| ["we can't protect JSON lists through sniffing alone", | |
| "... unless we are willing to buffer the entire response.", | |
| "Protection can be obtained by supplying a JSON mime type and setting the ", | |
| "nosniff header, and/or by including a parser-breaking prefix."] |