JSON: why are forward slashes escaped?

JSON: why are forward slashes escaped?

The reason for this “escapes” me.
JSON escapes the forward slash, so a hash {a: “a/b/c”} is serialized as {“a”:”a\/b\/c”} instead of {“a”:”a/b/c”}.


Solution 1:

JSON doesn’t require you to do that, it allows you to do that. It also allows you to use “\u0061” for “A”, but it’s not required. Allowing \/ helps when embedding JSON in a <script> tag, which doesn’t allow </ inside strings, like Seb points out.

Some of Microsoft’s ASP.NET Ajax/JSON API’s use this loophole to add extra information, e.g., a datetime will be sent as "\/Date(milliseconds)\/". (Yuck)

Solution 2:

The JSON spec says you CAN escape forward slash, but you don’t have to.

Solution 3:

I asked the same question some time ago and had to answer it myself. Here’s what I came up with:

It seems, my first thought [that it comes from its JavaScript
] was correct.

'\/' === '/' in JavaScript, and JSON is valid JavaScript. However,
why are the other ignored escapes (like \z) not allowed in JSON?

The key for this was reading
http://www.cs.tut.fi/~jkorpela/www/revsol.html, followed by
http://www.w3.org/TR/html4/appendix/notes.html#h-B.3.2. The feature of
the slash escape allows JSON to be embedded in HTML (as SGML) and XML.

Solution 4:

Ugly PHP!

The JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES must be default, not an (strange) option… How to say it to php-developers?

The default MUST be the most frequent use, and the (current) most widely used standards as UTF8. How many PHP-code fragments in the Github or other place need this exoctic “embedded in HTML” feature?

Solution 5:

PHP escapes forward slashes by default which is probably why this appears so commonly. I’m not sure why, but possibly because embedding the string "</script>" inside a <script> tag is considered unsafe.

This functionality can be disabled by passing in the JSON_UNESCAPED_SLASHES flag but most developers will not use this since the original result is already valid JSON.