It looks to be a weird standard then as prefixing a JSON message with "{}&&" will make it invalid regarding the JSON specification
"&&" isn't accepted in neither:
The fact such invalid JSON message may work with some JSON parse implementations give absolutely no guaranty it will work in everyones, nor it will still work in future editions of those parsers
The safer way to protect JSON messages from JSON hijacking is to never send raw Arrays but embed them into an object
//wrong
["foo","bar","baz"]
//right
{"data":["foo","bar","baz"]}