Escaping/encoding single quotes in JSON encoded HTML5 data attributes

Asked 12/1, 2012 at 9:16 Answered 14/12, 2016 at 13:44

Solved php json html custom-data-attribute

In PHP, I use json_encode() to echo arrays in HTML5 data attributes. As JSON requires - and json_encode() generates - values encapsulated by double quotes. I therefor wrap my data attributes with single quotes, like:

<article data-tags='["html5","jquery","php","test's"]'>

As you can see, the last tag (test's) contains a single quote, and using json_encode() with no options leads to parsing problems.

So I use json_encode() with the JSON_HEX_APOS parameter, and parsing is fine, as my single quotes are encoded, but I wonder: is there a downside doing it like this?

Osyth answered 12/1, 2012 at 9:16 Comment(6)

You mean downside in the meaning that it works? – Splitting 12/1, 2012 at 9:18

I mean downside in the meaning of "unexpected side effects that hexadecimal encoding might produce" – Accelerando 12/1, 2012 at 9:24

You have not showed any code how you output something, so an answer could only be a good guess. – Splitting 12/1, 2012 at 9:26

My question is more general than specific: I wonder, in general, what is involved in dealing with hexadecimal encoding. – Accelerando 12/1, 2012 at 9:36

@Jérémy It should work, as in, I can't off the top of my head think of a situation where it would not, but it's really the wrong thing to do. HTML escape any values that may break your HTML syntax, as simple as that. – Nathanialnathaniel 12/1, 2012 at 9:39

Some characters need hex-encoding because no representation exists for those in HTML/XML, not even as entities. Not the case with your strings in question (entities exists for those w/o breaking the attribute value), but in those other cases, javascript hex encoding would be required to transport the value unbroken inside of a X(HT)ML document. See w3.org/TR/REC-xml/#charsets – Splitting 12/1, 2012 at 9:43

You need to HTML escape data echoed into HTML:

printf('<article data-tags="%s">',
    htmlspecialchars(json_encode(array('html5', ...)), ENT_QUOTES, 'UTF-8'));

Nathanialnathaniel answered 12/1, 2012 at 9:19 Comment(3)

+1 always use the appropriate encoding in output, the only way to go. Invalid code-points (like \x00 would need hex-encoding according to X(HT)ML specs). – Splitting 12/1, 2012 at 9:40

for simplicity htmlspecialchars(json_encode($arrayData), ENT_QUOTES,'UTF-8') – Mallet 30/6, 2017 at 12:34

i json_encode with htmlspecialchars(json_encode($arrayData), ENT_QUOTES,'UTF-8') how to decode? – Tillford 9/11, 2017 at 6:23

or use the build-in option:

json_encode(array('html5', ...), JSON_HEX_APOS)

you can check it up in the manual: http://php.net/manual/en/json.constants.php#constant.json-hex-apos

Caudillo answered 14/12, 2016 at 13:44 Comment(1)

Thank you very much. I did not know this option. It worked very well. – Timoshenko 12/12, 2017 at 10:8

Recommended topics

Hot tags