string literals containing </script> are not encoded robustly

[simonmichael]

</script> inside a javascript string literal needs to be escaped to avoid premature termination of the string literal and script (eg this can break demo.hledger.org's add form, with Firefox error "SyntaxError: unterminated string literal").

Apparently there are several characters which need special handling in js string literals. See http://stackoverflow.com/a/8749240/84401 for a possible solution.

>>> putStrLn $ encode $ toJSString "</script>"
"</script>"  -- "<\/script>" or "\u003c/script\u003e" would work better

[yav]

While similar, the JavaScript and JSON do not use the same format. The specification of the JSON format that we use "ECMA-404 The JSON Data Interchange Standard" (see http://json.org).