asp.net - "<" character in JSON data is serialized to \u003c -
i have json object value of 1 element string. in string there characters "<rpc>"
. take entire json object , in asp.net server code, perform following take object named rpc_response
, add data in post response:
var serializer = new system.web.script.serialization.javascriptserializer(); httpcontext.current.response.addheader("pragma", "no-cache"); httpcontext.current.response.addheader("cache-control", "private, no-cache"); httpcontext.current.response.addheader("content-disposition", "inline; filename=\"files.json\""); httpcontext.current.response.write(serializer.serialize(rpc_response)); httpcontext.current.response.contenttype = "application/json"; httpcontext.current.response.statuscode = 200;
after object serialized, receive on other end (not web browser), , particular string looks like: \u003crpc\u003e
.
what can prevent these (and other) characters not being encoded properly, still being able serialize json object?
the characters are being encoded "properly"!1 use working json library correctly access json data - valid json encoding.
escaping these characters prevents html injection via json - , makes json xml-friendly. is, if json emited directly javascript (as done json valid2 subset of javascript), cannot used terminate <script>
element because relevant characters (e.g. <
, >
) encoded within json itself.
the standard javascriptserializer
not have ability change behavior. such escaping might configurable (or different) in json.net implementation - but, shouldn't matter because valid json client/library must understand \u
escapes.
1 rfc 4627: application/json media type javascript object notation (json),
any character may escaped. if character in basic multilingual plane (u+0000 through u+ffff), may represented six-character sequence: reverse solidus, followed lowercase letter u, followed 4 hexadecimal digits encode character's code point ..
see c# transform facebook response proper encoded string (which related json escaping).
2 there a rare case when not hold, ignoring (or accounting for) that..
Comments
Post a Comment