JSON character escaping function in classic ASP
If you are into advanced AJAX techniques you probably will stumble across JSON (www.json.org) which makes developing (and therefore the life) a lot easier when working with AJAX. If you already stumbled across and you use JSON within classic ASP you might find this article useful. It deals with escaping characters for JSON acording to the RFC4627#2.5
I haven't found any snippet out there for classic ASP so we had to write our own. And so my work colleague - an old algorithm guru - just came up with this function which covers all the requirements specified in the JSON RFC.
What we want to achieve...
-
<script>
-
alert({foo:"<%= "some va""lue" %>"}.foo);
-
</script>
The code snippet above will result in a javascript error because we are passing an apostrophe from ASP to Javascript which leads to an early closing of the string: foo:"some va"lue" (there is one apostrophe too much). The same thing happens for other characters as well. If you have line breaks, german umlaute, hidden special characters, etc. All those need to be escaped now in order that the javascript simple object notation (JSON) can interpret it. Thats the function which does the escaping (there are 3 more functions cause they're used within the escapeJSON()):
-
'******************************************************************************************
-
'' @SDESCRIPTION: takes a given string and makes it JSON valid (http://json.org/)
-
'' @AUTHOR: Michael Rebec
-
'' @DESCRIPTION: all characters which needs to be escaped are beeing replaced by their
-
'' unicode representation according to the
-
'' RFC4627#2.5 - http://www.ietf.org/rfc/rfc4627.txt?number=4627
-
'' @PARAM: val [string]: value which should be escaped
-
'' @RETURN: [string] JSON valid string
-
'******************************************************************************************
-
public function escapeJSON(val)
-
cDoubleQuote = &h22
-
cRevSolidus = &h5C
-
cSolidus = &h2F
-
-
for i = 1 to (len(val))
-
currentDigit = mid(val, i, 1)
-
if asc(currentDigit)> &h00 and asc(currentDigit) <&h1F then
-
currentDigit = escapeJSONSquence(currentDigit)
-
elseif asc(currentDigit)>= &hC280 and asc(currentDigit) <= &hC2BF then
-
currentDigit = "\u00" + right(padLeft(hex(asc(currentDigit) - &hC200), 2, 0), 2)
-
elseif asc(currentDigit)>= &hC380 and asc(currentDigit) <= &hC3BF then
-
currentDigit = "\u00" + right(padLeft(hex(asc(currentDigit) - &hC2C0), 2, 0), 2)
-
else
-
select case asc(currentDigit)
-
case cDoubleQuote: currentDigit = escapeJSONSquence(currentDigit)
-
case cRevSolidus: currentDigit = escapeJSONSquence(currentDigit)
-
case cSolidus: currentDigit = escapeJSONSquence(currentDigit)
-
end select
-
end if
-
escapeJSON = escapeJSON & currentDigit
-
next
-
end function
-
-
function escapeJSONSquence(digit)
-
escapeJSONSquence = "\u00" + right(padLeft(hex(asc(digit)), 2, 0), 2)
-
end function
-
-
function padLeft(value, totalLength, paddingChar)
-
padLeft = right(clone(paddingChar, totalLength) & value, totalLength)
-
end function
-
-
public function clone(byVal str, n)
-
for i = 1 to n : clone = clone & str : next
-
end function
So now we should be able to escape the strings for JSON like this and no error should occur...
-
<script>
-
alert({foo:"<%= escapeJSON("some va""lue") %>"}.foo);
-
</script>
This stuff has been tested and works for all characters so everything can be transfered with JSON now ;) I would suggest to group the whole functions into a class called JSON with a method escape() just for a nicer use. In my case its in a utility class StringOperations where I have several string manipulation methods. If you are interested you can download the full String class also which include the JSON escaping method:
StringOperations 0.9 (StringOperations Documentation)
(13 votes, average: 4.23 out of 5)
Loading ...