From 5c2fbfabf6661d99511e9fa7ca49a06d2a1595da Mon Sep 17 00:00:00 2001
From: Niklas Fiekas <niklas.fiekas@googlemail.com>
Date: Thu, 7 Jun 2012 16:36:16 +0200
Subject: [PATCH] [HttpFoundation] Make JsonResponse HTML safe.

---
 src/Symfony/Component/HttpFoundation/JsonResponse.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/HttpFoundation/JsonResponse.php b/src/Symfony/Component/HttpFoundation/JsonResponse.php
index ae0a8a7abf..734628ffe8 100644
--- a/src/Symfony/Component/HttpFoundation/JsonResponse.php
+++ b/src/Symfony/Component/HttpFoundation/JsonResponse.php
@@ -82,7 +82,8 @@ class JsonResponse extends Response
             $data = new \ArrayObject();
         }
 
-        $this->data = json_encode($data);
+        // Encode <, >, ', &, and " for RFC4627-compliant JSON, which may also be embedded into HTML.
+        $this->data = json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
 
         return $this->update();
     }