This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: json.dumps: solidus ("/") should be escaped
Type: behavior Stage: resolved
Components: Versions:
process
Status: closed Resolution: duplicate
Dependencies: Superseder: json encoder does not support JSONP/JavaScript safe escaping
View: 18290
Assigned To: Nosy List: ezio.melotti, martin.panter, r.david.murray, serhiy.storchaka, xaka
Priority: normal Keywords: easy

Created on 2015-03-24 19:43 by xaka, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (4)
msg239170 - (view) Author: Pavel Strashkin (xaka) Date: 2015-03-24 19:43
According to http://www.json.org/ and https://tools.ietf.org/html/rfc7159#section-7, the solidus ("/") should be escaped ("\/") and currently it's not.
msg239189 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2015-03-24 22:12
According to that RFC section, the forward solidus is allowed to be in an escape sequence, but it is also allowed unescaped:

“All Unicode characters may be placed within the quotation marks, except for the characters that must be escaped: quotation mark, reverse solidus, and the control characters (U+0000 through U+001F).”

. . .

unescaped = %x20-21 / %x23-5B / %x5D-10FFFF

In general, escaping the forward solidus is not needed, and is easier to read. Apparently this escaping is a workaround for embedding JSON inside a HTML <script> element, where the sequence “</” is not allowed, and HTML itself does not allow escaping: <http://www.w3.org/TR/html4/appendix/notes.html#h-B.3.2>. In that case, JSON like {markup: "<i>italic<\/i>"} would be escaped, but most cases still do not need escaping, such as {url: "http://example.net/"}.
msg239190 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2015-03-24 22:21
It sounds like that makes this not-a-bug?
msg239202 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-03-25 00:44
See issue18290. Not only solidus is incompatible with JavaScript, and it id easy to escape problem characters after passing through JSON encoder using str.replace().
History
Date User Action Args
2022-04-11 14:58:14adminsetgithub: 67954
2015-03-25 13:41:11r.david.murraysetstatus: open -> closed
resolution: duplicate
superseder: json encoder does not support JSONP/JavaScript safe escaping
stage: resolved
2015-03-25 00:44:23serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg239202
2015-03-24 22:21:18r.david.murraysetnosy: + r.david.murray
messages: + msg239190
2015-03-24 22:12:03martin.pantersetnosy: + martin.panter
messages: + msg239189
2015-03-24 19:44:41ezio.melottisetkeywords: + easy
nosy: + ezio.melotti
2015-03-24 19:43:43xakacreate