u062d\u0633\u064a\u0646\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0645 \u0625\u062f\u062e\u0627\u0644\u0647\u0627 \u0639\u0644\u0649 \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0646\u0641\u0633\u0647 \u0644\u062a\u063a\u0637\u064a\u0629 \u0637\u0644\u0628\u0627\u062a JSON \u0628\u0634\u0643\u0644 \u0623\u0643\u062b\u0631 \u0634\u0645\u0648\u0644\u0627\u064b \u0625\u0644\u0649 \u062a\u0642\u0644\u064a\u0644 \u0645\u062e\u0627\u0637\u0631 \u0627\u062e\u062a\u0637\u0627\u0641 JSON.<\/p>\n<\/li>\n

          3. \n

            \u0627\u0644\u062a\u0637\u0648\u0631\u0627\u062a \u0641\u064a \u062c\u062f\u0631\u0627\u0646 \u062d\u0645\u0627\u064a\u0629 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 (WAF):<\/strong> \u0642\u062f \u062a\u0634\u062a\u0645\u0644 \u062c\u062f\u0631\u0627\u0646 \u062d\u0645\u0627\u064a\u0629 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0639\u0644\u0649 \u062e\u0648\u0627\u0631\u0632\u0645\u064a\u0627\u062a \u0623\u0643\u062b\u0631 \u062a\u0639\u0642\u064a\u062f\u064b\u0627 \u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0645\u062d\u0627\u0648\u0644\u0627\u062a \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0648\u0645\u0646\u0639\u0647\u0627 \u0628\u0634\u0643\u0644 \u0641\u0639\u0627\u0644.<\/p>\n<\/li>\n

          4. \n

            \u0632\u064a\u0627\u062f\u0629 \u0627\u0639\u062a\u0645\u0627\u062f \u0631\u0645\u0648\u0632 \u0627\u0644\u0648\u064a\u0628 JSON (JWT):<\/strong> \u062a\u0648\u0641\u0631 JWTs \u0637\u0631\u064a\u0642\u0629 \u0622\u0645\u0646\u0629 \u0644\u0646\u0642\u0644 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0628\u064a\u0646 \u0627\u0644\u0623\u0637\u0631\u0627\u0641 \u0643\u0643\u0627\u0626\u0646\u0627\u062a JSON\u060c \u0645\u0645\u0627 \u064a\u062c\u0639\u0644\u0647\u0627 \u0623\u0642\u0644 \u0639\u0631\u0636\u0629 \u0644\u0627\u062e\u062a\u0637\u0627\u0641 JSON.<\/p>\n<\/li>\n<\/ol>\n

            \u0643\u064a\u0641 \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u062e\u0648\u0627\u062f\u0645 \u0627\u0644\u0648\u0643\u064a\u0644\u0629 \u0623\u0648 \u0631\u0628\u0637\u0647\u0627 \u0628\u0627\u062e\u062a\u0637\u0627\u0641 JSON.<\/h2>\n

            \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0644\u0639\u0628 \u0627\u0644\u062e\u0648\u0627\u062f\u0645 \u0627\u0644\u0648\u0643\u064a\u0644\u0629 \u062f\u0648\u0631\u064b\u0627 \u0641\u064a \u0627\u0644\u062a\u062e\u0641\u064a\u0641 \u0645\u0646 \u0645\u062e\u0627\u0637\u0631 \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u0639\u0645\u0644 \u0643\u0648\u0633\u064a\u0637 \u0628\u064a\u0646 \u0627\u0644\u0639\u0645\u0644\u0627\u0621 \u0648\u062e\u0648\u0627\u062f\u0645 \u0627\u0644\u0648\u064a\u0628. \u0625\u0644\u064a\u0643 \u0643\u064a\u0641\u064a\u0629 \u0631\u0628\u0637 \u0627\u0644\u062e\u0648\u0627\u062f\u0645 \u0627\u0644\u0648\u0643\u064a\u0644\u0629 \u0628\u0627\u062e\u062a\u0637\u0627\u0641 JSON:<\/p>\n

              \n
            1. \n

              \u062a\u0635\u0641\u064a\u0629 \u0627\u0644\u0637\u0644\u0628:<\/strong> \u064a\u0645\u0643\u0646 \u062a\u0643\u0648\u064a\u0646 \u062e\u0648\u0627\u062f\u0645 \u0627\u0644\u0648\u0643\u064a\u0644 \u0644\u062a\u0635\u0641\u064a\u0629 \u0637\u0644\u0628\u0627\u062a JSON \u0627\u0644\u0648\u0627\u0631\u062f\u0629\u060c \u0648\u062d\u0638\u0631 \u062a\u0644\u0643 \u0627\u0644\u062a\u064a \u062a\u0638\u0647\u0631 \u0639\u0644\u0627\u0645\u0627\u062a \u0645\u062d\u0627\u0648\u0644\u0627\u062a \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629.<\/p>\n<\/li>\n

            2. \n

              \u0627\u0644\u062a\u0641\u0627\u0641 \u0627\u0644\u0627\u0633\u062a\u062c\u0627\u0628\u0629:<\/strong> \u064a\u0645\u0643\u0646 \u0644\u0644\u062e\u0648\u0627\u062f\u0645 \u0627\u0644\u0648\u0643\u064a\u0644\u0629 \u062a\u063a\u0644\u064a\u0641 \u0627\u0633\u062a\u062c\u0627\u0628\u0627\u062a JSON \u0628\u0631\u0624\u0648\u0633 \u0627\u0644\u0627\u0633\u062a\u062c\u0627\u0628\u0629 \u0627\u0644\u0622\u0645\u0646\u0629 (\u0639\u0644\u0649 \u0633\u0628\u064a\u0644 \u0627\u0644\u0645\u062b\u0627\u0644\u060c "while(1);") \u0642\u0628\u0644 \u062a\u0633\u0644\u064a\u0645\u0647\u0627 \u0625\u0644\u0649 \u0627\u0644\u0639\u0645\u0644\u0627\u0621\u060c \u0645\u0645\u0627 \u064a\u0648\u0641\u0631 \u0637\u0628\u0642\u0629 \u0625\u0636\u0627\u0641\u064a\u0629 \u0645\u0646 \u0627\u0644\u0623\u0645\u0627\u0646.<\/p>\n<\/li>\n

            3. \n

              \u0625\u062f\u0627\u0631\u0629 \u0643\u0648\u0631\u0633:<\/strong> \u064a\u0645\u0643\u0646 \u0644\u0644\u062e\u0648\u0627\u062f\u0645 \u0627\u0644\u0648\u0643\u064a\u0644\u0629 \u0641\u0631\u0636 \u0633\u064a\u0627\u0633\u0627\u062a CORS \u0635\u0627\u0631\u0645\u0629\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u0639 \u0627\u0644\u0648\u0635\u0648\u0644 \u063a\u064a\u0631 \u0627\u0644\u0645\u0635\u0631\u062d \u0628\u0647 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a JSON \u0648\u064a\u0642\u0644\u0644 \u0645\u0646 \u0645\u062e\u0627\u0637\u0631 \u0627\u062e\u062a\u0637\u0627\u0641 JSON.<\/p>\n<\/li>\n<\/ol>\n

              \u0631\u0648\u0627\u0628\u0637 \u0630\u0627\u062a \u0639\u0644\u0627\u0642\u0629<\/h2>\n

              \u0644\u0645\u0632\u064a\u062f \u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0648\u0644 \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0648\u0623\u0645\u0646 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628\u060c \u064a\u0645\u0643\u0646\u0643 \u0627\u0644\u0631\u062c\u0648\u0639 \u0625\u0644\u0649 \u0627\u0644\u0645\u0648\u0627\u0631\u062f \u0627\u0644\u062a\u0627\u0644\u064a\u0629:<\/p>\n

                \n
              1. \u0627\u062e\u062a\u0637\u0627\u0641 OWASP JSON<\/a><\/li>\n
              2. \u0645\u062f\u0648\u0646\u0629 \u0627\u0631\u0645\u064a\u0627 \u063a\u0631\u0648\u0633\u0645\u0627\u0646<\/a><\/li>\n
              3. \u0634\u0628\u0643\u0629 \u0645\u0637\u0648\u0631\u064a Mozilla (MDN) \u2013 \u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0646\u0641\u0633\u0647<\/a><\/li>\n<\/ol>\n

                \u062a\u0630\u0643\u0631 \u0623\u0646 \u0641\u0647\u0645 \u0645\u062e\u0627\u0637\u0631 \u0627\u062e\u062a\u0637\u0627\u0641 JSON \u0648\u0645\u0639\u0627\u0644\u062c\u062a\u0647\u0627 \u064a\u0639\u062f \u0623\u0645\u0631\u064b\u0627 \u0636\u0631\u0648\u0631\u064a\u064b\u0627 \u0644\u0645\u0637\u0648\u0631\u064a \u0648\u0645\u0633\u0624\u0648\u0644\u064a \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0644\u0636\u0645\u0627\u0646 \u0623\u0645\u0627\u0646 \u0648\u062e\u0635\u0648\u0635\u064a\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646. \u0633\u064a\u0633\u0627\u0639\u062f \u062a\u0646\u0641\u064a\u0630 \u0623\u0641\u0636\u0644 \u0627\u0644\u0645\u0645\u0627\u0631\u0633\u0627\u062a \u0648\u0627\u0644\u0628\u0642\u0627\u0621 \u0639\u0644\u0649 \u0627\u0637\u0644\u0627\u0639 \u0628\u0623\u062d\u062f\u062b \u0627\u0644\u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0639\u0644\u0649 \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u0646 \u0645\u062b\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.<\/p>","protected":false},"featured_media":477748,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-477747","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about JSON Hijacking: An Encyclopedia Article<\/mark>","faq_items":[{"question":"What is JSON hijacking?","answer":"

                JSON hijacking, also known as \"JavaScript Object Notation hijacking,\" is a security vulnerability that affects web applications using JSON as a data interchange format. It allows attackers to steal sensitive data from the victim's browser when the application lacks proper security measures.<\/p>"},{"question":"Who discovered JSON hijacking, and when was it first mentioned?","answer":"

                JSON hijacking was first discovered and documented by Jeremiah Grossman in 2006. He brought attention to this vulnerability, highlighting the risks associated with using JSON without appropriate security measures.<\/p>"},{"question":"How does JSON hijacking work?","answer":"

                JSON hijacking exploits the same-origin policy exemption for JSON requests. The attacker tricks the victim's browser into making an additional cross-origin request, which is intercepted by the attacker's server, granting them direct access to the JSON data.<\/p>"},{"question":"What are the key features of JSON hijacking?","answer":"

                Key features include exploiting the same-origin policy, absence of secure JSON response wrappers, and targeting web applications using JSON endpoints for data exchange.<\/p>"},{"question":"What are the types of JSON hijacking?","answer":"

                JSON hijacking can be classified into two types:<\/p>

                1. Direct JSON hijacking: The attacker tricks the victim's browser to send JSON directly to the attacker's server.<\/li>
                2. JSONP hijacking: The attacker manipulates the JSONP callback function to extract JSON data.<\/li><\/ol>"},{"question":"How can JSON hijacking be mitigated?","answer":"

                  To prevent JSON hijacking, developers can implement secure JSON response wrappers, utilize CORS policies, employ token-based authentication, and configure Content Security Policy (CSP) headers.<\/p>"},{"question":"How does JSON hijacking differ from Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)?","answer":"

                  JSON hijacking targets the direct access to JSON data exploiting same-origin policy. XSS injects malicious scripts into web apps, while CSRF tricks users into performing unwanted actions on trusted sites.<\/p>"},{"question":"What are the future perspectives and technologies related to JSON hijacking?","answer":"

                  Future developments may include standardized secure JSON response wrappers, improved same-origin policy for JSON, and increased adoption of JSON Web Tokens (JWT) for secure data transmission.<\/p>"},{"question":"How can proxy servers help protect against JSON hijacking?","answer":"

                  Proxy servers can act as intermediaries between clients and web servers, filtering requests, wrapping responses securely, and managing CORS to minimize the risk of JSON hijacking.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/ar\/wp-json\/wp\/v2\/wiki\/477747","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/ar\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/ar\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/ar\/wp-json\/wp\/v2\/wiki\/477747\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/ar\/wp-json\/wp\/v2\/media\/477748"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/ar\/wp-json\/wp\/v2\/media?parent=477747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}