{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 叛逆 的问题《Should I HTML encode response of my Web API》','https://www.manongdao.com/q-766890.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am designing a Web API which returns JSON as the content-type, the response body could contain characters like ', ", < and >, they are valid characters in JSON. So, my question is should I do HTML encode for my Web API response body or should I leave this task to HTML client who is consuming my Web API?
相关问题
- Jackson Deserialization not calling deserialize on
- How to maintain order of key-value in DataFrame sa
- StackExchange API - Deserialize Date in JSON Respo
- Easiest way to get json and parse it using JQuery
- Newtonsoft DeserializeXNode expands internal array
相关文章
- json_encode 没有把数组转为json
- Livy Server: return a dataframe as JSON?
- Unexpected end of JSON input from an ajax call
- How do I do a nested list (array) of schema refere
- iconv() Vs. utf8_encode()
- Convert C# Object to Json Object
- LINQ .Include() properties from sub-types in TPH i
- How to make a custom list deserializer in Gson?
No; you must not.
You must only escape data if and when you concatenate it into a structured format.
If you return JSON like
{ "text": "Content by X & Y" }, anyone who reads that JSON will see the literal text&.It will only work correctly for extremely broken clients who concatenate it directly into their HTML without escaping.
In short:
Never escape text except when you're about to display it
What platform are you using? For example, Node.js, you can use restify to handle that very well. You don't need to explicitly encode the data. Therefore, please find a restful framework or component to help you out.