JSONObject::quote(). Why special case for "</" but not "/" about json-java HOT 5 CLOSED
stleary
commented on May 18, 2024
stleary
commented on May 18, 2024
Comments (5)
douglascrockford
commented on May 18, 2024
There is no requirement to escape /, but it may be escaped. This is useful when embedding JSON in HTML.
from json-java.
budric
commented on May 18, 2024
I thought the grammar: http://json.org/ required it to be escaped. It's in the same list and no different from \b, \t, , etc. I'm worried about parser interoperability between different platforms like Java generated JSON on C++...
from json-java.
douglascrockford
commented on May 18, 2024
You are mistaken.
from json-java.
Doogiemuc
commented on May 18, 2024
No he is right. JsonObject DOES quote forward slashes in JsonStringer.string(String value) method.
from json-java.
johnjaylward
commented on May 18, 2024
@Doogiemuc the forward slash escape is technically optional in the JSON spec, which is what Douglas was talking about. The reason that this library escapes them is because embedding JSON directly into HTML can cause "remote code execution" issues when you don't escape them. We escape them by default for safety, not because it's required by the spec.
For more information see: https://stackoverflow.com/questions/1580647/json-why-are-forward-slashes-escaped#1580682
from json-java.
Related Issues (20)
- Compiler warnings to be fixed HOT 4
- Question regarding CVE-2023-5072 HOT 7
- Number parsing - de-duplication of logic HOT 2
- Flaky test fails intermittently in GitHub Action HOT 5
- Ordered output/file writing of JSONObjects (may be repeated, nevertheless please read carefully ...) HOT 12
- JSONObject throws an exception when json conent has comment lines with latest json version HOT 2
- Behavior of JSONObject constructor trimming 0-led integers and converting them to int type instead of String type HOT 14
- Upgrade json-path version to avoid dependency conflicts. HOT 1
- A OOM security issue was found in JSON-java HOT 2
- org.json.JSONTokener should close or provide option to close java.io.Reader HOT 4
- JSONObject stack overflow HOT 4
- JSONObject.toString does not use an Enum's `toString()` but its `name()` HOT 5
- Duplicate key processing? HOT 5
- Separate Control for Type Conversion of Numbers and Booleans in XML to JSON Conversion HOT 3
- Allow type widening (eg integer to string) HOT 1
- Cleanup and merge tests HOT 1
- Performance improvement for POJO conversion into JSONObject HOT 1
- Migrating to Junit 5 HOT 7
- A0p HOT 1
- Externalize JSON Test Files
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.