Proper way to escape json data in PHP without using JS comment hack
Question
Consider the code below to send a json string to js from php,
<?php
$str = "<!--<script>"; // This is from user input
?>
<script>
var json_str = <?= json_encode($str) ?>;
</script>
The string will break the HTML, and the way to solve it is via something like the old school comment hack, eg
<script>
<!--
var json_str = <?= json_encode($str) ?>;
//-->
</script>
Are there any alternative?
1 answers
solution1
5 2014-08-18 11:49:38
您可以使用标志JSON_HEX_TAG ,以便<和>被编码为\<和\> 。
json_encode($str, JSON_HEX_TAG)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Proper way to escape ${} in a JS template string
How to display JSON data (without proper labels) in a table with JS and JQuery?
Making a table in react js without proper key values in json data
Proper way to escape a string
Proper way to decode SecurityElement.Escape using Javascript
best way to escape data JS->PHP->MySQL and vice versa
Proper way to append HTML to document with JSON data
Proper way to send JSON data along with sendFile() with Node.js and Express
Adding Comment feature to a JSON data using AngularJS
Proper way to retrieve data from sessionStorage in php
Related Tags