jsonencoding

1.0.0 • Public • Published

Build Status NPM version

jsonencoding

This module does more escaping than specified in standard JSON. The escaping of characters like >, <, &, \u2028 and \u2029 is done to make it safe to insert the JSON inside of script tags. The extra encoding is done using Unicode code points to make the JSON string compatible with the standard JSON parsing method.

This code will result in unexpected execution of Javascript:

<script>
var foo = JSON.stringify("</script><script>alert(\'owned!\')</script>");
</script>

This code is safe:

<script>
var foo = jsonencoding.stringify("</script><script>alert(\'owned!\')</script>");
</script>

You can also encode existing JSON:

<script>
var foo = jsonencoding.encode(JSON.stringify(...));
</script>

Installation

This package is available on npm as:

npm install jsonencoding

Ackknowledgements

This code is based on the ActiveSupport JSON encoding module.

/jsonencoding/

    Package Sidebar

    Install

    npm i jsonencoding

    Weekly Downloads

    4

    Version

    1.0.0

    License

    MIT

    Last publish

    Collaborators

    • scottbrady