JSON: why are forward slashes escaped?
JSON doesn't require you to do that, it allows you to do that. It also allows you to use "\u0061" for "A", but it's not required, like Harold L points out:
The JSON spec says you CAN escape forward slash, but you don't have to.
Harold L answered Oct 16 '09 at 21:59
Allowing \/
helps when embedding JSON in a <script>
tag, which doesn't allow </
inside strings, like Seb points out:
This is because HTML does not allow a string inside a
<script>
tag to contain</
, so in case that substring's there, you should escape every forward slash.
Seb answered Oct 16 '09 at 22:00 (#1580667)
Some of Microsoft's ASP.NET Ajax/JSON API's use this loophole to add extra information, e.g., a datetime will be sent as "\/Date(milliseconds)\/"
. (Yuck)
escaping forward slashes in json output
The best way I've found is to just do a replacement on the resulting string.
out = json.dumps(obj)
out = out.replace("/", "\\/")
Escaping forward slashes is optional within the JSON spec, and doing so ensures that you won't get bit by "</script>"
attacks in the string.
json.dumps(): escaping forward slashes
Only escape forward slashes when encode_html_chars=True
Check out this-
https://github.com/esnme/ultrajson/pull/114
The JSON spec says forward slashes shall be escaped implicitly.
Here is a solution to do it in JSONEncoder itself. Its just that you create an ESCAPE DICTIONARY and do computation before hand and do the encoding later.
https://chromium.googlesource.com/external/googleappengine/python/+/dc33addea2da464ca07e869cb11832e1ae82da9d/lib/django/django/utils/simplejson/encoder.py
Hope it helps.
-
Adding to the above solution, there is another reason to escape the characters. As kay said, it gives us some extra sleep. It prevents the attack. So the solution above takes care of all issues.
ESCAPE_DCT = {
# escape all forward slashes to prevent </script> attack
'/': '\\/',
'\\': '\\\\',
'"': '\\"',
'\b': '\\b',
'\f': '\\f',
'\n': '\\n',
'\r': '\\r',
'\t': '\\t',
}
String to Json escape forward slash in nested json
This will do the trick
json = json.replace("\"[","[").replace("]\"", "]").replace("\\\"", "\"");
Solution with out replace
public static void main(String[] args)
String json = "[{\"key\":\"px\",\"mKeyValues\":[{\"hmKey\":\"qx\",\"value\":\"[{\\\"name\\\":\\\"Test Equipment value\\\",\\\"status\\\":\\\"2\\\"}]\"}]}]";
System.out.println(json);
JsonParser jsonParser = new JsonParser();
JsonArray jsonObject = jsonParser.parse(json).getAsJsonArray();
JsonObject mKeyValues0 = jsonObject.get(0).getAsJsonObject()
.get("mKeyValues").getAsJsonArray()
.get(0).getAsJsonObject();
mKeyValues0.add("value", jsonParser.parse(mKeyValues0.get("value").getAsString() ));
System.out.println(jsonObject);
}
Making JSON not Escape Forward Slashes
Is it json-simple that you are using? They have an open issue for this, no luck with a fix so far:
https://github.com/fangyidong/json-simple/issues/8
I just hacked their source code.
Related Topics
Why Does a Regexp With Global Flag Give Wrong Results
Loop Through an Array in JavaScript
Firebase Query If Child of Child Contains a Value
How to Use a Variable in a Regular Expression
Is There a JavaScript/Jquery Dom Change Listener
How to Group an Array of Objects by Key
Creating Multiline Strings in JavaScript
Convert Form Data to JavaScript Object With Jquery
Generating Random Whole Numbers in JavaScript in a Specific Range
How to Remove All Duplicates from an Array of Objects
How to Access the Matched Groups in a JavaScript Regular Expression
How to Convert a String to Boolean in JavaScript
What's the Difference Between "Array()" and "[]" While Declaring a JavaScript Array
How to Insert an Element After Another Element in JavaScript Without Using a Library
Determine Whether an Array Contains a Value
Check If an Image Is Loaded (No Errors) With Jquery
Array.Prototype.Fill() With Object Passes Reference and Not New Instance