tags:

views:

842

answers:

3
+2  Q: 

JSON: why are forward slashes escaped?

The reason for this "escapes" me.

JSON escapes the forward slash, so a hash {a: "a/b/c"} is serialized as {"a":"a\/b\/c"} instead of {"a":"a/b/c"}.

Why?

+2  A: 

The JSON spec says you CAN escape forward slash, but you don't have to.

Harold L  2009-10-16 21:59:14
WTF? This is false. You can escape EVERY char if you want, that's true, but the JSON specs specifically says you MUST escape forward slashes. Read json.org.
Seb  2009-10-16 22:01:11
I haven't read the spec but according to http://www.jsonlint.com/, {"a":"a/b/c"} is a perfectly valid JSON string.
Darin Dimitrov  2009-10-16 22:05:12
json.org says 'Any UNICODE character except " or \ or control character'. You're saying / is a control character?
Harold L  2009-10-16 22:06:20
No it doesn't. It explicitly says 'Any UNICODE character except " or \ or control character'. / is not mentioned as a character you must escape.
Ruben  2009-10-16 22:06:37
Harold: you are indeed correct. See http://www.ietf.org/rfc/rfc4627.txt p. 4 (it would be helpful to quote the RFC in your answer)
Jason S  2009-10-16 22:17:51
@Seb, no they don't. They say "Any Unicode character except " or \ or control character" is allowed.
Kinopiko  2009-10-17 02:53:05
A: 

This is because HTML does not allow a string inside a <script> tag to contain </, so in case that substring's there, you should escape every forward slash.

Seb  2009-10-16 22:00:21
We said the same thing, but you're better at the formatting, +1 sir
Gurdas Nijor  2009-10-16 22:04:25
Thanks, Gurdas!
Seb  2009-10-18 16:40:05
+4  A: 

JSON doesn't require you to do that, it allows you to do that. It also allows you to use "\u0061" for "A", but it's not required. Allowing \/ helps when embedding JSON in a <script> tag, which doesn't allow </ inside strings, like Seb points out.

Some of Microsoft's ASP.NET Ajax/JSON API's use this loophole to add extra information, e.g., a datetime will be sent as "\/Date(milliseconds)\/". (Yuck)

Ruben  2009-10-16 22:04:42
That ASP method is yuck indeed!
meder  2009-10-16 22:06:22
Thanks for the answer. Never thought of that edge case. They should escape instances of </ with <\/, but not escape all the other slashes. :/
Jason S  2009-10-16 22:15:56
That would be a good thing, escaping just </. Though JSON is not often embedded in script tags anyway.
Ruben  2009-10-16 22:20:46
yeah, the hoops people have gone through for HTML... this is now the 2nd recent surprise for me re: JSON. The other one was that Infinity and NaN are not serialized. http://stackoverflow.com/questions/1423081/
Jason S  2009-10-16 22:25:57

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript