How to escape HTML in JSON

Question

I'm wondering how can I escape HTML code in JSON ? I'm using Jackson as my JSON mapper.

In my content I have various characters: tags, single quotes, double quotes, new lines character (\n), tabs etc. I tried to use CharacterEscapes class, but with no results.

My JSON response blows up after using CharacterEscapes. I tried to escape it manually, but also without any results.

So the question is, lets say that we have:

 <p>Some text</p>\n<p>"SomeText"</p>

How can I send it back to browser as value of the JSON object?

UPDATE: Input is:

{
    "code": {
    "num": 12
},
    "obj": {
        "label": "somelabel",
        "order": 1
    },
    "det": {
        "part": "1",
        "cont": true
    },
     "html": "<p>Mine text</p>"
}

Output:

{
    "code": {
    "num": 12
},
"obj": {
    "label": "somelabel",
    "order": 1
},
"det": {
    "part":"1",
    "cont": true
},
"html":{"code": {
    "num": 12
    },
    "obj": {
        "label": "somelabel",
        "order": 1
    },
    "det": {
    "part":"
    }

Does this help? http://www.cowtowncoder.com/blog/archives/2012/08/entry_476.html Although you probably do not need to scape anything apart from \b, \f, \n, \r, \t , \" and \\. Take this http://stackoverflow.com/questions/3020094/how-should-i-escape-strings-in-json and this http://stackoverflow.com/questions/19176024/how-to-escape-special-characters-in-building-a-json-string into account as well. Hope this helps. — Pedro Lopez, Mar 28 '15 at 19:07
I saw that article, and I have similar code, which doesn't help. Btw. I just saw that some tags were not displayed in my example. I will update the sample text. — Ma Kro, Mar 28 '15 at 19:09
I don't understand the problem. HTML is just text. You probably have it stored as a `String`. Jackson can escape any necessary characters in the `String` just fine. — Sotirios Delimanolis, Mar 28 '15 at 19:13
@SotiriosDelimanolis I'm sending response in: mapper.writeValue(response.getWriter(), myObjectWithHtmlProperty) And in the browser I see json, which looks like this: {"key":"value", "key":"value", "myHtmlKey":{"key":"value", "key":"value"} HTML code are replaced with JSON object from the begining — Ma Kro, Mar 28 '15 at 19:17
I still don't understand. Please post a complete and reproducible example. What is the input? What is the output? What is the expected output and why? — Sotirios Delimanolis, Mar 28 '15 at 19:19
I did a little experiment returning this string "
Some text
\\n
\"SomeText\"
" and it returned what you would expect {"value" : "
Some text
\\n
\"SomeText\"
"}. So just scape your \n and your quotes and it should be fine. As Sotirios Delimanolis said, it is text after all. I am using Spring Boot + Jackson, what are you using? — Pedro Lopez, Mar 28 '15 at 19:41
@PedroLopez How did you write the response? I just checked that mapper.writeValue(response.getWriter(), myString) returned what I have posted. When I did it like that: PrintWriter writer = response.getWriter(); writer.print(myString); writer.flush(); It worked. — Ma Kro, Mar 28 '15 at 21:09
Well, Spring Boot has built in support for Jackson, so I guess it is not the same scenario. You just have to return your model and the response is JSON or XML depending on your preference. You can find more information here https://spring.io/blog/2014/12/02/latest-jackson-integration-improvements-in-spring. Glad you found a solution. — Pedro Lopez, Mar 29 '15 at 18:03

score 2 · Accepted Answer · answered Mar 28 '15 at 22:39

For now I have found following solution: I have added CharacterEscapes to the JsonFactory of the ObjectMapper class. Also I have changed way of writting JSON into response. Instead of

objectMapper.writeValue(response.getWriter(), myObject)

I'm doing this:

PrintWriter writer = response.getWriter();
writer.print(String.valueOf(objectMapper.writeValueAsBytes(myObject));
writer.flush();

And it works as I wanted.

score 0 · Answer 2 · answered Mar 28 '15 at 19:09

0

I would suggest to use either of below.

1.You can use GSON library for this purpose.

    Gson gson = new GsonBuilder().disableHtmlEscaping().create();

2.Use Apache commons StringEscapeUtils.escapeHtml("JSON string").

answered Mar 28 '15 at 19:09

dReAmEr

6,986
7
36
63

I'm using Jackson, and for now, I don't want to switch to Gson. There must be a way to do that in Jackson. About the apache, I have the newest version of apache, and there is no such method "escapeHtml". It was removed and I'm not sure what is the replacement. – Ma Kro Mar 28 '15 at 19:11

How to escape HTML in JSON

2 Answers2