|
|
@@ -559,6 +559,29 @@ func main() {
|
|
|
}
|
|
|
```
|
|
|
|
|
|
+#### SecureJSON
|
|
|
+
|
|
|
+Using SecureJSON to prevent json hijacking. Default prepends `"while(1),"` to response body if the given struct is array values.
|
|
|
+
|
|
|
+```go
|
|
|
+func main() {
|
|
|
+ r := gin.Default()
|
|
|
+
|
|
|
+ // You can also use your own secure json prefix
|
|
|
+ // r.SecureJsonPrefix(")]}',\n")
|
|
|
+
|
|
|
+ r.GET("/someJSON", func(c *gin.Context) {
|
|
|
+ names := []string{"lena", "austin", "foo"}
|
|
|
+
|
|
|
+ // Will output : while(1);["lena","austin","foo"]
|
|
|
+ c.SecureJSON(http.StatusOK, names)
|
|
|
+ })
|
|
|
+
|
|
|
+ // Listen and serve on 0.0.0.0:8080
|
|
|
+ r.Run(":8080")
|
|
|
+}
|
|
|
+```
|
|
|
+
|
|
|
### Serving static files
|
|
|
|
|
|
```go
|
Javier Provecho Fernandez