How can I robustly sanitize user input for JSON in n8n's HTTP Request Node?

Below is a summary of the issue and some suggestions to resolve it:

---

Problem Description
When using the HTTP Request node with a JSON body, most messages work fine; however, if a user enters unexpected or “weird” characters (which may include escaped newlines, tabs, quotes, etc.), you intermittently see an error:

  "JSON parameter need to be a valid JSON"

Even though you replace some line breaks and tab characters using .replace(), the error still happens for some inputs. The error indicates that the overall JSON—as produced by your expressions—is not valid JSON for certain payloads.

---

Why This Happens
When you pass user-generated text directly into your JSON structure, it may include characters that break JSON parsing. In some cases, the replacement of newlines or tabs isn’t enough; there might be extra quotes or other characters causing the JSON to be malformed. This is why the error only appears occasionally with some specific messages.

---

Suggestions to Fix the Issue

1. Sanitize and Encode Your Data Before Building the JSON
   Instead of only using a replace expression, consider sanitizing the input completely. One robust approach is to pass the user input through a function (or set node) that uses JSON.stringify to correctly encode the data. This way, any character that might break the JSON is properly escaped. For example, create a Function node like this:

   JSCopied
   // In a Function node
   const cleanRequest = $json["CleanRequest"].item.json;
   const beekeeperUser = $json["BeekeeperUser"].item.json;
   
   // Construct an object
   const payload = {
     useridentifier: beekeeperUser.tenantuserid,
     recipient: "support-la@wepractice.ch",
     departmentid: cleanRequest.departmentID,
     subject: (cleanRequest.subject || "").replace(/(\r\n|\n|\t|\r)/gm, ""),
     message: (cleanRequest.message || "").replace(/(\r\n|\n|\t|\r)/gm, ""),
     recipient_name: "Philipp",
     status: "N",
     mail_message_id: "string",
     do_not_send_mail: "N",
     use_template: "Y",
     is_html_message: "N",
     custom_fields: [
       { code: "kategorie", value: cleanRequest.requestCategory },
       { code: "form", value: cleanRequest.requestForm },
     ]
   };
   
   // Use JSON.stringify to build the business logic –
   // You can either store this in a new field or return it directly.
   return [{ json: { payload, payloadString: JSON.stringify(payload) } }];

   Then in your HTTP Request node, use the output field (for instance, {{$json.payload}} or {{$json.payloadString}} if you want a string) to ensure the JSON is properly encoded.

2. Check Your Quotes and Expression Wrapping
   Ensure that the JSON text in the HTTP Request node uses standard straight quotes (") rather than curly/smart quotes (“”). Also, check that any expression you’re using is wrapped in double curly brackets ({{ }}) so that the full JSON structure evaluates correctly.

3. Pre-Test Your JSON
   As a best practice, test the produced JSON in an online JSON validator to quickly verify that the data is valid. If necessary, you can add additional sanitization (for example, escaping internal quotes) before the HTTP Request node gets executed.

---

By ensuring that your JSON is built from clean, fully encoded data – preferably using something like JSON.stringify – you avoid most issues where user input unexpectedly breaks the JSON formatting. This method is a safer, more general solution for handling arbitrary data from users.

Hope this helps resolve your issue!