We are dealing with a number of circumstances:
- At least two different parsers may process the JSON:
- HTML parser
- JSON parser
- Clients we have no control over need to interpret the JSON: jquery versions, iphone apps, .NET classes, world+dog
This means we need to produce RFC4627 compliant JSON that, at the same time, will not have certain 'special characters' such as ', ", <, > and & be interpreted by an HTML parser.
As RFC4627-2.5 clearly states that "Any character may be escaped", we can avoid special treatment of characters ', ", <, > and & by an HTML parser through simple substitution with a Unicode escape sequence (\uXXXX).
A number of characters MUST be escaped for the JSON parser. These are:
- U+0000 - U+001F
For a number of characters (eg "), it is possible to choose the escape form and either precede them with a backslash (JSON Escape Sequence, eg \"), or use the \uXXXX (Unicode escape sequence, eg \u0027) form. HOWEVER, because we also need to deal with the HTML parser, _it_ may interpret the quote before the the JSON parser even has the chance to run. Because of this, it is advisable to use the Unicode escape sequence (\uXXXX) here as well.
In PHP 5.3, compliant JSON that properly encodes HTML special characters can be generated with:
json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP);
However, in PHP 5.2,
json_encode() does not support these options. So in 5.3 we use the provided PHP function, but in 5.2 we create our own helper to return properly encoded JSON according to the spec.
- Test functionality of latest patches on devices which require compliant JSON.
- Drupal 8 (PHP 5.3 only):
- Drupal 7 (PHP 5.2 and 5.3):
- Patch for D6 backport is in
- Review by Heine if possible.
User interface changes
Original report by @Steve McKenzie
I discovered this when trying to debug when an objective-c parser was not parsing my data.
return '"'. str_replace(array("\r", "\n", "<", ">", "&"),
array('\r', '\n', '\x3c', '\x3e', '\x26'),
in drupal_to_js is the issue.
im not someone that knows much about encoding but after showing this to people in freenode #iphonedev, they blamed that line.
so i switched and used json_encode and what do you know, it works fine now.
im too tired to give more details right now. this seems like enough anyways.
on another note, its probably about time drupal changes that name to drupal_to_json OR just drop the damn function entirely in favor of requiring json_encode / json_decode in php 5.2.x but obviously we're not discussing that here.
|PASSED: [[SimpleTest]]: [MySQL] 37,314 pass(es).|
|PASSED: [[SimpleTest]]: [MySQL] 33,991 pass(es).|
|PASSED: [[SimpleTest]]: [MySQL] 33,989 pass(es).|