how do I prevent my json response from showing in the browser?

Question

I am using aspjson from aspjson.com to parse and write json in classic ASP to interact with Authorize.net. I have it working, but have something wrong. The response from the server is being written to the browser along with being inserted in my form field (as expected). How do I prevent this?

The include i'm using can be found at http://www.aspjson.com/

I think it has something to do with the response type, but I don't know how to set it correctly. I've tried xmlhttp.responseType = "json" but it prevented my token from populating my form element. I also tried setting my variable to xmlhttp.response, but it didn't seem to make a difference.

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<!--#include file="aspjson.asp" -->

<%

dim vURL

vURL ="https://apitest.authorize.net/xml/v1/request.api"
set xmlhttp = CreateObject("MSXML2.ServerXMLHTTP") 
xmlhttp.open "POST", vURL, false 
xmlhttp.setRequestHeader "Content-type","application/json"
xmlhttp.setRequestHeader "Accept","application/json"
xmlhttp.send "{""getHostedPaymentPageRequest"": { ""merchantAuthentication"": [{ ""name"": ""CorrectUname"", ""transactionKey"": ""correctKey"" }], ""transactionRequest"": { ""transactionType"": ""authCaptureTransaction"", ""amount"": ""1250.00"", ""profile"": { ""customerProfileId"": ""123456789"" }, ""order"" : {""invoiceNumber"": ""0987654322"", ""description"" : ""Materials""}, ""lineItems"" : {""lineItem"" :{""itemId"" : ""1"", ""name"" : ""Guide"", ""description"":""A description of the item."", ""quantity"" : ""5"", ""unitPrice"" : ""150.00"", ""taxable"" : ""false""},""lineItem"" :{""itemId"" : ""2"", ""name"" : ""Guide PDF"", ""description"":""A description of the item."", ""quantity"" : ""5"",   ""unitPrice"" : ""100.00"", ""taxable"" : ""false""}},""customer"": { ""email"": ""[email protected]"" }, ""billTo"": { ""firstName"": ""Ellen"", ""lastName"": ""Johnson"", ""company"": ""Souveniropolis"", ""address"": ""14 Main Street"", ""city"": ""Pecan Springs"", ""state"": ""TX"", ""zip"": ""44628"", ""country"": ""USA"" }, ""shipTo"": { ""firstName"": ""Ellen"", ""lastName"": ""Johnson"", ""company"": ""Souveniropolis"", ""address"": ""14 Main Street"", ""city"": ""Pecan Springs"", ""state"": ""TX"", ""zip"": ""44628"", ""country"": ""USA"" } }, ""hostedPaymentSettings"": { ""setting"": [{ ""settingName"": ""hostedPaymentReturnOptions"", ""settingValue"": ""{\""showReceipt\"": true, \""url\"": \""https://example.com/reciept.asp\"", \""urlText\"": \""Continue\"", \""cancelUrl\"": \""https://example.com/cancel\"", \""cancelUrlText\"": \""Cancel\""}"" }, { ""settingName"": ""hostedPaymentButtonOptions"", ""settingValue"": ""{\""text\"": \""Pay\""}"" }, { ""settingName"": ""hostedPaymentStyleOptions"", ""settingValue"": ""{\""bgColor\"": \""blue\""}"" }, { ""settingName"": ""hostedPaymentPaymentOptions"", ""settingValue"": ""{\""cardCodeRequired\"": false, \""showCreditCard\"": true, \""showBankAccount\"": true}"" }, { ""settingName"": ""hostedPaymentSecurityOptions"", ""settingValue"": ""{\""captcha\"": false}"" }, { ""settingName"": ""hostedPaymentShippingAddressOptions"", ""settingValue"": ""{\""show\"": false, \""required\"": false}"" }, { ""settingName"": ""hostedPaymentBillingAddressOptions"", ""settingValue"": ""{\""show\"": true, \""required\"": false}"" }, { ""settingName"": ""hostedPaymentCustomerOptions"", ""settingValue"": ""{\""showEmail\"": true, \""requiredEmail\"": true, \""addPaymentProfile\"": true}"" }, { ""settingName"": ""hostedPaymentOrderOptions"", ""settingValue"": ""{\""show\"": true, \""merchantName\"": \""name\""}"" }, { ""settingName"": ""hostedPaymentIFrameCommunicatorUrl"", ""settingValue"": ""{\""url\"": \""https://example.com/special\""}"" }] } } }"

vAnswer = xmlhttp.responseText  
Set oJSON = New aspJSON
'Load JSON string - This uses the aspjson.asp library loaded above to process the json response
oJSON.loadJSON(vAnswer)
vToken = oJSON.data("token")

%>

<HTML>
<HEAD>
<TITLE> Authorize.net Test Page - danielso Sandbox account</TITLE>
</HEAD>
<BODY>
<h1>Authorize.net Test Page - danielso Sandbox account</h1>
<hr />

<form id="send_hptoken" action="https://test.authorize.net/payment/payment" method="post" target="load_payment" >
<input type="text" name="token" value="<%response.write(vToken)%>" />
<input type = "submit" value = "Order Now!" /> 
</form> 

The problem is the JSON response is the first thing being written to the browser above the <HTML> tag. The variable vAnswer contains the complete JSON response from the server which I am receiving successfully. It looks like this

{"token":"1Zxb060yfEUSZpUT6X0PPv...superLongButWorkingToken...Mvrbg.2GgexrHg74XQ","messages":{"resultCode":"Ok","message":[{"code":"I00001","text":"Successful."}]}}

The response is parsed and the Token I need is contained in the variable vToken which is being successfully populated in my form field.

Answer 1

Thank you @DanB and @Lankymart

The include file aspjson.asp had indeed been edited to include a response.write() command at the beginning of the loadJSON() method.

...
Public Sub loadJSON(inputsource)
    response.write inputsource
...

The most embarrassing part is that its likely I did this myself when I was troubleshooting when I first started using this include a year of so ago. I'm not sure why I haven't run into this issue before now.