I am using json_encode
in PHP to encode an URL
$json_string = array ('myUrl'=> 'http://example.com');
echo json_encode ($json_string);
The above code generates the following JSON string:
{"myUrl":"http:\/\/example.com"}
Rather than
{"myUrl":"http://example.com"}
I am just newbie, which output is correct? Is JSON parser able to evaluate the second output correctly?
In JSON the only characters you must escape are \, ", and control codes. Thus in order to escape your structure, you'll need a JSON specific function. As you might know, all of the escapes can be written as \uXXXX where XXXX is the UTF-16 code unit¹ for that character.
Use URL escape characters when creating URLs that contain spaces or other special characters. Some common examples of URL escape characters include the following items: Character. Escape Character.
According to https://www.json.org/, one should escape that character, although it is not strictly necessary in JavaScript:
Also read this related bug report on php.net for a brief discussion.
See 2.5 of the RFC:
All Unicode characters may be placed within the quotation marks except for the characters that must be escaped: quotation mark, reverse solidus, and the control characters (U+0000 through U+001F).
Any character may be escaped.
So it doesn't sound like it needs to be escaped, but it can be, and the website (and a text diagram in the RFC) illustrates it as being escaped.
My guess is that the writers of that function added that unnecessary encoding through nothing more than plain ignorance. Escaping forward slashes is not required.
A surprisingly large number of programmers I've known are just as bad with keeping their slashes straight as the rest of the world. And an even greater number are really poor with doing encoding and decoding properly.
Update:
After doing some searches, I came across this discussion. It brings up a good point that escaping a /
is sometimes necessary for bad HTML parsers. I've come across a problem once where when IE 6 incorrectly handles content like this:
<script>
var json = { scriptString: "<script> /* JavaScript here */ </script>" };
</script>
IE 6 would see the </script>
inside of the string and close out the script tag too early. Thus, this is more IE 6 safe (though the opening script tag in string might also break things... I can't remember):
<script>
var json = { scriptString: "<script> \/* JavaScript here *\/ <\/script>" };
</script>
And they also say that some bad parsers would see the //
in http://
and treat the rest of the line like a JavaScript comment.
So it looks like this is yet another case of Internet technologies being hijacked by Browser Fail.
If you are using php 5.4 you can use json_encode
options. see the manual.
Several options added in php 5.3 but JSON_UNESCAPED_SLASHES
in 5.4.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With