[Python-Dev] Bug in json (the format and the module)

Jeremy Dunck jdunck at gmail.com
Tue May 17 19:40:04 CEST 2011

This blog post describes a bug in a common usage pattern of JSON:


That is, there are some characters which are legal in JSON
serializations, but not in JavaScript strings.

This works OK for JSON parsers, but a common use case of JSON is
JSONP, where the result of a request is presumed to be executable

<script src="http://someapi.com/jsonp?callback=foo"> might return a response:

foo({"some_json":"which might or might not be legal javascript"})

The post also suggests a solution -- to replace literal U+2028 - Line
separator and U+2029 - Paragraph separator with their escape sequences
\u2028 and \u2029.

This is a nice solution in that it makes the JSON valid JS while
keeping the same semantics.  Of course there's the annoyance of
processing the full string, comparable in overhead to utf-8 encoding,
I presume.

So, to start with, is there a maintainer for the json module, or how
should I go about discussing implementing this solution?

More information about the Python-Dev mailing list