1

I'm getting encoded data from the server, which is encoded using .NETs WebUtility.HtmlEncode.

This data is then displayed and needs to be sent back to the server for some operations. During this time, it is converted to JSON before being sent over using JSON.stringify. All works fine so far.

However, once this reaches the server, it is rejected due to being potentially dangerous. The object that is converted to JSON can have strings with special chars such as -

"This is John&#39s account" originally "This is John's account"

Or "John earns in &#165" originally "John earns in ¥"

My belief is that these encoded string values are interfering with the JSON being properly formed.

Is there any way in Javascript that I can JSONify HTML encoded strings?

EDIT: In case it's not clear, the data is already encoded when i do JSON.stringify(data). An example of my data -

row[0] = {column1, column2, column3} Where each column is an HTML encoded string such as "This is John&#39s account"

neuDev33
  • 1,573
  • 7
  • 41
  • 54
  • `JSON.stringify` encodes the entities? Does it work if the entities are *not* encoded or if they *are*? I'm confused... – Explosion Pills May 01 '13 at 17:48
  • The entities are already encoded. Im JSON.stringifying encoded entities – neuDev33 May 01 '13 at 17:50
  • A string with an escaped entity is a perfectly valid JSON string. – Dave Newton May 01 '13 at 17:50
  • @neuDev33 do you get some specific error from the server about why it's rejected? I don't see why an encoded entity would cause that problem. If anything an *un*encoded entity would. – Explosion Pills May 01 '13 at 17:54
  • The Exception says "Unexpected character encountered while parsing value". This does not happen if my string does not have special characters. – neuDev33 May 01 '13 at 18:01

3 Answers3

0

Considering that a JSON object with a string would look like this

{ 'member1' : 'some string with &#165' }

I don't believe it's the JSON at fault. It is far more likely that you are passing the JSON object to a method via GET instead of POST.

As a particular example, the Microsoft MVC3 framework will throw an error about it being unsafe if you submit JSON via a GET method and don't specify to allow GET behavior.

The reason for this can be seen in this answer.

Community
  • 1
  • 1
XNargaHuntress
  • 751
  • 6
  • 11
  • The same function works perfectly fine if the object that was converted to JSON does not have any strings with special characters. It is only when the JSON has special characters that this issue comes up. Could this still be the issue? – neuDev33 May 01 '13 at 18:02
  • What language are you using server-side? And can you post what your JSON looks like when it hits the server? – XNargaHuntress May 01 '13 at 18:24
0

I think you can achieve this functionality in three steps:

  1. Create a partial view.
  2. Call this partial view by passing your string values in it and perform action there.
  3. Return your partial view via JSON and replace it with old one.

But returning the partial view via JSON is bit tricky, I mean you cannot just return the partial view via JSON. First you need to convert the partial view in string and the return this string. Below method will you how to achieve this:

    public string RenderRazorViewToString(string viewName, object model)
    {
        ViewData.Model = model;
        using (var sw = new StringWriter())
        {
            var viewResult = ViewEngines.Engines.FindPartialView(ControllerContext, viewName);
            var viewContext = new ViewContext(ControllerContext, viewResult.View, ViewData, TempData, sw);
            viewResult.View.Render(viewContext, sw);
            viewResult.ViewEngine.ReleaseView(ControllerContext, viewResult.View);
            return sw.GetStringBuilder().ToString();
        }
    }

This method will convert the partial view in string and return it back to server via JSON. You need to pass to parameter in it, first is the partial view name and second is model. Hope you will get solution of your problem by this.

Jitender Kumar
  • 2,439
  • 4
  • 29
  • 43
0

The solution in the end, was more of a hack, I added an annotation -

[ValidateInput(false)]

to my function on the back-end, so that it wouldn't try to validate my JSON string.

Community
  • 1
  • 1
neuDev33
  • 1,573
  • 7
  • 41
  • 54