question about unexpected "</script>"

[boly38]

Hi
(you generator is very usefull, thanks)

I would like to know your opinion about the following use case:

As end user, I have html special char (like '<') into LD-JSON attributes

I write a little php script to represent the case:

<?php
require_once `vendor/autoload.php';

$context = \JsonLd\Context::create('news_article', [
    'headline' => 'Article headline',
    'description' => 'A terrible </script> here'
]);

echo $context;

echo "\n\nAn other way :\n\n";

$context = \JsonLd\Context::create('news_article', [
    'headline' => 'Article headline',
    'description' => htmlspecialchars('A terrible </script> here')
]);

echo $context;

Script output the following:

<script type="application/ld+json">{"@context":"http:\/\/schema.org","@type":"NewsArticle","headline":"Article headline","description":"A terrible <\/script> here"}</script>

An other way :

<script type="application/ld+json">{"@context":"http:\/\/schema.org","@type":"NewsArticle","headline":"Article headline","description":"A terrible &lt;\/script&gt; here"}</script>

You should notice that the first sample output an invalid HTML

I had created dedicated html page to show the escape issue:
https://gist.github.com/boly38/77164ae66055b596d75f62d789a4266a

I'm asking myself about where htmlspecialchars should be ?

• on end-user side (like beside in the second sample)
• or into the Torann library itself

what do you think?

As end-user, would be great that the library manages that point for me as, per specification, toString result is ready to embed html script.

thanks