Ask HN: Why Facebook API responses have `for (;;);` at the start of the JSON

[monkhood]

An example API response:

`for (;;);{"payload":{"keys":[]}}`

[ten13]

I suspect it’s designed to mitigate XSSI, Angular’s got one of the easiest to digest explanations[1].

1. https://angular.io/guide/security#cross-site-script-inclusio...