Translate </ to <\/ in json output to avoid issues with the string

author Ben Darnell <bdarnell@beaker.local>

Mon, 10 May 2010 01:51:49 +0000 (18:51 -0700)

committer Ben Darnell <bdarnell@beaker.local>

Mon, 10 May 2010 01:51:49 +0000 (18:51 -0700)
author Ben Darnell <bdarnell@beaker.local>
Mon, 10 May 2010 01:51:49 +0000 (18:51 -0700)
committer Ben Darnell <bdarnell@beaker.local>
Mon, 10 May 2010 01:51:49 +0000 (18:51 -0700)
diff --git a/tornado/escape.py b/tornado/escape.py

index bacb1c51d004dd7aa13361a5abb0b552f4da6669..af99f52feb1d2dba4555b8d2901a94c258b801f6 100644 (file)
--- a/tornado/escape.py
+++ b/tornado/escape.py
@@ -54,7 +54,13 @@ def xhtml_unescape(value):
  
  def json_encode(value):
      """JSON-encodes the given Python object."""
-    return _json_encode(value)
+    # JSON permits but does not require forward slashes to be escaped.
+    # This is useful when json data is emitted in a <script> tag
+    # in HTML, as it prevents </script> tags from prematurely terminating
+    # the javscript.  Some json libraries do this escaping by default,
+    # although python's standard library does not, so we do it here.
+    # http://stackoverflow.com/questions/1580647/json-why-are-forward-slashes-escaped
+    return _json_encode(value).replace("</", "<\\/")
  
  
  def json_decode(value):
author	Ben Darnell <bdarnell@beaker.local>
	Mon, 10 May 2010 01:51:49 +0000 (18:51 -0700)
committer	Ben Darnell <bdarnell@beaker.local>
	Mon, 10 May 2010 01:51:49 +0000 (18:51 -0700)