JSON.stringify </script>

Oriol Bugzilla oriol-bugzilla at hotmail.com
Thu Sep 29 15:45:22 UTC 2016


> ECMAScript, while highly used in web browsers, should really not care about HTML constructs. That's where WHATWG and W3C come in. I suggest this type of feature should come from one of those groups, not ECMA.

That applies to escaping things like `</script>` or `]]>`, and I agree. But as Mike Samuel mentioned, JSON strings containing U+2028 or U+2029 are not valid JS expressions. I think it would make sense for `JSON.stringify` to escape these.

-Oriol

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20160929/8102c3da/attachment.html>


More information about the es-discuss mailing list