3

I am trying to make sure input from user is converted into a valid JSON string before submitted to server.

What I mean by 'Converting' is escaping characters such as '\n' and '"'. Btw, I am taking user input from HTML textarea.

Converting user input to a valid JSON string is very important for me as it will be posted to the server and sent back to client in JSON format. (Invalid JSON string will make whole response invalid)

If User entered

Hello New World,
My Name is "Wonderful".

in HTML <textarea>,

var content = $("textarea").val();

content will contain new-line character and double quotes character.

It's not a problem for server and database to handle and store data.

My problem occurs when the server sends back the data posted by clients to them in JSON format as they were posted.

Let me clarify it further by giving some example of my server's response. It's a JSON response and looks like this

{ "code": 0, "id": 1, "content": "USER_POSTED_CONTENT" }

If USER_POSTED_CONTENT contains new-line character '\n', double quotes or any characters that are must be escaped but not escaped, then it is no longer a valid JSON string and client's JavaScript engine cannot parse data.

So I am trying to make sure client is submitting valid JSON string.

This is what I came up with after doing some researches.

String.prototype.escapeForJson = function() {
  return this
    .replace(/\b/g, "")
    .replace(/\f/g, "")
    .replace(/\\/g, "\\")
    .replace(/\"/g, "\\\"")
    .replace(/\t/g, "\\t")
    .replace(/\r/g, "\\r")
    .replace(/\n/g, "\\n")
    .replace(/\u2028/g, "\\u2028")
    .replace(/\u2029/g, "\\u2029");
};

I use this function to escape all the characters that need to be escaped in order to create a valid JSON string.

var content = txt.val().escapeForJson();
$.ajax(
   ...
   data:{ "content": content }
   ...
);

But then... it seems like str = JSON.stringify(str); does the same job!

However, after reading what JSON.stringify is really for, I am just confused. It says JSON.stringify is to convert JSON Object into string.

I am not really converting JSON Object to string.

So my question is... Is it totally ok to use JSON.stringify to convert user input to valid JSON string object??

UPDATES:

JSON.stringify(content) worked good but it added double quotes in the beginning and in the end. And I had to manually remove it for my needs.

Eddie
  • 761
  • 3
  • 9
  • 22

3 Answers3

4

Yep, it is totally ok. You do not need to re-invent what does exist already, and your code will be more useable for another developer.

EDIT: You might want to use object instead a simple string because you would like to send some other information.

For example, you might want to send the content of another input which will be developed later.

You should not use stringify is the target browser is IE7 or lesser without adding json2.js.

Didier Aupest
  • 3,227
  • 2
  • 23
  • 35
2

I don't think JSON.stringify does what you need. Check the out the behavior when handling some of your cases:

JSON.stringify('\n\rhello\n')
*desired : "\\n\\rhello\\n"
*actual  : "\n\rhello\n"

JSON.stringify('\b\rhello\n')
*desired : "\\rhello\\n"
*actual  : "\b\rhello\n"

JSON.stringify('\b\f\b\f\b\f')
*desired : ""
*actual  : ""\b\f\b\f\b\f""

The stringify function returns a valid JSON string. A valid JSON string does not require these characters to be escaped.

The question is... Do you just need valid JSON strings? Or do you need valid JSON strings AND escaped characters? If the former: use stringify, if the latter: use stringify, and then use your function on top of it.

Highly relevant: How to escape a JSON string containing newline characters using javascript?

Community
  • 1
  • 1
Toby Liu
  • 1,267
  • 9
  • 14
  • Thank you for the answer! My question might have been little too unclear. What I wanted was the former. Thank you!! – Eddie Jul 31 '15 at 01:07
-1

Complexity. I don't know what say.

Take the urlencode function from your function list and kick it around a bit.

<?php

$textdata = $_POST['textdata'];

///// Try without this one line and json encoding tanks
$textdata = urlencode($textdata);


/******* textarea data slides into JSON string because JSON is designed to hold urlencoded strings ******/ 

$json_string = json_encode($textdata); 


//////////// decode just for kicks and used decoded for the form

$mydata = json_decode($json_string, "true");

/// url decode
$mydata = urldecode($mydata['textdata']);

?>


<html>
<form action="" method="post">
<textarea name="textdata"><?php echo $mydata; ?></textarea>
<input type="submit">
</html>

Same thing can be done in Javascript to store textarea data in local storage. Again textarea will fail unless all the unix formatting is deal with. The answer is take urldecode/urlencode and kick it around.

I believe that urlencode on the server side will be a C wrapped function that iterates the char array once verses running a snippet of interpreted code.

The text area returned will be exactly what was entered with zero chance of upsetting a wyswyg editor or basic HTML5 textarea which could use a combination of HTML/CSS, DOS, Apple and Unix depending on what text is cut/pasted.

The down votes are hilarious and show an obvious lack of knowledge. You only need to ask yourself, if this data were file contents or some other array of lines, how would you pass this data in a URL? JSON.stringify is okay but url encoding works best in a client/server ajax.

Greg Weldon
  • 11
  • 1
  • Wow, I was just looking at my code where I was sealing with this issue. I'm finally one of those guys that makes a wrong post. I was using url encode blockchained content for ease of reading ~ in these examples the content out does not equal content out + goes into all spaces. In my case I needed to store the data in a string in Solr and the \n \r break the integrity of the server side store. I'll correct this animal post at the end of the day when I'm burnt. – Greg Weldon Jul 20 '17 at 16:02