Java escape JSON String?

Question

I have the following JSON string that i am sending to a NodeJS server:

String string = "{\"id\":\"" + userID + "\",\"type\":\"" + methoden + "\",\"msg\":\"" + msget + "\", \"name\":\"" + namnet + "\", \"channel\":\"" + activeChatChannel + "\", \"visitorNick\":\"\", \"agentID\":\" " + agentID + "\"}";

PrintWriter pw = new PrintWriter(new OutputStreamWriter(os, "utf-8"));
pw.println(string);

The problem becomes when the string msget contains the character " and '

On the NodeJS server i am parsing the JSON like this:

var obj = JSON.parse(message);

Any ideas how i can manage to send all characters without problems?

https://stackoverflow.com/questions/34427279/how-do-i-pass-this-escaped-json-with-gson-java — Karthik, Jun 19 '17 at 16:08

score 30 · Accepted Answer · answered Sep 19 '13 at 15:32

30

I would use a library to create your JSON String for you. Some options are:

This will make dealing with escaping much easier. An example (using org.json) would be:

JSONObject obj = new JSONObject();

obj.put("id", userID);
obj.put("type", methoden);
obj.put("msg", msget);

// etc.

final String json = obj.toString(); // <-- JSON string

answered Sep 19 '13 at 15:32

jabclab

14,786
5
54
51

what if I don't want a builder and just the value string not the entire json? – Eaton Emmerich Mar 13 '23 at 16:14

score 22 · Answer 2 · answered May 25 '18 at 06:33

The JSON specification at https://www.json.org/ is very simple by design. Escaping characters in JSON strings is not hard. This code works for me:

private String escape(String raw) {
    String escaped = raw;
    escaped = escaped.replace("\\", "\\\\");
    escaped = escaped.replace("\"", "\\\"");
    escaped = escaped.replace("\b", "\\b");
    escaped = escaped.replace("\f", "\\f");
    escaped = escaped.replace("\n", "\\n");
    escaped = escaped.replace("\r", "\\r");
    escaped = escaped.replace("\t", "\\t");
    // TODO: escape other non-printing characters using uXXXX notation
    return escaped;
}

score 18 · Answer 3 · edited Jan 24 '18 at 05:31

18

org.json.simple.JSONObject.escape() escapes quotes,, /, \r, \n, \b, \f, \t and other control characters.

import org.json.simple.JSONValue;
JSONValue.escape("test string");

Add pom.xml when using maven

<dependency>
    <groupId>com.googlecode.json-simple</groupId>
    <artifactId>json-simple</artifactId>
    <scope>test</scope>
</dependency>

edited Jan 24 '18 at 05:31

NoobEditor

15,563
19
81
112

answered Feb 07 '15 at 19:24

Yeongjun Kim

739
7
19

7

There is no such method `escape`. – IgorGanapolsky Aug 19 '15 at 19:40
2

[doc](http://alex-public-doc.s3.amazonaws.com/json_simple-1.1/org/json/simple/JSONObject.html#escape(java.lang.String)) – Yeongjun Kim Feb 11 '16 at 04:25
See Java JSONObject doc: http://docs.oracle.com/javaee/7/api/javax/json/JsonObject.html – IgorGanapolsky Feb 11 '16 at 13:49
1

Not java jsonObject. Look `import` in code. json-simple: https://code.google.com/archive/p/json-simple/ – Yeongjun Kim Feb 12 '16 at 05:26
2

JSONObject.quote(String) does the job. – Santosh May 06 '16 at 04:37
JSONObject.quote(String) does the job but adds extra " around the string – ropo Jul 14 '17 at 12:01
maven repository doesn't exist please remove this answer. – user3335999 May 30 '19 at 18:41

davnicwil · Answer 4 · 2020-03-06T11:01:52.413

18

Apache Commons

If you're already using Apache commons, it provides a static method for this:

StringEscapeUtils.escapeJson("some string")

It converts any string into one that's properly escaped for inclusion in JSON

See the documentation here

edited Mar 06 '20 at 11:01

answered Mar 05 '20 at 15:10

davnicwil

28,487
16
107
123

it is deprecated – Alfredo Morales May 30 '23 at 20:57

Dirk Lachowski · Answer 5 · 2013-09-19T17:40:37.930

11

The best method would be using some JSON library, e.g. Jackson ( http://jackson.codehaus.org ).

But if this is not an option simply escape msget before adding it to your string:

The wrong way to do this is

String msgetEscaped = msget.replaceAll("\"", "\\\"");

Either use (as recommended in the comments)

String msgetEscaped = msget.replace("\"", "\\\"");

or

String msgetEscaped = msget.replaceAll("\"", "\\\\\"");

A sample with all three variants can be found here: http://ideone.com/Nt1XzO

edited Sep 19 '13 at 17:40

answered Sep 19 '13 at 15:29

Dirk Lachowski

3,121
4
40
66

1

I didn't downvote, but the `replaceAll()` won't work. You need to use `replace`. – Sotirios Delimanolis Sep 19 '13 at 15:32
1

Have you tried the code you posted? It has no effect. Either you use `replace(...)` or `replaceAll("\"", "\\\\\"")`, because the backslash has a special meaning in the replacement string, too. See javadoc. – jlordo Sep 19 '13 at 15:33
1

I'm biased if i should delete this answer because it's wrong or if i should let it as is 'cause it shows how not to do it? – Dirk Lachowski Sep 19 '13 at 15:36
@DirkLachowski: If I were you, I'd either delete it (when I'm feeling lazy) or fix it. – jlordo Sep 19 '13 at 15:37
@jlordo: I'm afraid you are wrong. The difference between replace() and replaceAll() is that in the former the first arg is a literal string and in the later it's a regex. The replacement is no regex (but can contain some special chars in the later). So replaceAll() will work as posted by me - and yes, i've tried it now. – Dirk Lachowski Sep 19 '13 at 15:53
@DirkLachowski: You're right that `replace()` takes a literal and `replaceAll()` takes a regex. But if you use `replaceAll()` you have to use it as I posted in my comment. See http://ideone.com/XhDeaT Yours won't work. – jlordo Sep 19 '13 at 16:42
@jlordo: Thumbs up for getting back on this and for the link to idone.com. Didn't knowed that before. I got it now, thanks for the lesson. – Dirk Lachowski Sep 19 '13 at 17:36
@DirkLachowski: removed my -1, as the answer is now correct ;) – jlordo Sep 20 '13 at 09:40

score 4 · Answer 6 · edited May 23 '17 at 12:03

4

According to the answer here, quotes in values need to be escaped. You can do that with \"

So just repalce the quote in your values

msget = msget.replace("\"", "\\\"");

edited May 23 '17 at 12:03

Community

1
1

answered Sep 19 '13 at 15:28

Sotirios Delimanolis

274,122
60
696
724

score 4 · Answer 7 · answered Oct 02 '15 at 18:04

4

If you want to simply escape a string, not an object or array, use this:

String escaped = JSONObject.valueToString(" Quotes \" ' ' \" ");

http://www.json.org/javadoc/org/json/JSONObject.html#valueToString(java.lang.Object)

answered Oct 02 '15 at 18:04

rhengles

41
2

The link is broken, here is a web-archive version of it: https://web.archive.org/web/20151006021420/http://www.json.org/javadoc/org/json/JSONObject.html – Renato Mar 29 '23 at 20:51

score 2 · Answer 8 · answered Nov 04 '19 at 08:02

public static String ecapse(String jsString) {
    jsString = jsString.replace("\\", "\\\\");
    jsString = jsString.replace("\"", "\\\"");
    jsString = jsString.replace("\b", "\\b");
    jsString = jsString.replace("\f", "\\f");
    jsString = jsString.replace("\n", "\\n");
    jsString = jsString.replace("\r", "\\r");
    jsString = jsString.replace("\t", "\\t");
    jsString = jsString.replace("/", "\\/");
    return jsString;
}

It's Work for me... Great Solution. – kedar kokil Nov 04 '19 at 08:04 — kedar kokil, Nov 04 '19 at 08:04

score 2 · Answer 9 · answered Jun 28 '21 at 21:31

In build.gradle (if using maven, make similar change) include this dependency:

implementation group: 'org.apache.avro', name: 'avro-tools', version: '1.10.2'

Then:

import net.minidev.json.JSONValue;
String escapedString = JSONValue.escape(yourString);

score 1 · Answer 10 · answered Sep 26 '21 at 19:02

If you want to do it yourself without any library, you can use this piece of Java code:

/**
 * Escapes a string the JSON way.
 *
 * @param text The text to be escaped.
 * @return a string escaped according to the JSON format.
 */
public static String escape(final CharSequence text) {

    if (text == null) {
        return "";
    }
    final StringWriter writer = new StringWriter();
    for (int i = 0, length = text.length(); i < length; i++) {
        final char c = text.charAt(i);
        switch (c) {
            case '"':
                writer.write("\\\"");
                break;
            case '\\':
                writer.write("\\\\");
                break;
            default:
                if (c > 0x1f) {
                    writer.write(c);
                } else {
                    writer.write("\\u");
                    final String hex = "000" + Integer.toHexString(c);
                    writer.write(hex.substring(hex.length() - 4));
                }
        }
    }
    return writer.toString();
}

score 1 · Answer 11 · answered Oct 10 '22 at 14:26

If you can use slightly more modern Java and don't want another dependency, this does the job:

    static String jsonStringQuote(String string) {
        StringBuilder sb = new StringBuilder("\"");
        for (char c : string.toCharArray())
            sb.append(switch (c) {
                case '\\', '"', '/' -> "\\"+c;
                case '\b' -> "\\b";
                case '\t' -> "\\t";
                case '\n' -> "\\n";
                case '\f' -> "\\f";
                case '\r' -> "\\r";
                default -> c < ' ' ? String.format("\\u%04x", c) : c;
            });
        return sb.append('"').toString();
    }

score 0 · Answer 12 · answered Sep 19 '13 at 15:28

0

Try to replace all the " and ' with a \ before them. Do this just for the msget object(String, I guess). Don't forget that \ must be escaped too.

answered Sep 19 '13 at 15:28

Silviu Burcea

5,103
1
29
43

orip · Answer 13 · 2020-11-03T15:12:50.693

0

Consider Moshi's JsonWriter class (source). It has a wonderful API and it reduces copying to a minimum, everything is nicely streamed to the OutputStream.

OutputStream os = ...;
JsonWriter json = new JsonWriter(Okio.sink(os));
json
  .beginObject()
  .name("id").value(userID)
  .name("type").value(methodn)
  ...
  .endObject();

edited Nov 03 '20 at 15:12

answered Jul 21 '15 at 14:05

orip

73,323
21
116
148

1

@slartidan - thx, fixed doc link and added a stable source file link! – orip Nov 03 '20 at 15:13

score 0 · Answer 14 · answered Jun 08 '23 at 16:10

0

On Android (and org.json), you could use JSONObject.quote.

import org.json.JSONObject;
String stringifiedString = JSONObject.quote(data);

answered Jun 08 '23 at 16:10

FredG

712
7
10

Java escape JSON String?

14 Answers14

Apache Commons

Linked