Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If I understand what you're asking: this trick is useful for submitting data to API endpoints that expect the entire request to be well-formed JSON, rather than just a small part. The (pretty-printed) POST body from the example form in my previous comment will look like a regular JSON request as far as the destination server is concerned, with the addition of a "dummy" key:

  {
    "key1": "val1",
    "params": {
      "input": "value",
      "list": []
    },
    "dummy": "="
  }
If the JSON is just a hidden form value as you suggest, the request as a whole will not be treated as JSON data. Then invalid characters will (usually) be added to the request body by the browser, and the server will (probably) be unable to parse it, causing the request to fail. This is due to how forms are encoded for POST requests.

On the other hand, if you're wondering why anyone would ever do this, then I do not have a good answer for you :)



Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: