How to escape a single backslash in Elixir when encoding to JSON?

I have this body for a request, which in Elixir is represented like this:

body = %{
  password: "my\Password"
}

I use Poison.encode! to convert it to JSON and what it is being sent is this:

%HTTPoison.Request{
    body: "{\"sftp_password\":"\myPassword\"}
  }

If I try and escape it with a double backslash:

body = %{
  password: "my\\Password"
}

this is what is being encoded and sent in the request:

%HTTPoison.Request{
    body: "{\"sftp_password\":"\my\\\\Password\"}
  }

I also tried to convert the string to a charlist and it just encodes the code points, not the actual characters.

Is there any way to encode just one backslash, or to put it more generally: how do I pass string literals when encoding with Poison or in Elixir in general?If your question is related to Phoenix or Nerves, please post it in the Phoenix or Nerves Questions / Help section. Thanks!

1 Like

It is correctly encoded with double backslash and only one backslash is sent in request.
Multiple backslashes are used because both Elixir and JSON use them for escaping special characters.
This is just visual representation in terminal.

iex(1)> body = %{password: "my\\Password"}
%{password: "my\\Password"}
iex(2)> Poison.encode!(body)              
"{\"password\":\"my\\\\Password\"}"
iex(3)> Poison.encode!(body) |> IO.puts   
{"password":"my\\Password"}
:ok

Last result is a JSON that will be sent to the server.

2 Likes

body = %{password: ~S(my\Password)} and you don’t need to escape the backslash. Sigils can be wrapped by many different characters so unless you use all of them you should find one, which isn’t problematic: https://hexdocs.pm/elixir/syntax-reference.html#sigils

2 Likes

It still does not work with just a single backslash:

iex(12)> body = %{password: ~S(my\Password)}
%{password: "my\\Password"}
iex(13)> Poison.encode!(body)
"{\"password\":\"my\\\\Password\"}"
iex(14)> Poison.encode!(body) |> IO.puts
{"password":"my\\Password"}
:ok

I am relatively new to Elixir I come from Swift and Go where there are string literals and I find it weird that there isn’t such a thing in Elixir.

I wonder how would one know where a backslash may occur during the lifetime of an app. Let’s say you have a user’s input with one backslash (eg a text field on a mobile app). Will I as the backend dev need to use the sigil in every field that accepts user input in case someone inserts a backslash somewhere?

The problem I face is when I have one backslash, not two:

iex(9)> body = %{password: "my\Password"}
%{password: "myPassword"}
iex(10)> Poison.encode!(body)
"{\"password\":\"myPassword\"}"
iex(11)> Poison.encode!(body) |> IO.puts
{"password":"myPassword"}
:ok

You don’t actually have one backslash in the original string. See:

iex(9)> body = %{password: "my\Password"}
%{password: "myPassword"}

Notice how the output is just "myPassword". The backslash is gone there, it doesn’t have anything to do with Poison’s JSON encoding. \ is itself the escape character in a string. If you want one in there literally, you need to escape it:

iex(1)> IO.puts("my\Password")
myPassword
:ok
iex(2)> IO.puts("my\\Password")
my\Password
:ok

Notably, if you’re reading in external text that has a slash, this will not be lost:

iex(3)> string = IO.gets("Password: ")
Password: my\Password
"my\\Password\n"
iex(4)> IO.puts string
my\Password
3 Likes

Try this in your browser’s Javascript console:

alert("my\\Password")

From RFC 8259:

   Alternatively, there are two-character sequence escape
   representations of some popular characters.  So, for example, a
   string containing only a single reverse solidus character may be
   represented more compactly as "\\".
2 Likes

Thanks for the explanation. The 4 backslashes threw me off. It makes sense when I don’t think in terms of literals so I probably need to re-wire my Swift/Go brain :man_shrugging:

I don’t understand this part. Looking at Swift’s docs, it has a similar string syntax to Elixir and also has backslash escapes, so you would need to write "foo\\bar" to get a string that contains foo\bar. Or am I mistaken?

2 Likes

You can treat ~S"foo\" exactly the way you can treat `foo\` in Go, except for the newlines.

The 4 backslashes happend because of multiple layers of encoding/inspecting.

"{\"password\":\"my\\\\Password\"}" is the inspected result of the string that is returned by Poison.encode!/1.
{"password":"my\\Password"} is what actually would be sent over the “wire”. Here the backslash is still doubled, because that is how JSON wants it to be.

2 Likes