In Go language,JSON、AsciiJSON、PureJSONandSecureJSONIs the method used by the Gin framework to send JSON responses.
1.
Function: Serializes the provided data into standard JSON format and sends it to the client as an HTTP response.
Features:
- Supports Unicode characters, no need to escape non-ASCII characters.
- Certain characters, such as <, >, and &, are automatically escaped to the corresponding Unicode escape sequences.
Usage scenarios:
- When you need to send JSON data containing Unicode characters (such as Chinese, emoticons, etc.).
2.
Function: Serialize the data into JSON format containing only ASCII characters, ensuring that the JSON content is ASCII encoded by escaping non-ASCII characters.
Features:
- All non-ASCII characters (such as Chinese, special symbols) will be escaped to Unicode encoding (such as
\uXXXX)。
Usage scenarios:
- Suitable for scenarios where it is necessary to ensure that the JSON response is pure ASCII, such as some legacy systems or specific security requirements.
- The client has strict requirements for JSON encoding and only accepts ASCII characters.
- Avoid reading or parsing problems caused by non-ASCII characters.
3.
Function: Send pure JSON data without additional processing, without any wrapping or escaping.
Features:
- Send the provided JSON data directly to the client.
- Avoid additional modifications to JSON data by the framework.
Usage scenarios:
- The JSON data that meets the requirements has been preprocessed or generated and you do not want any intervention from the framework.
- When you need to send a JSON response in a specific format or structure.
4.
Function: Add a security prefix before the JSON response to prevent JSON Hijacking attacks.
Features:
- It is common to add specific characters or strings before JSON data (e.g.
")]}',\n"), making the response no longer valid JavaScript code, increasing security.
Usage scenarios:
- Suitable for public APIs or scenarios where specific security threats need to be protected.
- When providing cross-domain API, prevent malicious websites from passing through
<script>Tags load JSON data for attack. - The security of JSON responses needs to be enhanced to avoid malicious exploitation.
code
package main
import (
"net/http"
"/gin-gonic/gin"
)
typeUser struct {
Name string `json:"name"`
Email string `json:"email"`
Names []string `json:"names"`
}
func main() {
//Create the default Gin engine
r := ()
// sample data
user := User{
Name: "Zhang San", // Contains non-ASCII characters
Email: "zhangsan<@>",
Names: []string{"lena", "austin", "foo"},
}
//Route 1: Use (standard JSON response, supports Unicode)
("/json", func(c *) {
(, user)
//output:
// {
// "name": "Zhang San",
// "email": "zhangsan\u003c@\u003e"
// "names": ["lena","austin","foo"]
// }
})
// Route 2: Use (ASCII encoded JSON, non-ASCII characters will be escaped)
("/ascii-json", func(c *) {
(, user)
//output:
// {
// "name": "\u5f20\u4e09",
// "email": "zhangsan\u003c@\u003e"
// "names": ["lena","austin","foo"]
// }
})
// Route 3: Use
// JSON uses unicode to replace special HTML characters, such as < becomes \ u003c. If you want to encode these characters literally, you can use PureJSON
("/pure-json", func(c *) {
(, user)
//output:
// {"name":"Zhang San","email":"zhangsan<@>, "names":["lena","austin","foo"]}
})
// Route 4: Use (add a security prefix before JSON to prevent JSON Hijacking attacks)
// If the given structure is an array value, "while(1)," is preset to the response body by default
("/secure-json", func(c *) {
//The default prefix is ")];}',\n"
(, user)
// Output similar to:
// )]}',
// {
// "name": "Zhang San",
// "email": "zhangsan\u003c@\u003e"
// "names": ["lena","austin","foo"]
// }
})
// Start the server and listen on port 8080
(":8080")
}Summarize
-
: Standard JSON response, supports Unicode. -
: ASCII encoded JSON response, non-ASCII characters will be escaped. -
: Send raw, unprocessed JSON data. -
: Add a security prefix before JSON to prevent JSON Hijacking attacks.