Hmm. Good point. My reference page has been this; http://www.json.org/js.html, and also teh RFC; http://www.ietf.org/rfc/rfc4627.txt?number=4627 When reading that more closely, they (or actually he - it's Douglas Crockford :) do actually mention escaping of characters;
--- 2.5. Strings The representation of strings is similar to conventions used in the C family of programming languages. A string begins and ends with quotation marks. All Unicode characters may be placed within the quotation marks except for the characters that must be escaped: quotation mark, reverse solidus, and the control characters (U+0000 through U+001F). Any character may be escaped. If the character is in the Basic Multilingual Plane (U+0000 through U+FFFF), then it may be represented as a six-character sequence: a reverse solidus, followed by the lowercase letter u, followed by four hexadecimal digits that encode the character's code point. The hexadecimal letters A though F can be upper or lowercase. So, for example, a string containing only a single reverse solidus character may be represented as "\u005C". Alternatively, there are two-character sequence escape representations of some popular characters. So, for example, a string containing only a single reverse solidus character may be represented more compactly as "\\". To escape an extended character that is not in the Basic Multilingual Plane, the character is represented as a twelve-character sequence, encoding the UTF-16 surrogate pair. So, for example, a string containing only the G clef character (U+1D11E) may be represented as "\uD834\uDD1E". --- However, the pragmatic approach in dealing with shady string is really to escape them, so that for instance the text; foobar; "yohoo!" $bar becomes foobar%3B%20%22yohoo%21%22%20%24bar (I used the very good test page http://www.the-art-of-web.com/javascript/escape/ to try different approaches out), since it's very easy in js to unescape string, thus converting them into original values. Cheers, PS On Jan 22, 2008 10:40 AM, Bertrand Delacretaz <[EMAIL PROTECTED]> wrote: > On Jan 22, 2008 10:31 AM, Peter Svensson <[EMAIL PROTECTED]> wrote: > > ...I personally prefer to just have object within objects. it's > > just that I have to translate the thing to a format that Dojo's Tree > widget > > can consume.... > > Ok, so IIUC Sling's default JSON format is ok, but you'd need a > different dojo-friendly format in addition to it? > > If yes that's easy to implement, we could do that with a selector > routed to a specific JSON rendering servlet, i.e. URLs ending in > ".dojo.json" would be served with a different format than the stock > .json. > > > ....maybe it would be a good idea to have an escaping strategy for > > content inside the json structure. This can be non-trivial, since the > > content can contain client-side js which uses escaping itself, and so > on. > > > > The most 'safe' approach would be to urlencode all properties which > contain > > this kind of information (i.e. can be showed in the browser), since it > is > > trivial to revert it back, and it is supposed to be consumed by > javascript > > anyway.... > > Sounds interesting - is that a JSON standard way of encoding > properties? Do you have references to that? > > -Bertrand >
