GitHub - mapbox/safer-stringify: A stringify template helper for outputting JSON with escaped forward slashes and line terminators.

#safer-stringify

Like JSON.stringify, but escapes forward slashes and line terminators.

##Usage Same arguments as JSON.stringify:

saferstringify(obj, replacer, spaces)

var saferstringify = require('@mapbox/safer-stringify');

var obj = {};
obj.github = 'http://www.github.com/mapbox/saferstringify';
obj.escape = 'ro cks'; // has hidden \u2028 literal between `ro` and `cks`
obj.script = '<script>wut("lol")</script>';

saferstringify(obj, null, 2);

Output:

{
  "github": "http:\/\/www.github.com\/mapbox\/saferstringify",
  "escape": "ro\u2028cks",
  "script": "<script>wut(\"lol\")<\/script>"
}

##Why?

A unescaped </script> tag in JSON will be parsed in HTML as the closing script tag regardless of whether it was intended as that or not. See http://stackoverflow.com/questions/66837/when-is-a-cdata-section-necessary-within-a-script-tag/1450633#1450633

u2028 and u2029 must be escaped because no string in JavaScript can contain a literal U+2028 or a U+2029, as they are line terminators. See http://timelessrepo.com/json-isnt-a-javascript-subset

##Tests

npm test

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
test		test
.gitignore		.gitignore
.travis.yml		.travis.yml
README.md		README.md
index.js		index.js
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Releases

Packages

Contributors 3

Languages

mapbox/safer-stringify

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

Packages 0

Contributors 3

Languages

Packages