2

This is a follow up on magento escape string for javascript

where I accepted @AlanStorm suggestion to use json_encode to escape string literals.

But I now have a new problem with this solution.

when trying to escape a URL that has /'s in it to be rendered as a string literal for JavaScript json_encode seems to add redundant \'s in front of the /'s.

Any new suggestions here?

solutions should take a string variable and return a string that would properly be evaluated to a string literal in JavaScript. (I don't care if its surrounded with single or double quotes - although I prefer single quotes. And it must also support newlines in the string.)

Thanks

Community
  • 1
  • 1
epeleg
  • 10,347
  • 17
  • 101
  • 151
  • some more info: how comes `'/');echo json_encode($v); ?>` results in `{"a":"\/"}` ? is this not simply a bug in json_encode ? – epeleg Jan 30 '11 at 20:49

2 Answers2

2

some more info: how comes '/');echo json_encode($v); ?> results in {"a":"\/"} ?

Details can be found here http://bugs.php.net/bug.php?id=49366

work around for this issue:

str_replace('\\/', '/', $jsonEncoded);

for your issue you can do something like

$jsonDecoded = str_replace(array("\\/", "/'s"), array("/", "/\'s"), $jsonEncoded);

Hope this helps

satrun77
  • 3,202
  • 17
  • 20
  • I don't like the idea of replace in every place I need to do this. but it can be used inside a wrapper. alst at the end of the link you provided it says that there is a JSON_UNESCAPED_SLASHES option to json_encode, but I am not sure what version it is for. I think I will go with a Wrapper of my own for this. – epeleg Jan 31 '11 at 07:17
2

When I check the JSON format I see that solidi are allowed to be escaped so json_encode is in fact working correctly.

JSON String
(source: json.org)

The bug link posted by satrun77 even says "It's not incorrect to escape slashes."

If you're adamant to do without and (in this case) are certain to be working with a string you can use a hack like this:

echo '["', addslashes($string), '"]';

Obviously that doesn't help for more complicated structures but as luck has it, you are using Magento which is highly modifiable. Copy lib/Zend/Json/Encoder.php to app/core/local/Zend/Json/Encoder.php (which forms an override) and fix it's _encodeString method.

Glorfindel
  • 21,988
  • 13
  • 81
  • 109
clockworkgeek
  • 37,650
  • 9
  • 89
  • 127
  • I accept, it is not a bug in the json_encode. So obviously I should NOT fix json_encode - as they say, if it ain't broke, son't fix it... so if this is the case then using json_encode is not what I need, so its back to square one, what should I use to output a properly escaped javascript literal string ? Will I have to write my own toJSStringLiteral() eventually? – epeleg Jan 31 '11 at 06:57
  • It's a tricky issue. I guess if we were to be completely objective then the bug lies with JSON decoders that cannot handle the escape character - those are the ones that should be fixed. – clockworkgeek Jan 31 '11 at 10:39
  • that would have been true if I wanted to use this for a jason object. all I need is to render a string literal for javascript. It is actually not JSON, maybe JSON related at best – epeleg Jan 31 '11 at 19:48
  • 1
    Then `addslashes()` is your friend. ;-) – clockworkgeek Jan 31 '11 at 19:51