This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
The rules for JSON encoding state: "JSON escaping replaces the characters quotation mark, backspace, form-feed, newline, carriage return, or tab by the corresponding JSON escape sequences \", \b, \f, \n, \r, or \t respectively, and any other codepoint in the range 1-31 or 127-159 by an escape in the form \uHHHH where HHHH is the hexadecimal representation of the codepoint value. Escaping is also applied to any characters that cannot be represented in the selected encoding." This appears to omit the escaping of reverse-solidus (codepoint 92) as \\. It also omits the escaping of solidus (character 47). Reading up on the subject [1], it appears it is advisable to escape this character so that it is safe to embed the JSON substring "</script>" in HTML. [1] http://andowebsit.es/blog/noteslog.com/post/the-solidus-issue/
The editors agree and propose to revise the above paragraph as follows: "JSON escaping replaces the characters quotation mark, backspace, form-feed, newline, carriage return, tab, reverse solidus, or solidus by the corresponding JSON escape sequences \", \b, \f, \n, \r, \t, \\, or \/ respectively, and any other codepoint in the range 1-31 or 127-159 by an escape in the form \uHHHH where HHHH is the hexadecimal representation of the codepoint value. Escaping is also applied to any characters that cannot be represented in the selected encoding."
Should the same change (escaping a solidus) be made to the xml-to-json() function?
(In reply to Michael Kay from comment #2) > Should the same change (escaping a solidus) be made to the xml-to-json() > function? Yes. I think test case xml-to-json-017 will need to change.
At the meeting on 2016-07-19, the WG agreed to adopt the proposal in comment #1. The changes have now been applied