… | |
… | |
35 | |
35 | |
36 | See MAPPING, below, on how JSON::XS maps perl values to JSON values and |
36 | See MAPPING, below, on how JSON::XS maps perl values to JSON values and |
37 | vice versa. |
37 | vice versa. |
38 | |
38 | |
39 | FEATURES |
39 | FEATURES |
40 | * correct unicode handling |
40 | * correct Unicode handling |
41 | This module knows how to handle Unicode, and even documents how and |
41 | This module knows how to handle Unicode, and even documents how and |
42 | when it does so. |
42 | when it does so. |
43 | |
43 | |
44 | * round-trip integrity |
44 | * round-trip integrity |
45 | When you serialise a perl data structure using only datatypes |
45 | When you serialise a perl data structure using only datatypes |
… | |
… | |
59 | * simple to use |
59 | * simple to use |
60 | This module has both a simple functional interface as well as an OO |
60 | This module has both a simple functional interface as well as an OO |
61 | interface. |
61 | interface. |
62 | |
62 | |
63 | * reasonably versatile output formats |
63 | * reasonably versatile output formats |
64 | You can choose between the most compact guarenteed single-line |
64 | You can choose between the most compact guaranteed single-line |
65 | format possible (nice for simple line-based protocols), a pure-ascii |
65 | format possible (nice for simple line-based protocols), a pure-ascii |
66 | format (for when your transport is not 8-bit clean, still supports |
66 | format (for when your transport is not 8-bit clean, still supports |
67 | the whole unicode range), or a pretty-printed format (for when you |
67 | the whole Unicode range), or a pretty-printed format (for when you |
68 | want to read that stuff). Or you can combine those features in |
68 | want to read that stuff). Or you can combine those features in |
69 | whatever way you like. |
69 | whatever way you like. |
70 | |
70 | |
71 | FUNCTIONAL INTERFACE |
71 | FUNCTIONAL INTERFACE |
72 | The following convinience methods are provided by this module. They are |
72 | The following convenience methods are provided by this module. They are |
73 | exported by default: |
73 | exported by default: |
74 | |
74 | |
75 | $json_text = to_json $perl_scalar |
75 | $json_text = to_json $perl_scalar |
76 | Converts the given Perl data structure to a UTF-8 encoded, binary |
76 | Converts the given Perl data structure to a UTF-8 encoded, binary |
77 | string (that is, the string contains octets only). Croaks on error. |
77 | string (that is, the string contains octets only). Croaks on error. |
… | |
… | |
105 | A FEW NOTES ON UNICODE AND PERL |
105 | A FEW NOTES ON UNICODE AND PERL |
106 | Since this often leads to confusion, here are a few very clear words on |
106 | Since this often leads to confusion, here are a few very clear words on |
107 | how Unicode works in Perl, modulo bugs. |
107 | how Unicode works in Perl, modulo bugs. |
108 | |
108 | |
109 | 1. Perl strings can store characters with ordinal values > 255. |
109 | 1. Perl strings can store characters with ordinal values > 255. |
110 | This enables you to store unicode characters as single characters in |
110 | This enables you to store Unicode characters as single characters in |
111 | a Perl string - very natural. |
111 | a Perl string - very natural. |
112 | |
112 | |
113 | 2. Perl does *not* associate an encoding with your strings. |
113 | 2. Perl does *not* associate an encoding with your strings. |
114 | Unless you force it to, e.g. when matching it against a regex, or |
114 | Unless you force it to, e.g. when matching it against a regex, or |
115 | printing the scalar to a file, in which case Perl either interprets |
115 | printing the scalar to a file, in which case Perl either interprets |
… | |
… | |
121 | 3. The internal utf-8 flag has no meaning with regards to the encoding |
121 | 3. The internal utf-8 flag has no meaning with regards to the encoding |
122 | of your string. |
122 | of your string. |
123 | Just ignore that flag unless you debug a Perl bug, a module written |
123 | Just ignore that flag unless you debug a Perl bug, a module written |
124 | in XS or want to dive into the internals of perl. Otherwise it will |
124 | in XS or want to dive into the internals of perl. Otherwise it will |
125 | only confuse you, as, despite the name, it says nothing about how |
125 | only confuse you, as, despite the name, it says nothing about how |
126 | your string is encoded. You can have unicode strings with that flag |
126 | your string is encoded. You can have Unicode strings with that flag |
127 | set, with that flag clear, and you can have binary data with that |
127 | set, with that flag clear, and you can have binary data with that |
128 | flag set and that flag clear. Other possibilities exist, too. |
128 | flag set and that flag clear. Other possibilities exist, too. |
129 | |
129 | |
130 | If you didn't know about that flag, just the better, pretend it |
130 | If you didn't know about that flag, just the better, pretend it |
131 | doesn't exist. |
131 | doesn't exist. |
… | |
… | |
135 | If you have UTF-8 encoded data, it is no longer a Unicode string, |
135 | If you have UTF-8 encoded data, it is no longer a Unicode string, |
136 | but a Unicode string encoded in UTF-8, giving you a binary string. |
136 | but a Unicode string encoded in UTF-8, giving you a binary string. |
137 | |
137 | |
138 | 5. A string containing "high" (> 255) character values is *not* a UTF-8 |
138 | 5. A string containing "high" (> 255) character values is *not* a UTF-8 |
139 | string. |
139 | string. |
140 | Its a fact. Learn to live with it. |
140 | It's a fact. Learn to live with it. |
141 | |
141 | |
142 | I hope this helps :) |
142 | I hope this helps :) |
143 | |
143 | |
144 | OBJECT-ORIENTED INTERFACE |
144 | OBJECT-ORIENTED INTERFACE |
145 | The object oriented interface lets you configure your own encoding or |
145 | The object oriented interface lets you configure your own encoding or |
… | |
… | |
157 | => {"a": [1, 2]} |
157 | => {"a": [1, 2]} |
158 | |
158 | |
159 | $json = $json->ascii ([$enable]) |
159 | $json = $json->ascii ([$enable]) |
160 | If $enable is true (or missing), then the "encode" method will not |
160 | If $enable is true (or missing), then the "encode" method will not |
161 | generate characters outside the code range 0..127 (which is ASCII). |
161 | generate characters outside the code range 0..127 (which is ASCII). |
162 | Any unicode characters outside that range will be escaped using |
162 | Any Unicode characters outside that range will be escaped using |
163 | either a single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL |
163 | either a single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL |
164 | escape sequence, as per RFC4627. The resulting encoded JSON text can |
164 | escape sequence, as per RFC4627. The resulting encoded JSON text can |
165 | be treated as a native unicode string, an ascii-encoded, |
165 | be treated as a native Unicode string, an ascii-encoded, |
166 | latin1-encoded or UTF-8 encoded string, or any other superset of |
166 | latin1-encoded or UTF-8 encoded string, or any other superset of |
167 | ASCII. |
167 | ASCII. |
168 | |
168 | |
169 | If $enable is false, then the "encode" method will not escape |
169 | If $enable is false, then the "encode" method will not escape |
170 | Unicode characters unless required by the JSON syntax or other |
170 | Unicode characters unless required by the JSON syntax or other |
… | |
… | |
179 | |
179 | |
180 | $json = $json->latin1 ([$enable]) |
180 | $json = $json->latin1 ([$enable]) |
181 | If $enable is true (or missing), then the "encode" method will |
181 | If $enable is true (or missing), then the "encode" method will |
182 | encode the resulting JSON text as latin1 (or iso-8859-1), escaping |
182 | encode the resulting JSON text as latin1 (or iso-8859-1), escaping |
183 | any characters outside the code range 0..255. The resulting string |
183 | any characters outside the code range 0..255. The resulting string |
184 | can be treated as a latin1-encoded JSON text or a native unicode |
184 | can be treated as a latin1-encoded JSON text or a native Unicode |
185 | string. The "decode" method will not be affected in any way by this |
185 | string. The "decode" method will not be affected in any way by this |
186 | flag, as "decode" by default expects unicode, which is a strict |
186 | flag, as "decode" by default expects Unicode, which is a strict |
187 | superset of latin1. |
187 | superset of latin1. |
188 | |
188 | |
189 | If $enable is false, then the "encode" method will not escape |
189 | If $enable is false, then the "encode" method will not escape |
190 | Unicode characters unless required by the JSON syntax or other |
190 | Unicode characters unless required by the JSON syntax or other |
191 | flags. |
191 | flags. |
192 | |
192 | |
193 | The main use for this flag is efficiently encoding binary data as |
193 | The main use for this flag is efficiently encoding binary data as |
194 | JSON text, as most octets will not be escaped, resulting in a |
194 | JSON text, as most octets will not be escaped, resulting in a |
195 | smaller encoded size. The disadvantage is that the resulting JSON |
195 | smaller encoded size. The disadvantage is that the resulting JSON |
196 | text is encoded in latin1 (and must correctly be treated as such |
196 | text is encoded in latin1 (and must correctly be treated as such |
197 | when storing and transfering), a rare encoding for JSON. It is |
197 | when storing and transferring), a rare encoding for JSON. It is |
198 | therefore most useful when you want to store data structures known |
198 | therefore most useful when you want to store data structures known |
199 | to contain binary data efficiently in files or databases, not when |
199 | to contain binary data efficiently in files or databases, not when |
200 | talking to other JSON encoders/decoders. |
200 | talking to other JSON encoders/decoders. |
201 | |
201 | |
202 | JSON::XS->new->latin1->encode (["\x{89}\x{abc}"] |
202 | JSON::XS->new->latin1->encode (["\x{89}\x{abc}"] |
… | |
… | |
211 | bytewise/binary I/O. In future versions, enabling this option might |
211 | bytewise/binary I/O. In future versions, enabling this option might |
212 | enable autodetection of the UTF-16 and UTF-32 encoding families, as |
212 | enable autodetection of the UTF-16 and UTF-32 encoding families, as |
213 | described in RFC4627. |
213 | described in RFC4627. |
214 | |
214 | |
215 | If $enable is false, then the "encode" method will return the JSON |
215 | If $enable is false, then the "encode" method will return the JSON |
216 | string as a (non-encoded) unicode string, while "decode" expects |
216 | string as a (non-encoded) Unicode string, while "decode" expects |
217 | thus a unicode string. Any decoding or encoding (e.g. to UTF-8 or |
217 | thus a Unicode string. Any decoding or encoding (e.g. to UTF-8 or |
218 | UTF-16) needs to be done yourself, e.g. using the Encode module. |
218 | UTF-16) needs to be done yourself, e.g. using the Encode module. |
219 | |
219 | |
220 | Example, output UTF-16BE-encoded JSON: |
220 | Example, output UTF-16BE-encoded JSON: |
221 | |
221 | |
222 | use Encode; |
222 | use Encode; |
… | |
… | |
244 | } |
244 | } |
245 | |
245 | |
246 | $json = $json->indent ([$enable]) |
246 | $json = $json->indent ([$enable]) |
247 | If $enable is true (or missing), then the "encode" method will use a |
247 | If $enable is true (or missing), then the "encode" method will use a |
248 | multiline format as output, putting every array member or |
248 | multiline format as output, putting every array member or |
249 | object/hash key-value pair into its own line, identing them |
249 | object/hash key-value pair into its own line, indenting them |
250 | properly. |
250 | properly. |
251 | |
251 | |
252 | If $enable is false, no newlines or indenting will be produced, and |
252 | If $enable is false, no newlines or indenting will be produced, and |
253 | the resulting JSON text is guarenteed not to contain any "newlines". |
253 | the resulting JSON text is guaranteed not to contain any "newlines". |
254 | |
254 | |
255 | This setting has no effect when decoding JSON texts. |
255 | This setting has no effect when decoding JSON texts. |
256 | |
256 | |
257 | $json = $json->space_before ([$enable]) |
257 | $json = $json->space_before ([$enable]) |
258 | If $enable is true (or missing), then the "encode" method will add |
258 | If $enable is true (or missing), then the "encode" method will add |
… | |
… | |
332 | pairs in the order Perl stores them (which will likely change |
332 | pairs in the order Perl stores them (which will likely change |
333 | between runs of the same script). |
333 | between runs of the same script). |
334 | |
334 | |
335 | This option is useful if you want the same data structure to be |
335 | This option is useful if you want the same data structure to be |
336 | encoded as the same JSON text (given the same overall settings). If |
336 | encoded as the same JSON text (given the same overall settings). If |
337 | it is disabled, the same hash migh be encoded differently even if |
337 | it is disabled, the same hash might be encoded differently even if |
338 | contains the same data, as key-value pairs have no inherent ordering |
338 | contains the same data, as key-value pairs have no inherent ordering |
339 | in Perl. |
339 | in Perl. |
340 | |
340 | |
341 | This setting has no effect when decoding JSON texts. |
341 | This setting has no effect when decoding JSON texts. |
342 | |
342 | |
… | |
… | |
358 | => "Hello, World!" |
358 | => "Hello, World!" |
359 | |
359 | |
360 | $json = $json->allow_blessed ([$enable]) |
360 | $json = $json->allow_blessed ([$enable]) |
361 | If $enable is true (or missing), then the "encode" method will not |
361 | If $enable is true (or missing), then the "encode" method will not |
362 | barf when it encounters a blessed reference. Instead, the value of |
362 | barf when it encounters a blessed reference. Instead, the value of |
363 | the convert_blessed option will decide wether "null" |
363 | the convert_blessed option will decide whether "null" |
364 | ("convert_blessed" disabled or no "to_json" method found) or a |
364 | ("convert_blessed" disabled or no "to_json" method found) or a |
365 | representation of the object ("convert_blessed" enabled and |
365 | representation of the object ("convert_blessed" enabled and |
366 | "to_json" method found) is being encoded. Has no effect on "decode". |
366 | "to_json" method found) is being encoded. Has no effect on "decode". |
367 | |
367 | |
368 | If $enable is false (the default), then "encode" will throw an |
368 | If $enable is false (the default), then "encode" will throw an |
… | |
… | |
431 | |
431 | |
432 | As this callback gets called less often then the |
432 | As this callback gets called less often then the |
433 | "filter_json_object" one, decoding speed will not usually suffer as |
433 | "filter_json_object" one, decoding speed will not usually suffer as |
434 | much. Therefore, single-key objects make excellent targets to |
434 | much. Therefore, single-key objects make excellent targets to |
435 | serialise Perl objects into, especially as single-key JSON objects |
435 | serialise Perl objects into, especially as single-key JSON objects |
436 | are as close to the type-tagged value concept as JSON gets (its |
436 | are as close to the type-tagged value concept as JSON gets (it's |
437 | basically an ID/VALUE tuple). Of course, JSON does not support this |
437 | basically an ID/VALUE tuple). Of course, JSON does not support this |
438 | in any way, so you need to make sure your data never looks like a |
438 | in any way, so you need to make sure your data never looks like a |
439 | serialised Perl hash. |
439 | serialised Perl hash. |
440 | |
440 | |
441 | Typical names for the single object key are "__class_whatever__", or |
441 | Typical names for the single object key are "__class_whatever__", or |
… | |
… | |
565 | vice versa. These mappings are designed to "do the right thing" in most |
565 | vice versa. These mappings are designed to "do the right thing" in most |
566 | circumstances automatically, preserving round-tripping characteristics |
566 | circumstances automatically, preserving round-tripping characteristics |
567 | (what you put in comes out as something equivalent). |
567 | (what you put in comes out as something equivalent). |
568 | |
568 | |
569 | For the more enlightened: note that in the following descriptions, |
569 | For the more enlightened: note that in the following descriptions, |
570 | lowercase *perl* refers to the Perl interpreter, while uppcercase *Perl* |
570 | lowercase *perl* refers to the Perl interpreter, while uppercase *Perl* |
571 | refers to the abstract Perl language itself. |
571 | refers to the abstract Perl language itself. |
572 | |
572 | |
573 | JSON -> PERL |
573 | JSON -> PERL |
574 | object |
574 | object |
575 | A JSON object becomes a reference to a hash in Perl. No ordering of |
575 | A JSON object becomes a reference to a hash in Perl. No ordering of |
576 | object keys is preserved (JSON does not preserver object key |
576 | object keys is preserved (JSON does not preserve object key ordering |
577 | ordering itself). |
577 | itself). |
578 | |
578 | |
579 | array |
579 | array |
580 | A JSON array becomes a reference to an array in Perl. |
580 | A JSON array becomes a reference to an array in Perl. |
581 | |
581 | |
582 | string |
582 | string |
… | |
… | |
606 | strings, but as Perl is typeless there is no other way to do it. |
606 | strings, but as Perl is typeless there is no other way to do it. |
607 | |
607 | |
608 | true, false |
608 | true, false |
609 | These JSON atoms become "JSON::XS::true" and "JSON::XS::false", |
609 | These JSON atoms become "JSON::XS::true" and "JSON::XS::false", |
610 | respectively. They are overloaded to act almost exactly like the |
610 | respectively. They are overloaded to act almost exactly like the |
611 | numbers 1 and 0. You can check wether a scalar is a JSON boolean by |
611 | numbers 1 and 0. You can check whether a scalar is a JSON boolean by |
612 | using the "JSON::XS::is_bool" function. |
612 | using the "JSON::XS::is_bool" function. |
613 | |
613 | |
614 | null |
614 | null |
615 | A JSON null atom becomes "undef" in Perl. |
615 | A JSON null atom becomes "undef" in Perl. |
616 | |
616 | |
… | |
… | |
669 | to_json [$value] # yields ["5"] |
669 | to_json [$value] # yields ["5"] |
670 | |
670 | |
671 | # undef becomes null |
671 | # undef becomes null |
672 | to_json [undef] # yields [null] |
672 | to_json [undef] # yields [null] |
673 | |
673 | |
674 | You can force the type to be a string by stringifying it: |
674 | You can force the type to be a JSON string by stringifying it: |
675 | |
675 | |
676 | my $x = 3.1; # some variable containing a number |
676 | my $x = 3.1; # some variable containing a number |
677 | "$x"; # stringified |
677 | "$x"; # stringified |
678 | $x .= ""; # another, more awkward way to stringify |
678 | $x .= ""; # another, more awkward way to stringify |
679 | print $x; # perl does it for you, too, quite often |
679 | print $x; # perl does it for you, too, quite often |
680 | |
680 | |
681 | You can force the type to be a number by numifying it: |
681 | You can force the type to be a JSON number by numifying it: |
682 | |
682 | |
683 | my $x = "3"; # some variable containing a string |
683 | my $x = "3"; # some variable containing a string |
684 | $x += 0; # numify it, ensuring it will be dumped as a number |
684 | $x += 0; # numify it, ensuring it will be dumped as a number |
685 | $x *= 1; # same thing, the choise is yours. |
685 | $x *= 1; # same thing, the choice is yours. |
686 | |
686 | |
687 | You can not currently output JSON booleans or force the type in |
687 | You can not currently force the type in other, less obscure, ways. |
688 | other, less obscure, ways. Tell me if you need this capability. |
688 | Tell me if you need this capability. |
689 | |
689 | |
690 | COMPARISON |
690 | COMPARISON |
691 | As already mentioned, this module was created because none of the |
691 | As already mentioned, this module was created because none of the |
692 | existing JSON modules could be made to work correctly. First I will |
692 | existing JSON modules could be made to work correctly. First I will |
693 | describe the problems (or pleasures) I encountered with various existing |
693 | describe the problems (or pleasures) I encountered with various existing |
… | |
… | |
695 | not to suffer from any of these problems or limitations. |
695 | not to suffer from any of these problems or limitations. |
696 | |
696 | |
697 | JSON 1.07 |
697 | JSON 1.07 |
698 | Slow (but very portable, as it is written in pure Perl). |
698 | Slow (but very portable, as it is written in pure Perl). |
699 | |
699 | |
700 | Undocumented/buggy Unicode handling (how JSON handles unicode values |
700 | Undocumented/buggy Unicode handling (how JSON handles Unicode values |
701 | is undocumented. One can get far by feeding it unicode strings and |
701 | is undocumented. One can get far by feeding it Unicode strings and |
702 | doing en-/decoding oneself, but unicode escapes are not working |
702 | doing en-/decoding oneself, but Unicode escapes are not working |
703 | properly). |
703 | properly). |
704 | |
704 | |
705 | No roundtripping (strings get clobbered if they look like numbers, |
705 | No round-tripping (strings get clobbered if they look like numbers, |
706 | e.g. the string 2.0 will encode to 2.0 instead of "2.0", and that |
706 | e.g. the string 2.0 will encode to 2.0 instead of "2.0", and that |
707 | will decode into the number 2. |
707 | will decode into the number 2. |
708 | |
708 | |
709 | JSON::PC 0.01 |
709 | JSON::PC 0.01 |
710 | Very fast. |
710 | Very fast. |
711 | |
711 | |
712 | Undocumented/buggy Unicode handling. |
712 | Undocumented/buggy Unicode handling. |
713 | |
713 | |
714 | No roundtripping. |
714 | No round-tripping. |
715 | |
715 | |
716 | Has problems handling many Perl values (e.g. regex results and other |
716 | Has problems handling many Perl values (e.g. regex results and other |
717 | magic values will make it croak). |
717 | magic values will make it croak). |
718 | |
718 | |
719 | Does not even generate valid JSON ("{1,2}" gets converted to "{1:2}" |
719 | Does not even generate valid JSON ("{1,2}" gets converted to "{1:2}" |
… | |
… | |
729 | much undocumented. I need at least a format for easy reading by |
729 | much undocumented. I need at least a format for easy reading by |
730 | humans and a single-line compact format for use in a protocol, and |
730 | humans and a single-line compact format for use in a protocol, and |
731 | preferably a way to generate ASCII-only JSON texts). |
731 | preferably a way to generate ASCII-only JSON texts). |
732 | |
732 | |
733 | Completely broken (and confusingly documented) Unicode handling |
733 | Completely broken (and confusingly documented) Unicode handling |
734 | (unicode escapes are not working properly, you need to set |
734 | (Unicode escapes are not working properly, you need to set |
735 | ImplicitUnicode to *different* values on en- and decoding to get |
735 | ImplicitUnicode to *different* values on en- and decoding to get |
736 | symmetric behaviour). |
736 | symmetric behaviour). |
737 | |
737 | |
738 | No roundtripping (simple cases work, but this depends on wether the |
738 | No round-tripping (simple cases work, but this depends on whether |
739 | scalar value was used in a numeric context or not). |
739 | the scalar value was used in a numeric context or not). |
740 | |
740 | |
741 | Dumping hashes may skip hash values depending on iterator state. |
741 | Dumping hashes may skip hash values depending on iterator state. |
742 | |
742 | |
743 | Unmaintained (maintainer unresponsive for many months, bugs are not |
743 | Unmaintained (maintainer unresponsive for many months, bugs are not |
744 | getting fixed). |
744 | getting fixed). |
745 | |
745 | |
746 | Does not check input for validity (i.e. will accept non-JSON input |
746 | Does not check input for validity (i.e. will accept non-JSON input |
747 | and return "something" instead of raising an exception. This is a |
747 | and return "something" instead of raising an exception. This is a |
748 | security issue: imagine two banks transfering money between each |
748 | security issue: imagine two banks transferring money between each |
749 | other using JSON. One bank might parse a given non-JSON request and |
749 | other using JSON. One bank might parse a given non-JSON request and |
750 | deduct money, while the other might reject the transaction with a |
750 | deduct money, while the other might reject the transaction with a |
751 | syntax error. While a good protocol will at least recover, that is |
751 | syntax error. While a good protocol will at least recover, that is |
752 | extra unnecessary work and the transaction will still not succeed). |
752 | extra unnecessary work and the transaction will still not succeed). |
753 | |
753 | |
754 | JSON::DWIW 0.04 |
754 | JSON::DWIW 0.04 |
755 | Very fast. Very natural. Very nice. |
755 | Very fast. Very natural. Very nice. |
756 | |
756 | |
757 | Undocumented unicode handling (but the best of the pack. Unicode |
757 | Undocumented Unicode handling (but the best of the pack. Unicode |
758 | escapes still don't get parsed properly). |
758 | escapes still don't get parsed properly). |
759 | |
759 | |
760 | Very inflexible. |
760 | Very inflexible. |
761 | |
761 | |
762 | No roundtripping. |
762 | No round-tripping. |
763 | |
763 | |
764 | Does not generate valid JSON texts (key strings are often unquoted, |
764 | Does not generate valid JSON texts (key strings are often unquoted, |
765 | empty keys result in nothing being output) |
765 | empty keys result in nothing being output) |
766 | |
766 | |
767 | Does not check input for validity. |
767 | Does not check input for validity. |
… | |
… | |
779 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
779 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
780 | |
780 | |
781 | This will usually generate JSON texts that also parse as valid YAML. |
781 | This will usually generate JSON texts that also parse as valid YAML. |
782 | Please note that YAML has hardcoded limits on (simple) object key |
782 | Please note that YAML has hardcoded limits on (simple) object key |
783 | lengths that JSON doesn't have, so you should make sure that your hash |
783 | lengths that JSON doesn't have, so you should make sure that your hash |
784 | keys are noticably shorter than the 1024 characters YAML allows. |
784 | keys are noticeably shorter than the 1024 characters YAML allows. |
785 | |
785 | |
786 | There might be other incompatibilities that I am not aware of. In |
786 | There might be other incompatibilities that I am not aware of. In |
787 | general you should not try to generate YAML with a JSON generator or |
787 | general you should not try to generate YAML with a JSON generator or |
788 | vice versa, or try to parse JSON with a YAML parser or vice versa: |
788 | vice versa, or try to parse JSON with a YAML parser or vice versa: |
789 | chances are high that you will run into severe interoperability |
789 | chances are high that you will run into severe interoperability |
… | |
… | |
820 | JSON::XS/3 | 338250.323 | 218453.333 | |
820 | JSON::XS/3 | 338250.323 | 218453.333 | |
821 | Storable | 16500.016 | 135300.129 | |
821 | Storable | 16500.016 | 135300.129 | |
822 | -----------+------------+------------+ |
822 | -----------+------------+------------+ |
823 | |
823 | |
824 | That is, JSON::XS is about five times faster than JSON::DWIW on |
824 | That is, JSON::XS is about five times faster than JSON::DWIW on |
825 | encoding, about three times faster on decoding, and over fourty times |
825 | encoding, about three times faster on decoding, and over forty times |
826 | faster than JSON, even with pretty-printing and key sorting. It also |
826 | faster than JSON, even with pretty-printing and key sorting. It also |
827 | compares favourably to Storable for small amounts of data. |
827 | compares favourably to Storable for small amounts of data. |
828 | |
828 | |
829 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
829 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
830 | search API (http://nanoref.com/yahooapis/mgPdGg): |
830 | search API (http://nanoref.com/yahooapis/mgPdGg): |
… | |
… | |
843 | -----------+------------+------------+ |
843 | -----------+------------+------------+ |
844 | |
844 | |
845 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
845 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
846 | decodes faster). |
846 | decodes faster). |
847 | |
847 | |
848 | On large strings containing lots of high unicode characters, some |
848 | On large strings containing lots of high Unicode characters, some |
849 | modules (such as JSON::PC) seem to decode faster than JSON::XS, but the |
849 | modules (such as JSON::PC) seem to decode faster than JSON::XS, but the |
850 | result will be broken due to missing (or wrong) unicode handling. Others |
850 | result will be broken due to missing (or wrong) Unicode handling. Others |
851 | refuse to decode or encode properly, so it was impossible to prepare a |
851 | refuse to decode or encode properly, so it was impossible to prepare a |
852 | fair comparison table for that case. |
852 | fair comparison table for that case. |
853 | |
853 | |
854 | SECURITY CONSIDERATIONS |
854 | SECURITY CONSIDERATIONS |
855 | When you are using JSON in a protocol, talking to untrusted potentially |
855 | When you are using JSON in a protocol, talking to untrusted potentially |
… | |
… | |
859 | have any buffer overflows. Obviously, this module should ensure that and |
859 | have any buffer overflows. Obviously, this module should ensure that and |
860 | I am trying hard on making that true, but you never know. |
860 | I am trying hard on making that true, but you never know. |
861 | |
861 | |
862 | Second, you need to avoid resource-starving attacks. That means you |
862 | Second, you need to avoid resource-starving attacks. That means you |
863 | should limit the size of JSON texts you accept, or make sure then when |
863 | should limit the size of JSON texts you accept, or make sure then when |
864 | your resources run out, thats just fine (e.g. by using a separate |
864 | your resources run out, that's just fine (e.g. by using a separate |
865 | process that can crash safely). The size of a JSON text in octets or |
865 | process that can crash safely). The size of a JSON text in octets or |
866 | characters is usually a good indication of the size of the resources |
866 | characters is usually a good indication of the size of the resources |
867 | required to decode it into a Perl structure. While JSON::XS can check |
867 | required to decode it into a Perl structure. While JSON::XS can check |
868 | the size of the JSON text, it might be too late when you already have it |
868 | the size of the JSON text, it might be too late when you already have it |
869 | in memory, so you might want to check the size before you accept the |
869 | in memory, so you might want to check the size before you accept the |
… | |
… | |
880 | |
880 | |
881 | And last but least, something else could bomb you that I forgot to think |
881 | And last but least, something else could bomb you that I forgot to think |
882 | of. In that case, you get to keep the pieces. I am always open for |
882 | of. In that case, you get to keep the pieces. I am always open for |
883 | hints, though... |
883 | hints, though... |
884 | |
884 | |
885 | If you are using JSON::XS to return packets to consumption by javascript |
885 | If you are using JSON::XS to return packets to consumption by JavaScript |
886 | scripts in a browser you should have a look at |
886 | scripts in a browser you should have a look at |
887 | <http://jpsykes.com/47/practical-csrf-and-json-security> to see wether |
887 | <http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
888 | you are vulnerable to some common attack vectors (which really are |
888 | you are vulnerable to some common attack vectors (which really are |
889 | browser design bugs, but it is still you who will have to deal with it, |
889 | browser design bugs, but it is still you who will have to deal with it, |
890 | as major browser developers care only for features, not about doing |
890 | as major browser developers care only for features, not about doing |
891 | security right). |
891 | security right). |
892 | |
892 | |
893 | THREADS |
893 | THREADS |
894 | This module is *not* guarenteed to be thread safe and there are no plans |
894 | This module is *not* guaranteed to be thread safe and there are no plans |
895 | to change this until Perl gets thread support (as opposed to the |
895 | to change this until Perl gets thread support (as opposed to the |
896 | horribly slow so-called "threads" which are simply slow and bloated |
896 | horribly slow so-called "threads" which are simply slow and bloated |
897 | process simulations - use fork, its *much* faster, cheaper, better). |
897 | process simulations - use fork, its *much* faster, cheaper, better). |
898 | |
898 | |
899 | (It might actually work, but you ahve ben warned). |
899 | (It might actually work, but you have been warned). |
900 | |
900 | |
901 | BUGS |
901 | BUGS |
902 | While the goal of this module is to be correct, that unfortunately does |
902 | While the goal of this module is to be correct, that unfortunately does |
903 | not mean its bug-free, only that I think its design is bug-free. It is |
903 | not mean its bug-free, only that I think its design is bug-free. It is |
904 | still relatively early in its development. If you keep reporting bugs |
904 | still relatively early in its development. If you keep reporting bugs |