escaping forward slashes in json output

I have a python server-side application that generates a simple HTML page with a big blurb of client-side javascript that generates client-side the DOM tree displayed to the user based on a big blob of JSON data assigned to a js variable. Some of that JSON data contains strings, some of which contain HTML tags. It all boils down to something like this:

<html>
...
var tmp = "<p>some text</p>";
...
</html>

Unsurprisingly, the above does not work since it should look like the following to make the browser HTML parser happy:

<html>
...
var tmp = "<p>some text</p>";
...
</html>

(notice the escaped forward slash)

The JSON inserted in the HTML is generated with the python default json library. Namely, with json.dumps which is designed explicitely to not escape the forward slash in strings.

I tried to subclass json.JSONDecoder to override its behavior for python strings but this does not work since it does not allow specialization of the serialization of basic python types.

I tried to use a variety of other python json libraries without much luck: it seems that since most people hate the escaped forward slashes, most libraries do not generate them.

I could escape the strings by hand before stuffing them in my python data structures before calling json.dumps. I could also write a function to recursively iterate over the data structure, spot strings, and escape them automatically (nicer over the long run). I could maybe escape the string generated by json.dumps before stuffing it in the HTML (I am not sure that this could not lead to invalid JSON being inserted in the HTML).

Which leads me to my question: is there a json serialization library that can be coerced to escape forward slashes in strings in python ?


The best way I've found is to just do a replacement on the resulting string.

out = json.dumps(obj)
out = out.replace("/", "/")

Escaping forward slashes is optional within the JSON spec, and doing so ensures that you won't get bit by "</script>" attacks in the string.

链接地址: http://www.djcxy.com/p/47146.html

上一篇: 在python中获取嵌套json字符串的键

下一篇: 在json输出中跳出正斜杠