From: Russ Cox Date: Tue, 23 Apr 2019 11:27:07 +0000 (-0400) Subject: encoding/json: document HTML escaping in Compact X-Git-Tag: go1.13beta1~592 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=d92bc7a55aa11777bdb4605eda6536c64defb0d3;p=gostls13.git encoding/json: document HTML escaping in Compact Make explicit that Compact does HTML escaping. Fixes #30357. Change-Id: I4648f8f3e907d659db977d07253f716df6e07d7b Reviewed-on: https://go-review.googlesource.com/c/go/+/173417 Run-TryBot: Russ Cox Reviewed-by: Brad Fitzpatrick --- diff --git a/src/encoding/json/encode.go b/src/encoding/json/encode.go index 197c0cba03..383460e52b 100644 --- a/src/encoding/json/encode.go +++ b/src/encoding/json/encode.go @@ -45,11 +45,12 @@ import ( // // String values encode as JSON strings coerced to valid UTF-8, // replacing invalid bytes with the Unicode replacement rune. -// The angle brackets "<" and ">" are escaped to "\u003c" and "\u003e" -// to keep some browsers from misinterpreting JSON output as HTML. -// Ampersand "&" is also escaped to "\u0026" for the same reason. -// This escaping can be disabled using an Encoder that had SetEscapeHTML(false) -// called on it. +// So that the JSON will be safe to embed inside HTML