0

Referring to this answer 2, how could I create an encoder to allow/ not encode the + character in a string?

For background, this is for a phone number field of type string where numbers can be specified in an international format. This phone number field is part of a request that is serialized into a Json body and used to call a thirdparty API which checks the phone number.

Currently using the default Encoder changes any + into \u002B

JsonSerializerOptions options = new JsonSerializerOptions
{
    Encoder = ...
};

Edit: Wondering if 'UnsafeRelaxedJsonEscaping' is the way to go here, or if there is a more narrow option, for example using 'JavaScriptEncoder.Create(..)' or something else.

imsan
  • 359
  • 4
  • 17
  • Why exactly did you not choose the accepted answer (using UnsafeRelaxedJsonEscaping) from the question you linked? –  Nov 25 '22 at 12:34
  • Because it specifies it is 'unsafe' also I only need the + to not be encoded so it seems a bit wide to allow everything else to be also. Was wondering if there was a better/more narrow option. – imsan Nov 25 '22 at 13:13
  • Well, you already are willing to use the unsafe character `+`, so you are already in unsafe territory with regard to protection against unsafe characters in your json. How would allow other unsafe characters to _not_ be escaped make it worse? If you really want/need that, though, _JavaScriptEncoder.Create_ won't help you as it will only create a _DefaultJsonEncoder_ with an _OptimizedInboxTextEncoder_ whose _forbidHtmlSensitiveCharacters_ parameter will be _true_. (1/2) –  Nov 25 '22 at 13:42
  • (2/2) In other words, _JavaScriptEncoder.Create_ will only ever create/provide JavaScriptEncoders which will enforce escaping of unsafe characters including `+` no matter what settings you pass to the _JavaScriptEncoder.Create_ method. So, if you really want to stick with the "_a little safe here, a little unsafe there_" approach, then the only option you have is in creating your own custom encoder class (deriving from JavaScriptEncoder) which implements the desired escaping behavior. –  Nov 25 '22 at 13:43
  • 1
    "_Wondering if 'UnsafeRelaxedJsonEscaping' is the way to go here_" That is something _only you_ can answer based on your business/usage scenario regarding the json your code produces. "_for example using JavaScriptEncoder.Create(..)_", as already mentioned in my previous comments, _JavaScriptEncoder.Create(..)_ is a dead end with regard to (selective) prevention of escaping of unsafe characters. –  Nov 25 '22 at 13:56
  • Thanks for clarifying that 'JavaScriptEncoder.Create' is not relevant in this case – imsan Nov 25 '22 at 14:11
  • Rather that creating your own encoder, you could create a custom `JsonConverter` similar to the one from [Don't escape single quotes with System.Text.Json](https://stackoverflow.com/a/74060308/3744182). Does that answer your question? – dbc Nov 25 '22 at 19:41

1 Answers1

1

Encoding + sign is by design. You can read more about this topic in this github issue. However, there is a workaround:

var options = new JsonSerializerOptions
{
    Encoder = System.Text.Encodings.Web.JavaScriptEncoder.UnsafeRelaxedJsonEscaping
};

Documentation for UnsafeRelaxedJsonEscaping states: this encoder instance allows some other characters to go through unescaped (for example, '+'), and hence must be used cautiously.

geldek
  • 503
  • 2
  • 10