Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does JSON encoder adds escaping character when encoding URLs?

Tags:

json

php

I am using json_encode in PHP to encode an URL

$json_string = array ('myUrl'=> 'http://example.com');
echo json_encode ($json_string);

The above code generates the following JSON string:

{"myUrl":"http:\/\/example.com"}   

Rather than

{"myUrl":"http://example.com"}

I am just newbie, which output is correct? Is JSON parser able to evaluate the second output correctly?

like image 778
Mark K Avatar asked Sep 16 '10 02:09

Mark K


People also ask

What characters must be escaped in JSON?

In JSON the only characters you must escape are \, ", and control codes. Thus in order to escape your structure, you'll need a JSON specific function. As you might know, all of the escapes can be written as \uXXXX where XXXX is the UTF-16 code unit¹ for that character.

What is escape character in URL?

Use URL escape characters when creating URLs that contain spaces or other special characters. Some common examples of URL escape characters include the following items: Character. Escape Character.


3 Answers

According to https://www.json.org/, one should escape that character, although it is not strictly necessary in JavaScript:

strings

Also read this related bug report on php.net for a brief discussion.

See 2.5 of the RFC:

All Unicode characters may be placed within the quotation marks except for the characters that must be escaped: quotation mark, reverse solidus, and the control characters (U+0000 through U+001F).

Any character may be escaped.

So it doesn't sound like it needs to be escaped, but it can be, and the website (and a text diagram in the RFC) illustrates it as being escaped.

like image 156
Matthew Avatar answered Nov 03 '22 01:11

Matthew


My guess is that the writers of that function added that unnecessary encoding through nothing more than plain ignorance. Escaping forward slashes is not required.

A surprisingly large number of programmers I've known are just as bad with keeping their slashes straight as the rest of the world. And an even greater number are really poor with doing encoding and decoding properly.

Update:

After doing some searches, I came across this discussion. It brings up a good point that escaping a / is sometimes necessary for bad HTML parsers. I've come across a problem once where when IE 6 incorrectly handles content like this:

<script>
    var json = { scriptString: "<script> /* JavaScript here */ </script>" };
</script>

IE 6 would see the </script> inside of the string and close out the script tag too early. Thus, this is more IE 6 safe (though the opening script tag in string might also break things... I can't remember):

<script>
    var json = { scriptString: "<script> \/* JavaScript here *\/ <\/script>" };
</script>

And they also say that some bad parsers would see the // in http:// and treat the rest of the line like a JavaScript comment.

So it looks like this is yet another case of Internet technologies being hijacked by Browser Fail.

like image 8
Jacob Avatar answered Nov 03 '22 00:11

Jacob


If you are using php 5.4 you can use json_encode options. see the manual.

Several options added in php 5.3 but JSON_UNESCAPED_SLASHES in 5.4.

like image 5
Babak Vandad Avatar answered Nov 03 '22 00:11

Babak Vandad