Handling anti-XSS prefixes

[JulianBirch]

In cljs-ajax, I've got a feature that allows you to specify that you're expecting a JSON response to be prefixed with (for instance) while(1);, like some Google APIs do. Would you be interested in a PR that added such a feature into the opts in Cheshire?

[dakrone]

@JulianBirch I'm afraid I don't quite understand what this does, can you give me an example input that you are talking about? What does this have to do with CSS?

[JulianBirch]

Really should have written XSS, sorry (edited the heading). An example is something like while(1);{"a" "b"}. Typically this is coming back as a response to a GET. So you need to strip the prefix off to get a useful result. (Namely `{"a" "b"})

Here's a reference on it: http://stackoverflow.com/questions/2669690/why-does-google-prepend-while1-to-their-json-responses

[dakrone]

@JulianBirch ahh okay, that makes much more sense than CSS :)

I think it would be worth adding, perhaps as a special decode-with-leader method or something similar?