JSON - which chars not accepted?
Manfred Rebentisch
function isJSON() {
var str = this;
if (str.blank()) return false;
str = this.replace(/\\./g, '@').replace(/"[^"\\\n\r]*"/g, '');
return (/^[,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t]*$/).test(str);
}
If I send a JSON { 'str': '<p>This is a line with \n linefeed</p>' } I do get
an error. The same is, if the JSON is encoded to { 'str': '<p>This is a line
with %0A linefeed</p>' }.
I need to delete the linefeed or I need to replace to '<br />'.
I do not understand the regular expression above, because I want avoid to use
other chars, which results in errors.
Manfred
--
http://www.comparat.de
http://www.athesios.de
http://twitter.com/COMPARAT
T.J. Crowder
> If I send a JSON { 'str': '<p>This is a line with \n linefeed</p>' } I do get...
You haven't mentioned what language you're using to write out the
string (PHP, Python, JavaScript, C#, Java, etc.), but my suspicion is
that you're accidentally outputting an actual newline (character x0A)
rather than the valid JSON[1] syntax for it (\n), because in most
languages, the backslash is an escape character and to actually output
"\n" you'd have to type "\\n".
For instance (pure JavaScript example):
var s;
s = '{"foo": "This is a \n test."}';
alert(s.isJSON()); // alerts false, the string is not valid JSON
s = '{"foo": "This is a \\n test."}';
alert(s.isJSON()); // alerts true, the string is valid JSON
The JSON going to the browser (which you can probably inspect with
Firebug or the MS Dev Toolbar or whatever you're using) must contain
an actual backslash followed by the letter n, *not* a literal newline.
[1] http://json.org
HTH,
--
T.J. Crowder
Independent Software Consultant
tj / crowder software / com
www.crowdersoftware.com
On Nov 10, 9:31 pm, Manfred Rebentisch <MRebenti...@comparat.de>
wrote:
Manfred Rebentisch
I use C/C++ with Apache module
I do send "\\n" or "<br />" from server to the browser.
But my question was: which chars need to be escaped too? I can see "\r", "\f"
and "\t". But the other RegExp rule I do not understand.
Manfred
T.J. Crowder
The link I gave you has the full JSON syntax. In terms of outputting
that syntax from C or C++, you'll need to remember that the backslash
is special in C/C++ literals (it introduces escape sequences), and so
to actually output a backslash, you have to escape the backslash with
another one.
This C string contains a literal newline character, which is not valid
JSON:
"Testing \n one two three"
This C string contains the characters "\" and "n", which is a JSON
newline escape sequence:
"Testing \\n one two three"
HTH,
--
T.J. Crowder
Independent Software Consultant
tj / crowder software / com
www.crowdersoftware.com
wrote:
Manfred Rebentisch
ok, please read, what I mean. My code actually runs perfectly.
In the past I have had problems with the newline and found, that isJSON()
checks the string coming from server. Thats fine.
I only want, that I did not run into new problems later, and want to
understand, what isJSON() does. So I do not understand the regular expression
until now:
str = this.replace(/\\./g, '@').replace(/"[^"\\\n\r]*"/g, '');
return (/^[,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t]*$/).test(str);
I there a documentation to this function? I would like to read something like
this:
"isJSON does not accept \n chars and @ chars in a string."
It is for security and that is fine. But it is not fine, if my customer find a
problem later.
Thank you in advance
Manfred
T.J. Crowder
> I there a documentation to this function? I would like to read something like
> this:
> "isJSON does not accept \n chars and @ chars in a string."
JSON notation. To know what valid JSON notation is, please (again)
refer to the link I've given you.
For example: Why does isJSON disallow newlines inside JSON strings?
Because http://JSON.org tells us that a JSON string may contain
"...any-Unicode-character-except-"-or-\-or-control-character" and
newline is a control character.
So if you want to know what isJSON is going to consider valid, refer
to the definition of JSON, which is at http://JSON.org.
-- T.J.
On Nov 11, 4:01 pm, Manfred Rebentisch <MRebenti...@comparat.de>
wrote: