tags:

views:

74

answers:

2
+1  Q: 

Why does JSON encoder adds escaping character when encoding URLs?

I am using json_encode in PHP to encode an URL

$json_string = array ('myUrl'=> 'http://example.com');
echo json_encode ($json_string);

The above code generates the following JSON string:

{"myUrl":"http:\/\/example.com"}

Rather than

{"myUrl":"http://example.com"}

I am just newbie, which output is correct? Is JSON parser able to evaluate the second output correctly?

+2  A: 

My guess is that the writers of that function added that unnecessary encoding through nothing more than plain ignorance. Escaping forward slashes is not required.

A surprisingly large number of programmers I've known are just as bad with keeping their slashes straight as the rest of the world. And an even greater number are really poor with doing encoding and decoding properly.

Update:

After doing some searches, I came across this discussion. It brings up a good point that escaping a / is sometimes necessary for bad HTML parsers. I've come across a problem once where when IE 6 incorrectly handles content like this:

<script>
    var json = { scriptString: "<script> /* JavaScript here */ </script>" };
</script>

IE 6 would see the </script> inside of the string and close out the script tag too early. Thus, this is more IE 6 safe (though the opening script tag in string might also break things... I can't remember):

<script>
    var json = { scriptString: "<script> \/* JavaScript here *\/ <\/script>" };
</script>

And they also say that some bad parsers would see the // in http:// and treat the rest of the line like a JavaScript comment.

So it looks like this is yet another case of Internet technologies being hijacked by Browser Fail.

Jacob  2010-09-16 02:15:47
I agree. But it's worth noting that the resulting string *is* valid. In javascript strings, you're allowed to escape *any* character by preceding it with a backslash. So "\/" is interpreted by Javascript as simply '/'.
Lee  2010-09-16 02:30:55
JSON is not the same as JavaScript. In JSON you're not allowed to backslash anything you like. But curiously, you are allowed to backslash a slash in a string, so it's still valid. :)
hobbs  2010-09-16 04:58:05
A: 

According to http://www.json.org/, one should escape that character, although it is not strictly necessary in JavaScript:

strings

Also read this related bug report on php.net for a brief discussion.

See 2.5 of the RFC:

All Unicode characters may be placed within the quotation marks except for the characters that must be escaped: quotation mark, reverse solidus, and the control characters (U+0000 through U+001F).

Any character may be escaped.

So it doesn't sound like it needs to be escaped, but it can be, and the website (and a text diagram in the RFC) illustrates it as being escaped.

konforce  2010-09-16 04:55:33

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases