“<” character in JSON data is serialized to \u003c

Question

I have a JSON object where the value of one element is a string. In this string there are the characters \"\". I take this entire JSON object and i

Answer 1

The characters are being encoded "properly"!¹ Use a working JSON library to correctly access the JSON data - it is a valid JSON encoding.

Escaping these characters prevents HTML injection via JSON - and makes the JSON XML-friendly. That is, even if the JSON is emited directly into JavaScript (as is done fairly often as JSON is a valid² subset of JavaScript), it cannot be used to terminate the <script> element early because the relevant characters (e.g. <, >) are encoded within JSON itself.

The standard JavaScriptSerializer does not have the ability to change this behavior. Such escaping might be configurable (or different) in the Json.NET implementation - but, it shouldn't matter because a valid JSON client/library must understand the \u escapes.

---

¹ From RFC 4627: The application/json Media Type for JavaScript Object Notation (JSON),

Any character may be escaped. If the character is in the Basic Multilingual Plane (U+0000 through U+FFFF), then it may be represented as a six-character sequence: a reverse solidus, followed by the lowercase letter u, followed by four hexadecimal digits that encode the character's code point ..

See also C# To transform Facebook Response to proper encoded string (which is also related to the JSON escaping).

² There is a rare case when this does not hold, but ignoring (or accounting for) that..