Add escape: false option to ActiveSupport::JSON.encode

etiennebarrie · byroot · byroot · commit 8be58ff1e551 · 2025-03-13T11:02:44.000+01:00
In many contexts you don't need the resuling JSON to be HTML-safe.

This both saves a costly operation and renders cleaner JSON.

Co-authored-by: Jean Boussier &lt;jean.boussier@gmail.com&gt;
diff --git a/activesupport/lib/active_support/json/encoding.rb b/activesupport/lib/active_support/json/encoding.rb
@@ -20,8 +20,8 @@ class << self
       #   ActiveSupport::JSON.encode({ team: 'rails', players: '36' })
       #   # => "{\"team\":\"rails\",\"players\":\"36\"}"
       #
-      # Generates JSON that is safe to include in JavaScript as it escapes
-      # U+2028 (Line Separator) and U+2029 (Paragraph Separator):
+      # By default, it generates JSON that is safe to include in JavaScript, as
+      # it escapes U+2028 (Line Separator) and U+2029 (Paragraph Separator):
       #
       #   ActiveSupport::JSON.encode({ key: "\u2028" })
       #   # => "{\"key\":\"\\u2028\"}"
@@ -32,11 +32,17 @@ class << self
       #   ActiveSupport::JSON.encode({ key: "<>&" })
       #   # => "{\"key\":\"\\u003c\\u003e\\u0026\"}"
       #
-      # This can be changed with the +escape_html_entities+ option, or the
+      # This behavior can be changed with the +escape_html_entities+ option, or the
       # global escape_html_entities_in_json configuration option.
       #
       #   ActiveSupport::JSON.encode({ key: "<>&" }, escape_html_entities: false)
       #   # => "{\"key\":\"<>&\"}"
+      #
+      # For performance reasons, you can set the +escape+ option to false,
+      # which will skip all escaping:
+      #
+      #   ActiveSupport::JSON.encode({ key: "\u2028<>&" }, escape: false)
+      #   # => "{\"key\":\"\u2028<>&\"}"
       def encode(value, options = nil)
         if options.nil? || options.empty?
           Encoding.encode_without_options(value)
@@ -76,6 +82,8 @@ def encode(value)
           end
           json = stringify(jsonify(value))
 
+          return json unless @options.fetch(:escape, true)
+
           # Rails does more escaping than the JSON gem natively does (we
           # escape \u2028 and \u2029 and optionally >, <, & to work around
           # certain browser problems).
@@ -162,6 +170,8 @@ def encode(value)
 
             json = CODER.dump(value)
 
+            return json unless @options.fetch(:escape, true)
+
             # Rails does more escaping than the JSON gem natively does (we
             # escape \u2028 and \u2029 and optionally >, <, & to work around
             # certain browser problems).
diff --git a/activesupport/test/json/encoding_test.rb b/activesupport/test/json/encoding_test.rb
@@ -52,6 +52,11 @@ def test_hash_encoding
     assert_equal %({\"a\":\"b\",\"c\":\"d\"}), sorted_json(ActiveSupport::JSON.encode(a: :b, c: :d))
   end
 
+  def test_unicode_escape
+    assert_equal %{{"\\u2028":"\\u2029"}}, ActiveSupport::JSON.encode("\u2028" => "\u2029")
+    assert_equal %{{"\u2028":"\u2029"}}, ActiveSupport::JSON.encode({ "\u2028" => "\u2029" }, escape: false)
+  end
+
   def test_hash_keys_encoding
     ActiveSupport.escape_html_entities_in_json = true
     assert_equal "{\"\\u003c\\u003e\":\"\\u003c\\u003e\"}", ActiveSupport::JSON.encode("<>" => "<>")
