When I've dealt with this sort of issue, I always escaped my strings before feeding them into JSON. Usually this means simply feeding it through HTML::Entities' encode_entities (or possibly URI::Escape's uri_escape_utf8 depending on its end point). I trust browsers' and JavaScript engines' non-ascii character handling about as far as I can throw them, which isn't far considering their non-corporeal nature.