Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

encoding/json: add Encoder option to control escaping behavior #14749

Closed
cyberphone opened this issue Mar 10, 2016 · 7 comments
Closed

encoding/json: add Encoder option to control escaping behavior #14749

cyberphone opened this issue Mar 10, 2016 · 7 comments
Labels
FrozenDueToAge Suggested Issues that may be good for new contributors looking for work to do.
Milestone
Unplanned

Comments

@cyberphone
Copy link

  1. What version of Go are you using? 5.3
  2. What operating system and processor architecture are you using? amd64,windows
  3. What did you do?
package main

import "fmt"
import "encoding/json"

func main() {
    mapD := map[string]string{"trouble": "</script>"}
    mapB, _ := json.Marshal(mapD)
    fmt.Println(string(mapB))
}
  1. What did you expect to see?
    {"trouble":"</script>"}
  2. What did you see instead?
    {"trouble":"\u003c/script\u003e"}

Related: #14135

Comment: In my JSON implementation for Java, I have made JavaScript serialization an option. When supplied as JavaScript the above does not break signatures (JSON.stringify() performs the normal serialization), but "on the wire" you should IMHO always use ES6: https://mailarchive.ietf.org/arch/msg/json/I2dF4osWAUlvax48WTxnAei3ldQ
@cyberphone cyberphone mentioned this issue Mar 10, 2016
Open
@minux minux changed the title JSON serialization of angle brackets is incompatible with ES6 encoding/json: serialization of angle brackets is incompatible with ES6 Mar 10, 2016
@minux
Copy link
Member

minux commented Mar 10, 2016 via email

@odeke-em
Copy link
Member

The reason for this behavior is explained here https://golang.org/pkg/encoding/json/#Marshal
screen shot 2016-03-10 at 3 16 55 pm

For the time being if this issue is blocking you, please see http://stackoverflow.com/a/25923407.

@cyberphone
Copy link
Author

Yes, this is perfectly legal JSON but hardly no other JSON serializer does this.

The use case for following ES6 is enabling "crypto safe" JSON/JavaScript that can travel between different systems without getting corrupted:
https://cyberphone.github.io/openkeystore/resources/docs/jsonsignatures.html

The best solution to this problem is offering different options/modes for serialization which I did in my Java implementation:
https://github.com/cyberphone/openkeystore/blob/master/library/src/org/webpki/json/JSONOutputFormats.java
It wasn't very difficult :-)

@cyberphone cyberphone mentioned this issue Mar 13, 2016
Open
@bradfitz bradfitz added this to the Unplanned milestone Apr 10, 2016
@bradfitz bradfitz added the Suggested Issues that may be good for new contributors looking for work to do. label Apr 10, 2016
@bradfitz
Copy link
Contributor

Let's make this bug about adding a method on json.Encoder to change its quoting behavior. The default will be unchanged.

(a method similar to https://golang.org/pkg/encoding/json/#Decoder.UseNumber or https://tip.golang.org/pkg/encoding/json/#Encoder.Indent)

@bradfitz bradfitz changed the title encoding/json: serialization of angle brackets is incompatible with ES6 encoding/json: add Encoder option to control escaping behavior Apr 10, 2016
@cespare
Copy link
Contributor

cespare commented Apr 10, 2016

I can send a CL. (Or does this need more buy-in first?)

@bradfitz
Copy link
Contributor

Send a CL. It has a valid use case for JSON signing, etc.

@gopherbot
Copy link

CL https://golang.org/cl/21796 mentions this issue.

@nullstyle nullstyle mentioned this issue Jan 9, 2017
Closed
@golang golang locked and limited conversation to collaborators Apr 22, 2017
@rsc rsc unassigned cespare Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge Suggested Issues that may be good for new contributors looking for work to do.
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
6 participants
@bradfitz @minux @cespare @odeke-em @cyberphone @gopherbot