Sometimes I see in a view source page ( html view source) this code:

if (JSON.stringify(["\u2028\u2029"]) === '["\u2028\u2029"]') JSON.stringify = function (a) {
    var b = /\u2028/g,
        c = /\u2029/g;
    return function (d, e, f) {
        var g = a.call(this, d, e, f);
        if (g) {
            if (-1 < g.indexOf('\u2028')) g = g.replace(b, '\\u2028');
            if (-1 < g.indexOf('\u2029')) g = g.replace(c, '\\u2029');
        }
        return g;
    };
}(JSON.stringify);

• What is the problem with JSON.stringify(["\u2028\u2029"]) that it needs to be checked ?

Additional info :

• JSON.stringify(["\u2028\u2029"]) value is "["

"]"
• '["\u2028\u2029"]' value is also "["

"]"

Sometimes I see in a view source page ( html view source) this code:

if (JSON.stringify(["\u2028\u2029"]) === '["\u2028\u2029"]') JSON.stringify = function (a) {
    var b = /\u2028/g,
        c = /\u2029/g;
    return function (d, e, f) {
        var g = a.call(this, d, e, f);
        if (g) {
            if (-1 < g.indexOf('\u2028')) g = g.replace(b, '\\u2028');
            if (-1 < g.indexOf('\u2029')) g = g.replace(c, '\\u2029');
        }
        return g;
    };
}(JSON.stringify);

• What is the problem with JSON.stringify(["\u2028\u2029"]) that it needs to be checked ?

Additional info :

• JSON.stringify(["\u2028\u2029"]) value is "["

"]"
• '["\u2028\u2029"]' value is also "["

"]"

• javascript
• json

• Related thespanner.co.uk/2011/07/25/the-json-specification-is-now-wrong and code.google.com/p/v8/issues/detail?id=1907 – andyb Commented May 22, 2013 at 8:24

3 Answers 3

I thought it might be a security feature. FileFormat.info for 2028 and 2029 have a banner stating

Do not use this character in domain names. Browsers are blacklisting it because of the potential for phishing.

But it turns out that the line and paragraph separators \u2028 and \u2029 respectively are treated as a new line in ES5 JavaScript.

From http://www.thespanner.co.uk/2011/07/25/the-json-specification-is-now-wrong/

\u2028 and \u2029 characters that can break entire JSON feeds since the string will contain a new line and the JavaScript parser will bail out

So you are seeing a patch for JSON.stringify. Also see Node.js JavaScript-stringify

Edit: Yes, modern browsers' built-in JSON object should take care of this correctly. I can't find any links to the actual source to back this up though. The Chromium code search doesn't mention any bugs that would warrant adding this workaround manually. It looks like Firefox 3.5 was the first version to have native JSON support, not entirely bug-free though. IE8 supports it too. So it is likely a now unnecessary patch, assuming browsers have implemented the specification correctly.

After reading both answers , here is the Simple visual explanation :

doing this

alert(JSON.stringify({"a":"sddd\u2028sssss"})) // can cause problems

will alert :

While changing the trouble maker to something else ( for example from \u to \1u)

will alert :

Now , let's invoke the function from my original Q ,

Lets try this alert(JSON.stringify({"a":"sddd\u2028sssss"})) again :

result :

and now , everybody's happy.

\u2028 and \u2029 are invisible Unicode line and paragraph separator characters. Natively JSON.stringify method converts these codes to their symbolic representation (as JavaScript automatically does in the strings), resulting in "["

"]". The code you have provided does not let JSON to convert the codes to symbols and preserves their \uXXXX representation in the output string, i.e. returning "["\u2028\u2029"]".