tags:

views:

1021

answers:

5
+1  Q: 

What do I need to escape in my HTML (JSON response)

Hi,

My JSON response looks like:

{rc: "200", test: "", user: "<div class='sub1'>
                <div class='avatar'>                    
                    <a href='/blah'>blah</a><br />
                    <strong>0</strong>
                </div>
                <div class='sl'>
                    <p>
                        you droppped the ball this time
                    </p>
                </div>
                <div class='clear'>
                </div>                        
            </div>"}

Update

I updated my code to put quotes on the key values, still doesn't work:

{"rc": "200", "m" : "", "o": "<div class='s1'>
            <div class='avatar'>                    
                <a href='\/asdf'>asdf<\/a><br \/>
                <strong>0<\/strong>
            <\/div>
            <div class='sl'>
                <p>
                    444444444
                <\/p>
            <\/div>
            <div class='clear'>
            <\/div>                        
        <\/div>"}
A: 

You don't need to escape HTML in a javascript string. What exactly are you trying to do/what is the problem? Take a look at the escape() function - it might help.

nickf  2009-06-14 23:01:28
The badly named escape() function is for URI encoding, and what is needed here is JavaScipt string escaping of the quote (either single or double depending out outer quote, and the backslash).
Kevin Hakanson  2009-06-14 23:20:13
There are no double quotes in his example string, and if there were, using escape would convert " to %22 which would avoid any problems with breaking the string. You could then easily use unescape() to bring it back to a readable format.
nickf  2009-06-15 00:56:40
But, since JSON is JavaScript object literal notation, the string decoding rules are backed on backslash escaping, not URI escaping. Why add another layer of custom escaping that has to be done by both sides, when the built in rules will work?
Kevin Hakanson  2009-06-15 12:40:11
well given that the OP said there was a problem, but there was no error in the code sample, I was just trying to guess what might be the problem.
nickf  2009-06-15 14:12:16
+1  A: 

nothing in this example.

Itay Moav  2009-06-14 23:02:23
+1  A: 

In your example, you won't have to escape anything. But, if the HTML comes with double quotes, you'll have to escape them, obviously.

Julio Greff  2009-06-14 23:05:20
Double-quotes and backslash characters. "C:\xyz\" will break things.
Samir Talwar  2009-06-14 23:07:40
Yes, you're right. Thanks for remembering me =)
Julio Greff  2009-06-14 23:37:23
A: 

You're HTML values are OK, but the keys of the JSON object must be enclosed in quotes.

From the JSON RFC:

2.2. Objects

An object structure is represented as a pair of curly brackets
surrounding zero or more name/value pairs (or members). A name is a
string.

and

2.5. Strings

The representation of strings is similar to conventions used in the C
family of programming languages. A string begins and ends with
quotation marks.

Also, if you output this JSON object inside the script tags of an HTML page, you must escape the "</" sequence of HTML closing tags, as per this appendix in the HTML 4 specification.

Ionuț G. Stan  2009-06-14 23:12:16
Ok I updated my code, does that look like it should be working?
mrblah  2009-06-15 02:36:00
+2  A: 

I used jsonlint to validate your latest example, and the line breaks are what it flagged. When they were removed, it validated.

{
    "rc": "200",
    "m" : "",
    "o": "<div class='s1'><div class='avatar'><a href='\/asdf'>asdf<\/a><br \/><strong>0<\/strong>      <\/div>    <div class='sl'><p>444444444<\/p><\/div><div class='clear'><\/div><\/div>"
}
Kevin Hakanson  2009-06-15 12:47:26
How can I escape line breaks programatically?
mrblah  2009-06-15 23:26:35

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript