jsonencoding

1.0.0 • Public • Published

Build Status NPM version

jsonencoding

This module does more escaping than specified in standard JSON. The escaping of characters like >, <, &, \u2028 and \u2029 is done to make it safe to insert the JSON inside of script tags. The extra encoding is done using Unicode code points to make the JSON string compatible with the standard JSON parsing method.

This code will result in unexpected execution of Javascript:

<script>
var foo = JSON.stringify("</script><script>alert(\'owned!\')</script>");
</script>

This code is safe:

<script>
var foo = jsonencoding.stringify("</script><script>alert(\'owned!\')</script>");
</script>

You can also encode existing JSON:

<script>
var foo = jsonencoding.encode(JSON.stringify(...));
</script>

Installation

This package is available on npm as:

npm install jsonencoding

Ackknowledgements

This code is based on the ActiveSupport JSON encoding module.

Package Sidebar

Install

npm i jsonencoding

Weekly Downloads

3

Version

1.0.0

License

MIT

Last publish

Collaborators

  • scottbrady