Problem serializing a HTML string.

  • Jose Monzon
    Jose Monzon

    Hello everybody!

    I'm getting an extrange behaviour when serializing strings using this JSON library. The best is to ilustrate it with a example. Let's consider the following JUNIT test:

    import net.sf.json.JSONArray;
    import net.sf.json.JSONObject;
    import net.sf.json.JSONString;
    import net.sf.json.JsonConfig;

    import org.junit.Test;

    public class JsonTest {
        public void testHTMLConversion(){
            JSONArray obj = JSONArray.fromObject( new String[]{"<b>as</b>"});

    If I run that test the exit is: "["<b>as<\/b>"]"  Please, notice the slash escape.

    If instead of "<b>as</b>" I run the test with: "<b>as< /b>" (notice the space between < and  /, the result is not escaped: ["<b>as< /b>"]

    I'm getting problems in my client software because this library is scaping strings that contains "</" and I don't know what to do to prevent it. Why is this happening???


    • aalmiray


      The answer lies in JSONUtils.quote, per the javadoc

      * Produce a string in double quotes with backslash sequences in all the
      * right places. A backslash will be inserted within </, allowing JSON text
      * to be delivered in HTML. In JSON text, a string cannot contain a control
      * character or an unescaped quote or backslash.<br>
      * <strong>CAUTION:</strong> if <code>string</code> represents a
      * javascript function, translation of characters will not take place. This
      * will produce a non-conformant JSON text.
      * @param string A String
      * @return A String correctly formatted for insertion in a JSON text.

      This is why '</' is escaped but '< /' is not. Given that some users may rely on this to be the default case, we may add configuration flag to JsonConfig to skip escaping '</', how about that?


    • Jose Monzon
      Jose Monzon

      Oh, thanks for the answer. It could be great to add that configuration flag.