frankpf · February 25, 2021 17:56
diff --git a/safeStringify.js b/safeStringify.js
 const UNSAFE_CHARS_REGEXP = /[<>\/\u2028\u2029]/g
 const ESCAPED_CHARS = {
    '<'     : '\\u003C',
    '>'     : '\\u003E',
    '/'     : '\\u002F',
    '\u2028': '\\u2028',
    '\u2029': '\\u2029'
 }
 function escapeUnsafeChars(unsafeChar) {
    return ESCAPED_CHARS[unsafeChar]
 }
 function safeStringify(input) {
 	const rawString = JSON.stringify(input)
 	return rawString.replace(UNSAFE_CHARS_REGEXP, escapeUnsafeChars)
 }
diff --git a/usage.js b/usage.js
 var input = { a: "<script>alert(123)</script>" }
 var output = safeStringify({ "a": "<script>alert(123)</script>" })
 console.log(output)
 // => {"a":"\u003Cscript\u003Ealert(123)\u003C\u002Fscript\u003E"}"
 var roundtrip = JSON.parse(output)
 console.log(roundtrip.a == input.a)
 //  => true
	const UNSAFE_CHARS_REGEXP = /[<>\/\u2028\u2029]/g
	const ESCAPED_CHARS = {
	'<' : '\\u003C',
	'>' : '\\u003E',
	'/' : '\\u002F',
	'\u2028': '\\u2028',
	'\u2029': '\\u2029'
	}
	function escapeUnsafeChars(unsafeChar) {
	return ESCAPED_CHARS[unsafeChar]
	}
	function safeStringify(input) {
	const rawString = JSON.stringify(input)
	return rawString.replace(UNSAFE_CHARS_REGEXP, escapeUnsafeChars)
	}
	var input = { a: "<script>alert(123)</script>" }
	var output = safeStringify({ "a": "<script>alert(123)</script>" })
	console.log(output)
	// => {"a":"\u003Cscript\u003Ealert(123)\u003C\u002Fscript\u003E"}"
	var roundtrip = JSON.parse(output)
	console.log(roundtrip.a == input.a)
	// => true