package encoding/json
HTMLEscape appends to dst(1st parameter) the JSON-encoded src(2nd parameter) with <,>, &, U+2028 and U+2029 characters inside string literals changed to \u003c, \u003e, \u0026, \u2028, \u2029 so that the JSON will be safe to embed inside HTML <script> tags. For historical reasons, web browsers don't honor standard HTML escaping within <script> tags, so an alternative JSON encoding must be used.
Golang encoding/json.HTMLEscape() function usage example
package main
import (
"bytes"
"encoding/json"
"fmt"
)
func main() {
dst := new(bytes.Buffer)
src := []byte(`{
"<script>Name":"Adam Ng", // <----- look here
"Age":36,
"Job":"CEO"
}`)
json.HTMLEscape(dst, src)
fmt.Println(dst)
}
Output :
{
"\u003cscript\u003eName":"Adam Ng",
"Age":36,
"Job":"CEO"
}
Reference :
http://golang.org/pkg/encoding/json/#HTMLEscape
