I would advise not to encapsulate the data in json and then put it in a hash. The reason is that JSON itself needs a lot of markup and will actually open some security holes, as you will need the later eval code, which comes directly from the user.
As a better alternative, I would recommend using x-www-form-urlencoded as encapsulation. For example, if this is your state object:
var stateObject = { userName: 'John Doe', age: 31 }
Then you will create a hash fragment as follows:
// Create an array to build the output string. var hashPartBuffer = []; for (var k in stateObject) { hashPartBuffer.push( encodeURIComponent(k), '=', encodeURIComponent(stateObject[k]), '&'); } if (hashPartBuffer.length) { // Remove the last element from the string buffer // which is '&'. hashPartBuffer.pop(); } var hashPartString = hashPartBuffer.join(''); // This will now be 'userName=John%20Doe&age=31'
Then you parse this back:
var hashPartString = 'userName=John%20Doe&age=31'; var pairs = hashPartString.split(/&/); var stateObject = {}; for (var i = 0; i < pairs.length; i++) { var keyValue = pairs.split(/=/);