About the proposed patch: replacing the precise instances of "</script>" via a post-generation scan (like a foo.gsub!("</script>", '<\/script>')) would pretty much defeat the speed purposes of this gem (on the ext/jruby side), and replacing these instances mid-generation (through a look-ahead, for instance) would complicate the code too much. On the other hand, replacing every single "/" character with a "\/" sequence could make certain strings needlessly less readable (for instance, URLs starting with "http://"). So, I think the compromise of replacing all "</" sequences with "<\/" offers the best combination of code simplicity and JSON readability. This patch implements this approach on all 3 versions (pure, ext, jruby) and adds a new test.
Java: escape '/' in strings after a '<' character
Escape '/' in strings after a '<' character
Pure: escape '/' in strings after a '<' character
Added "</script>" tests
Merge branch 'master' of http://github.com/flori/json
+1 for this patch. If nothing else would be great to somehow include it in the Rails compatibility mode because the Rails implementation avoids this issue by unicode escaping the ">".
Support building of fat binary gem
This should fix issue #51 on Windows
RFC JSON doesn't allow such extra escape. This patch should be rejected.
Anyway as Rails does, using Unicode escape like str.gsub(/<\/(script)>/i, "<\u002F\1>") is not bad.
I don't see what's not allowed. As the spec says, "Any character may be escaped" (save for the 3 exceptions mentioned a paragraph before, which must be escaped), and the "/" ("solidus") is in the list of two-character escape sequences. Selectively escaping / with \/ seems perfectly valid then.
Ah, yes \/ is collect sorry
%x2F / ; / solidus U+002F
Hoping to see this patch pulled in soon!