Why does JSON encoder adds escaping character when encoding URLs?_问答_开发者

Why does JSON encoder adds escaping character when encoding URLs?

开发者 https://www.devze.com 2023-01-16 03:37 出处：网络

I am using json_encode in PHP to encode an URL $json_string = array (\'myU开发者_开发知识库rl\'=> \'http://example.com\');

相关专题：json php

I am using json_encode in PHP to encode an URL

$json_string = array ('myU开发者_开发知识库rl'=> 'http://example.com');
echo json_encode ($json_string);

The above code generates the following JSON string:

{"myUrl":"http:\/\/example.com"}

Rather than

{"myUrl":"http://example.com"}

I am just newbie, which output is correct? Is JSON parser able to evaluate the second output correctly?

According to https://www.json.org/, one should escape that character, although it is not strictly necessary in JavaScript:

Why does JSON encoder adds escaping character when encoding URLs?

Also read this related bug report on php.net for a brief discussion.

See 2.5 of the RFC:

All Unicode characters may be placed within the quotation marks except for the characters that must be escaped: quotation mark, reverse solidus, and the control characters (U+0000 through U+001F).

Any character may be escaped.

So it doesn't sound like it needs to be escaped, but it can be, and the website (and a text diagram in the RFC) illustrates it as being escaped.

My guess is that the writers of that function added that unnecessary encoding through nothing more than plain ignorance. Escaping forward slashes is not required.

A surprisingly large number of programmers I've known are just as bad with keeping their slashes straight as the rest of the world. And an even greater number are really poor with doing encoding and decoding properly.

Update:

After doing some searches, I came across this discussion. It brings up a good point that escaping a / is sometimes necessary for bad HTML parsers. I've come across a problem once where when IE 6 incorrectly handles content like this:

<script>
    var json = { scriptString: "<script> /* JavaScript here */ </script>" };
</script>

IE 6 would see the </script> inside of the string and close out the script tag too early. Thus, this is more IE 6 safe (though the opening script tag in string might also break things... I can't remember):

<script>
    var json = { scriptString: "<script> \/* JavaScript here *\/ <\/script>" };
</script>

And they also say that some bad parsers would see the // in http:// and treat the rest of the line like a JavaScript comment.

So it looks like this is yet another case of Internet technologies being hijacked by Browser Fail.

If you are using php 5.4 you can use json_encode options. see the manual.

Several options added in php 5.3 but JSON_UNESCAPED_SLASHES in 5.4.

I think this solves your problem

json_encode ($json_string, JSON_UNESCAPED_SLASHES );

You can see the documentation:

https://www.php.net/manual/en/function.json-encode.php

https://www.php.net/manual/en/json.constants.php

I see another problem here. The string result {"myUrl":"http://example.com"} should not have the member name myUrl quoted. In JavaScript and JSON, I think all object literal member ids are unquoted strings. So, I would expect the result to be {myUrl:"http://example.com"}.

This seems too big a bug in PHP, so I must be wrong.

Edit, 2/11/11: Yes, I'm wrong. JSON syntax requires even the field names to be in double quotation marks.