Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90144 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 89607 invoked from network); 5 Jan 2016 20:05:28 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Jan 2016 20:05:28 -0000 Authentication-Results: pb1.pair.com smtp.mail=ekohler@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=ekohler@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.52 as permitted sender) X-PHP-List-Original-Sender: ekohler@gmail.com X-Host-Fingerprint: 74.125.82.52 mail-wm0-f52.google.com Received: from [74.125.82.52] ([74.125.82.52:34222] helo=mail-wm0-f52.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C5/25-12097-5022C865 for ; Tue, 05 Jan 2016 15:05:26 -0500 Received: by mail-wm0-f52.google.com with SMTP id u188so36629474wmu.1 for ; Tue, 05 Jan 2016 12:05:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=ERJLBNbCyuDkP4IF+JwKrIaQwbnTficxGubmKmamNIw=; b=VPCcKxXysx7Kcmy2p2cVWYNJyZyPm6Z6Jtnuq62RRJJubtqaQmu8Jk5nIdP6/Fi22c kvQ8q8Fnq+Qnd+5ac+3C9RuGN9BE/OiEoY1xG9e4hUyjH+eqBh3t781hQyrb70G0UAqq gV0ch0Gk3T4FBg6mFVkov3cMTJo5oeUgq6ZM3OA6dWJCiREakNSx4zx8qnIYZZ7oqkJQ hDAysyhDhLkPjJfPRD0P4pYGYohBrOu79cRfyYQBHs3OjGgV7KnTS841bcVyyGrZg9PU b2/O3FNMkXc3oUPqDv8vjFayfXlRZU/5aEkbcHTYUgGSofL3XQzOAg8Gum1nx9b5FdUq 0r3Q== MIME-Version: 1.0 X-Received: by 10.28.170.139 with SMTP id t133mr6230036wme.50.1452024322283; Tue, 05 Jan 2016 12:05:22 -0800 (PST) Received: by 10.194.109.166 with HTTP; Tue, 5 Jan 2016 12:05:22 -0800 (PST) Reply-To: kohler@seas.harvard.edu In-Reply-To: References: Date: Tue, 5 Jan 2016 15:05:22 -0500 Message-ID: To: Andrea Faulds Cc: internals@lists.php.net Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Re: Proposed change in json_encode+JSON_UNESCAPED_UNICODE behavior From: ekohler@gmail.com (Eddie Kohler) Yes, without the JSON_UNESCAPED_UNICODE flag, all characters with Unicode values >= 0x80 are escaped. That's the default behavior. On Tue, Jan 5, 2016 at 2:45 PM, Andrea Faulds wrote: > Hi Eddie, > > Eddie Kohler wrote: >> >> The U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR >> characters are allowed unescaped in JSON strings, but *not* allowed >> unescaped >> in Javascript. This is widely considered a minor wart in the JSON >> specification. >> >> >> As a result, the JSON_UNESCAPED_UNICODE flag is dangerous to use when >> generating HTML. For example, this will generate a Javascript error >> ("Unexpected >> token ILLEGAL") in the user's browser: >> >> ``` >> $x = mb_convert_encoding(' ', 'UTF-8', 'HTML-ENTITIES'); >> echo ''; >> ``` >> >> The proposal is for `json_encode(..., JSON_UNESCAPED_UNICODE)` to >> escape the U+2028 and U+2029 characters as \u2028 and \u2029. A new flag, >> JSON_UNESCAPED_LINE_TERMINATORS, preserves the former behavior. >> >> It's important to note that this change *only* affects the non-default >> JSON_UNESCAPED_UNICODE flag. > > > This sounds reasonable. I'd like to ask, though, does this mean that without > that flag, U+2028 and U+2029 are always escaped? > > Thanks. > -- > Andrea Faulds > https://ajf.me/ > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php >