Imagine that you have the following action in MVC 5 controller:
1 2 3 4 5 6 7 8 9 10 11 12 |
[HttpGet] public string GetData() { return JsonConvert.SerializeObject( new JObject( new JProperty("message", "Ok"), new JProperty("data", new JObject( new JProperty("value", "< /body>") )) ) ); } |
We create simple object on a fly, serialize it to string and return. What you might actually get? Well:
1 2 3 4 5 6 7 8 9 |
{"message":"Ok","data":{"value":" <!-- Visual Studio Browser Link --> < script type="application/json" id="__browserLink_initializationData"> {"appName":"Opera"} < /script> < script type="text/javascript" src="http://localhost:55192/9ff0617132d944e4bb76030619552ec4/browserLink" async="async"></script> <!-- End Browser Link --> < /body>"}} |
So it looks like browser link decided to inject itself just before body ending tag.
Why did it do so? If we check response headers, we will see the following one:
1 |
Content-Type:text/html; charset=utf-8 |
So application decides to send html (instead of javascript) so browser link decides to inject itself. Solution is obvious:
1 |
Response.ContentType = "text/javascript"; |