Java: detect control characters which are not correct for JSON

I am reinventing the wheel and creating my own JSON parse methods in Java.

I am going by the (very nice!) documentation on json.org. The only part I am unsure about is where it says "or control character"

Since the documentation is so clear, and JSON is so simple and easy to implement, I thought I would go ahead and require the spec instead of being loose.

How would I correctly strip out control characters in Java? Perhaps there is a unicode range?

Edit: A (commonly?) missing peice to the puzzle

I have been informed that there are other control characters outside of the defined range ^{1 2} that can be troublesome in tags.

Most notably the characters U+2028 and U+2029, Line and Paragraph Separator, which act as newlines. Injecting a newline into the middle of a string literal will most likely cause a syntax error (unterminated string literal). ³

Though I believe this does not pose an XSS threat, it is still a good idea to add extra rules for the use in tags.

• Just be simple and encode all non-"ASCII printable" characters with \u notation. Those characters are uncommon to begin with. If you like, you could add to the white-list, but I do recommend a white-list approach.
• In case you are not aware, do not forget about (not case sensitive), which could cause HTML script injection to your page with the characters . None of those characters are by default encoded in JSON.