diff --git a/src/parser/PhutilJSON.php b/src/parser/PhutilJSON.php
--- a/src/parser/PhutilJSON.php
+++ b/src/parser/PhutilJSON.php
@@ -24,6 +24,17 @@
   }
 
 
+  /**
+   * Encode a list in JSON and pretty-print it, discarding keys.
+   *
+   * @param list<wild> List to encode in JSON.
+   * @return string Pretty-printed list representation.
+   */
+  public function encodeAsList(array $list) {
+    return $this->encodeFormattedArray($list, 0)."\n";
+  }
+
+
 /* -(  Internals  )---------------------------------------------------------- */
 
 
@@ -113,7 +124,15 @@
         return $this->encodeFormattedObject($value, $depth);
       }
     } else {
-      return json_encode($value);
+      if (defined('JSON_UNESCAPED_SLASHES')) {
+        // If we have a new enough version of PHP, disable escaping of slashes
+        // when pretty-printing values. Escaping slashes can defuse an attack
+        // where the attacker embeds "</script>" inside a JSON string, but that
+        // isn't relevant when rendering JSON for human viewers.
+        return json_encode($value, JSON_UNESCAPED_SLASHES);
+      } else {
+        return json_encode($value);
+      }
     }
   }