New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
encoding/json: No way to avoid HTMLEscape when Marshal()-ing #8592
Labels
Comments
Comment 2 by wangz@google.com: Automatic HTML-escaping is irrelevant to JSON encoding. Therefore the feature should be turned off by default. The "auto-escaping is safer" argument in the original thread (https://golang.org/issue/3127) is bogus because it all depends on the context where the serialized data is used. Before this gets fixed, one quick workaround is to fork the encoding/json module and remove "&& b != '<' && b != '>' && b != '&' " from the following two functions in encode.go: func (e *encodeState) string(s string) (int, error) func (e *encodeState) stringBytes(s []byte) (int, error) |
The result is valid JSON. The details of how it gets encoded are not guaranteed and don't need to be under user control. The only guarantee is that the result is valid and semantically correct JSON, which it is. It is not worth making the API more complex to control whether < > get escaped. If you really care, do a global search and replace on the output to put them back. Status changed to WorkingAsIntended. |
Comment 4 by wangz@google.com: The result is valid json but also unnecessarily inflated in many contexts where '<', '>', and '&' abound. Doing string replacement in a second pass is an inefficient and cumbersome workaround. Please consider Brad's suggestion to add a bool to the Encoder struct. |
Comment 5 by karim.nassar@vervemobile.com: +1 for flag. In my context, I am generating the html that is in response to an api that, in some cases, mismanages the escaped text. I can't control them, and I trust myself. Forking the json pkg seems pretty heavy weight, and string replacement is woefully inefficient when milliseconds matter. |
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by surtri:
The text was updated successfully, but these errors were encountered: