ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/JSON-XS/README
(Generate patch)

Comparing JSON-XS/README (file contents):
Revision 1.5 by root, Sat Mar 24 01:15:22 2007 UTC vs.
Revision 1.21 by root, Tue Dec 4 10:37:42 2007 UTC

1NAME 1NAME
2 JSON::XS - JSON serialising/deserialising, done correctly and fast 2 JSON::XS - JSON serialising/deserialising, done correctly and fast
3 3
4 JSON::XS - 正しくて高速な JSON
5 シリアライザ/デシリアライザ
6 (http://fleur.hio.jp/perldoc/mix/lib/JSON/XS.html)
7
4SYNOPSIS 8SYNOPSIS
5 use JSON::XS; 9 use JSON::XS;
6 10
7 # exported functions, croak on error 11 # exported functions, they croak on error
12 # and expect/generate UTF-8
8 13
9 $utf8_encoded_json_text = to_json $perl_hash_or_arrayref; 14 $utf8_encoded_json_text = to_json $perl_hash_or_arrayref;
10 $perl_hash_or_arrayref = from_json $utf8_encoded_json_text; 15 $perl_hash_or_arrayref = from_json $utf8_encoded_json_text;
11 16
12 # oo-interface 17 # OO-interface
13 18
14 $coder = JSON::XS->new->ascii->pretty->allow_nonref; 19 $coder = JSON::XS->new->ascii->pretty->allow_nonref;
15 $pretty_printed_unencoded = $coder->encode ($perl_scalar); 20 $pretty_printed_unencoded = $coder->encode ($perl_scalar);
16 $perl_scalar = $coder->decode ($unicode_json_text); 21 $perl_scalar = $coder->decode ($unicode_json_text);
22
23 # Note that JSON version 2.0 and above will automatically use JSON::XS
24 # if available, at virtually no speed overhead either, so you should
25 # be able to just:
26
27 use JSON;
28
29 # and do the same things, except that you have a pure-perl fallback now.
17 30
18DESCRIPTION 31DESCRIPTION
19 This module converts Perl data structures to JSON and vice versa. Its 32 This module converts Perl data structures to JSON and vice versa. Its
20 primary goal is to be *correct* and its secondary goal is to be *fast*. 33 primary goal is to be *correct* and its secondary goal is to be *fast*.
21 To reach the latter goal it was written in C. 34 To reach the latter goal it was written in C.
35
36 Beginning with version 2.0 of the JSON module, when both JSON and
37 JSON::XS are installed, then JSON will fall back on JSON::XS (this can
38 be overriden) with no overhead due to emulation (by inheritign
39 constructor and methods). If JSON::XS is not available, it will fall
40 back to the compatible JSON::PP module as backend, so using JSON instead
41 of JSON::XS gives you a portable JSON API that can be fast when you need
42 and doesn't require a C compiler when that is a problem.
22 43
23 As this is the n-th-something JSON module on CPAN, what was the reason 44 As this is the n-th-something JSON module on CPAN, what was the reason
24 to write yet another JSON module? While it seems there are many JSON 45 to write yet another JSON module? While it seems there are many JSON
25 modules, none of them correctly handle all corner cases, and in most 46 modules, none of them correctly handle all corner cases, and in most
26 cases their maintainers are unresponsive, gone missing, or not listening 47 cases their maintainers are unresponsive, gone missing, or not listening
30 51
31 See MAPPING, below, on how JSON::XS maps perl values to JSON values and 52 See MAPPING, below, on how JSON::XS maps perl values to JSON values and
32 vice versa. 53 vice versa.
33 54
34 FEATURES 55 FEATURES
35 * correct handling of unicode issues 56 * correct Unicode handling
36 This module knows how to handle Unicode, and even documents how and 57 This module knows how to handle Unicode, and even documents how and
37 when it does so. 58 when it does so.
38 59
39 * round-trip integrity 60 * round-trip integrity
40 When you serialise a perl data structure using only datatypes 61 When you serialise a perl data structure using only datatypes
41 supported by JSON, the deserialised data structure is identical on 62 supported by JSON, the deserialised data structure is identical on
42 the Perl level. (e.g. the string "2.0" doesn't suddenly become "2"). 63 the Perl level. (e.g. the string "2.0" doesn't suddenly become "2"
64 just because it looks like a number).
43 65
44 * strict checking of JSON correctness 66 * strict checking of JSON correctness
45 There is no guessing, no generating of illegal JSON strings by 67 There is no guessing, no generating of illegal JSON texts by
46 default, and only JSON is accepted as input by default (the latter 68 default, and only JSON is accepted as input by default (the latter
47 is a security feature). 69 is a security feature).
48 70
49 * fast 71 * fast
50 Compared to other JSON modules, this module compares favourably in 72 Compared to other JSON modules, this module compares favourably in
53 * simple to use 75 * simple to use
54 This module has both a simple functional interface as well as an OO 76 This module has both a simple functional interface as well as an OO
55 interface. 77 interface.
56 78
57 * reasonably versatile output formats 79 * reasonably versatile output formats
58 You can choose between the most compact guarenteed single-line 80 You can choose between the most compact guaranteed single-line
59 format possible (nice for simple line-based protocols), a pure-ascii 81 format possible (nice for simple line-based protocols), a pure-ascii
60 format (for when your transport is not 8-bit clean), or a 82 format (for when your transport is not 8-bit clean, still supports
61 pretty-printed format (for when you want to read that stuff). Or you 83 the whole Unicode range), or a pretty-printed format (for when you
62 can combine those features in whatever way you like. 84 want to read that stuff). Or you can combine those features in
85 whatever way you like.
63 86
64FUNCTIONAL INTERFACE 87FUNCTIONAL INTERFACE
65 The following convinience methods are provided by this module. They are 88 The following convenience methods are provided by this module. They are
66 exported by default: 89 exported by default:
67 90
68 $json_string = to_json $perl_scalar 91 $json_text = to_json $perl_scalar
69 Converts the given Perl data structure (a simple scalar or a 92 Converts the given Perl data structure to a UTF-8 encoded, binary
70 reference to a hash or array) to a UTF-8 encoded, binary string
71 (that is, the string contains octets only). Croaks on error. 93 string (that is, the string contains octets only). Croaks on error.
72 94
73 This function call is functionally identical to 95 This function call is functionally identical to:
96
74 "JSON::XS->new->utf8->encode ($perl_scalar)". 97 $json_text = JSON::XS->new->utf8->encode ($perl_scalar)
75 98
99 except being faster.
100
76 $perl_scalar = from_json $json_string 101 $perl_scalar = from_json $json_text
77 The opposite of "to_json": expects an UTF-8 (binary) string and 102 The opposite of "to_json": expects an UTF-8 (binary) string and
78 tries to parse that as an UTF-8 encoded JSON string, returning the 103 tries to parse that as an UTF-8 encoded JSON text, returning the
79 resulting simple scalar or reference. Croaks on error. 104 resulting reference. Croaks on error.
80 105
81 This function call is functionally identical to 106 This function call is functionally identical to:
107
82 "JSON::XS->new->utf8->decode ($json_string)". 108 $perl_scalar = JSON::XS->new->utf8->decode ($json_text)
109
110 except being faster.
111
112 $is_boolean = JSON::XS::is_bool $scalar
113 Returns true if the passed scalar represents either JSON::XS::true
114 or JSON::XS::false, two constants that act like 1 and 0,
115 respectively and are used to represent JSON "true" and "false"
116 values in Perl.
117
118 See MAPPING, below, for more information on how JSON values are
119 mapped to Perl.
120
121A FEW NOTES ON UNICODE AND PERL
122 Since this often leads to confusion, here are a few very clear words on
123 how Unicode works in Perl, modulo bugs.
124
125 1. Perl strings can store characters with ordinal values > 255.
126 This enables you to store Unicode characters as single characters in
127 a Perl string - very natural.
128
129 2. Perl does *not* associate an encoding with your strings.
130 Unless you force it to, e.g. when matching it against a regex, or
131 printing the scalar to a file, in which case Perl either interprets
132 your string as locale-encoded text, octets/binary, or as Unicode,
133 depending on various settings. In no case is an encoding stored
134 together with your data, it is *use* that decides encoding, not any
135 magical metadata.
136
137 3. The internal utf-8 flag has no meaning with regards to the encoding
138 of your string.
139 Just ignore that flag unless you debug a Perl bug, a module written
140 in XS or want to dive into the internals of perl. Otherwise it will
141 only confuse you, as, despite the name, it says nothing about how
142 your string is encoded. You can have Unicode strings with that flag
143 set, with that flag clear, and you can have binary data with that
144 flag set and that flag clear. Other possibilities exist, too.
145
146 If you didn't know about that flag, just the better, pretend it
147 doesn't exist.
148
149 4. A "Unicode String" is simply a string where each character can be
150 validly interpreted as a Unicode codepoint.
151 If you have UTF-8 encoded data, it is no longer a Unicode string,
152 but a Unicode string encoded in UTF-8, giving you a binary string.
153
154 5. A string containing "high" (> 255) character values is *not* a UTF-8
155 string.
156 It's a fact. Learn to live with it.
157
158 I hope this helps :)
83 159
84OBJECT-ORIENTED INTERFACE 160OBJECT-ORIENTED INTERFACE
85 The object oriented interface lets you configure your own encoding or 161 The object oriented interface lets you configure your own encoding or
86 decoding style, within the limits of supported formats. 162 decoding style, within the limits of supported formats.
87 163
91 *disabled*. 167 *disabled*.
92 168
93 The mutators for flags all return the JSON object again and thus 169 The mutators for flags all return the JSON object again and thus
94 calls can be chained: 170 calls can be chained:
95 171
96 my $json = JSON::XS->new->utf8(1)->space_after(1)->encode ({a => [1,2]}) 172 my $json = JSON::XS->new->utf8->space_after->encode ({a => [1,2]})
97 => {"a": [1, 2]} 173 => {"a": [1, 2]}
98 174
99 $json = $json->ascii ([$enable]) 175 $json = $json->ascii ([$enable])
176 $enabled = $json->get_ascii
100 If $enable is true (or missing), then the "encode" method will not 177 If $enable is true (or missing), then the "encode" method will not
101 generate characters outside the code range 0..127. Any unicode 178 generate characters outside the code range 0..127 (which is ASCII).
102 characters outside that range will be escaped using either a single 179 Any Unicode characters outside that range will be escaped using
103 \uXXXX (BMP characters) or a double \uHHHH\uLLLLL escape sequence, 180 either a single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL
104 as per RFC4627. 181 escape sequence, as per RFC4627. The resulting encoded JSON text can
182 be treated as a native Unicode string, an ascii-encoded,
183 latin1-encoded or UTF-8 encoded string, or any other superset of
184 ASCII.
105 185
106 If $enable is false, then the "encode" method will not escape 186 If $enable is false, then the "encode" method will not escape
107 Unicode characters unless necessary. 187 Unicode characters unless required by the JSON syntax or other
188 flags. This results in a faster and more compact format.
108 189
190 The main use for this flag is to produce JSON texts that can be
191 transmitted over a 7-bit channel, as the encoded JSON texts will not
192 contain any 8 bit characters.
193
109 JSON::XS->new->ascii (1)->encode (chr 0x10401) 194 JSON::XS->new->ascii (1)->encode ([chr 0x10401])
110 => \ud801\udc01 195 => ["\ud801\udc01"]
196
197 $json = $json->latin1 ([$enable])
198 $enabled = $json->get_latin1
199 If $enable is true (or missing), then the "encode" method will
200 encode the resulting JSON text as latin1 (or iso-8859-1), escaping
201 any characters outside the code range 0..255. The resulting string
202 can be treated as a latin1-encoded JSON text or a native Unicode
203 string. The "decode" method will not be affected in any way by this
204 flag, as "decode" by default expects Unicode, which is a strict
205 superset of latin1.
206
207 If $enable is false, then the "encode" method will not escape
208 Unicode characters unless required by the JSON syntax or other
209 flags.
210
211 The main use for this flag is efficiently encoding binary data as
212 JSON text, as most octets will not be escaped, resulting in a
213 smaller encoded size. The disadvantage is that the resulting JSON
214 text is encoded in latin1 (and must correctly be treated as such
215 when storing and transferring), a rare encoding for JSON. It is
216 therefore most useful when you want to store data structures known
217 to contain binary data efficiently in files or databases, not when
218 talking to other JSON encoders/decoders.
219
220 JSON::XS->new->latin1->encode (["\x{89}\x{abc}"]
221 => ["\x{89}\\u0abc"] # (perl syntax, U+abc escaped, U+89 not)
111 222
112 $json = $json->utf8 ([$enable]) 223 $json = $json->utf8 ([$enable])
224 $enabled = $json->get_utf8
113 If $enable is true (or missing), then the "encode" method will 225 If $enable is true (or missing), then the "encode" method will
114 encode the JSON string into UTF-8, as required by many protocols, 226 encode the JSON result into UTF-8, as required by many protocols,
115 while the "decode" method expects to be handled an UTF-8-encoded 227 while the "decode" method expects to be handled an UTF-8-encoded
116 string. Please note that UTF-8-encoded strings do not contain any 228 string. Please note that UTF-8-encoded strings do not contain any
117 characters outside the range 0..255, they are thus useful for 229 characters outside the range 0..255, they are thus useful for
118 bytewise/binary I/O. 230 bytewise/binary I/O. In future versions, enabling this option might
231 enable autodetection of the UTF-16 and UTF-32 encoding families, as
232 described in RFC4627.
119 233
120 If $enable is false, then the "encode" method will return the JSON 234 If $enable is false, then the "encode" method will return the JSON
121 string as a (non-encoded) unicode string, while "decode" expects 235 string as a (non-encoded) Unicode string, while "decode" expects
122 thus a unicode string. Any decoding or encoding (e.g. to UTF-8 or 236 thus a Unicode string. Any decoding or encoding (e.g. to UTF-8 or
123 UTF-16) needs to be done yourself, e.g. using the Encode module. 237 UTF-16) needs to be done yourself, e.g. using the Encode module.
124 238
125 Example, output UTF-16-encoded JSON: 239 Example, output UTF-16BE-encoded JSON:
240
241 use Encode;
242 $jsontext = encode "UTF-16BE", JSON::XS->new->encode ($object);
243
244 Example, decode UTF-32LE-encoded JSON:
245
246 use Encode;
247 $object = JSON::XS->new->decode (decode "UTF-32LE", $jsontext);
126 248
127 $json = $json->pretty ([$enable]) 249 $json = $json->pretty ([$enable])
128 This enables (or disables) all of the "indent", "space_before" and 250 This enables (or disables) all of the "indent", "space_before" and
129 "space_after" (and in the future possibly more) flags in one call to 251 "space_after" (and in the future possibly more) flags in one call to
130 generate the most readable (or most compact) form possible. 252 generate the most readable (or most compact) form possible.
139 2 261 2
140 ] 262 ]
141 } 263 }
142 264
143 $json = $json->indent ([$enable]) 265 $json = $json->indent ([$enable])
266 $enabled = $json->get_indent
144 If $enable is true (or missing), then the "encode" method will use a 267 If $enable is true (or missing), then the "encode" method will use a
145 multiline format as output, putting every array member or 268 multiline format as output, putting every array member or
146 object/hash key-value pair into its own line, identing them 269 object/hash key-value pair into its own line, indenting them
147 properly. 270 properly.
148 271
149 If $enable is false, no newlines or indenting will be produced, and 272 If $enable is false, no newlines or indenting will be produced, and
150 the resulting JSON strings is guarenteed not to contain any 273 the resulting JSON text is guaranteed not to contain any "newlines".
151 "newlines".
152 274
153 This setting has no effect when decoding JSON strings. 275 This setting has no effect when decoding JSON texts.
154 276
155 $json = $json->space_before ([$enable]) 277 $json = $json->space_before ([$enable])
278 $enabled = $json->get_space_before
156 If $enable is true (or missing), then the "encode" method will add 279 If $enable is true (or missing), then the "encode" method will add
157 an extra optional space before the ":" separating keys from values 280 an extra optional space before the ":" separating keys from values
158 in JSON objects. 281 in JSON objects.
159 282
160 If $enable is false, then the "encode" method will not add any extra 283 If $enable is false, then the "encode" method will not add any extra
161 space at those places. 284 space at those places.
162 285
163 This setting has no effect when decoding JSON strings. You will also 286 This setting has no effect when decoding JSON texts. You will also
164 most likely combine this setting with "space_after". 287 most likely combine this setting with "space_after".
165 288
166 Example, space_before enabled, space_after and indent disabled: 289 Example, space_before enabled, space_after and indent disabled:
167 290
168 {"key" :"value"} 291 {"key" :"value"}
169 292
170 $json = $json->space_after ([$enable]) 293 $json = $json->space_after ([$enable])
294 $enabled = $json->get_space_after
171 If $enable is true (or missing), then the "encode" method will add 295 If $enable is true (or missing), then the "encode" method will add
172 an extra optional space after the ":" separating keys from values in 296 an extra optional space after the ":" separating keys from values in
173 JSON objects and extra whitespace after the "," separating key-value 297 JSON objects and extra whitespace after the "," separating key-value
174 pairs and array members. 298 pairs and array members.
175 299
176 If $enable is false, then the "encode" method will not add any extra 300 If $enable is false, then the "encode" method will not add any extra
177 space at those places. 301 space at those places.
178 302
179 This setting has no effect when decoding JSON strings. 303 This setting has no effect when decoding JSON texts.
180 304
181 Example, space_before and indent disabled, space_after enabled: 305 Example, space_before and indent disabled, space_after enabled:
182 306
183 {"key": "value"} 307 {"key": "value"}
184 308
309 $json = $json->relaxed ([$enable])
310 $enabled = $json->get_relaxed
311 If $enable is true (or missing), then "decode" will accept some
312 extensions to normal JSON syntax (see below). "encode" will not be
313 affected in anyway. *Be aware that this option makes you accept
314 invalid JSON texts as if they were valid!*. I suggest only to use
315 this option to parse application-specific files written by humans
316 (configuration files, resource files etc.)
317
318 If $enable is false (the default), then "decode" will only accept
319 valid JSON texts.
320
321 Currently accepted extensions are:
322
323 * list items can have an end-comma
324 JSON *separates* array elements and key-value pairs with commas.
325 This can be annoying if you write JSON texts manually and want
326 to be able to quickly append elements, so this extension accepts
327 comma at the end of such items not just between them:
328
329 [
330 1,
331 2, <- this comma not normally allowed
332 ]
333 {
334 "k1": "v1",
335 "k2": "v2", <- this comma not normally allowed
336 }
337
338 * shell-style '#'-comments
339 Whenever JSON allows whitespace, shell-style comments are
340 additionally allowed. They are terminated by the first
341 carriage-return or line-feed character, after which more
342 white-space and comments are allowed.
343
344 [
345 1, # this comment not allowed in JSON
346 # neither this one...
347 ]
348
185 $json = $json->canonical ([$enable]) 349 $json = $json->canonical ([$enable])
350 $enabled = $json->get_canonical
186 If $enable is true (or missing), then the "encode" method will 351 If $enable is true (or missing), then the "encode" method will
187 output JSON objects by sorting their keys. This is adding a 352 output JSON objects by sorting their keys. This is adding a
188 comparatively high overhead. 353 comparatively high overhead.
189 354
190 If $enable is false, then the "encode" method will output key-value 355 If $enable is false, then the "encode" method will output key-value
191 pairs in the order Perl stores them (which will likely change 356 pairs in the order Perl stores them (which will likely change
192 between runs of the same script). 357 between runs of the same script).
193 358
194 This option is useful if you want the same data structure to be 359 This option is useful if you want the same data structure to be
195 encoded as the same JSON string (given the same overall settings). 360 encoded as the same JSON text (given the same overall settings). If
196 If it is disabled, the same hash migh be encoded differently even if 361 it is disabled, the same hash might be encoded differently even if
197 contains the same data, as key-value pairs have no inherent ordering 362 contains the same data, as key-value pairs have no inherent ordering
198 in Perl. 363 in Perl.
199 364
200 This setting has no effect when decoding JSON strings. 365 This setting has no effect when decoding JSON texts.
201 366
202 $json = $json->allow_nonref ([$enable]) 367 $json = $json->allow_nonref ([$enable])
368 $enabled = $json->get_allow_nonref
203 If $enable is true (or missing), then the "encode" method can 369 If $enable is true (or missing), then the "encode" method can
204 convert a non-reference into its corresponding string, number or 370 convert a non-reference into its corresponding string, number or
205 null JSON value, which is an extension to RFC4627. Likewise, 371 null JSON value, which is an extension to RFC4627. Likewise,
206 "decode" will accept those JSON values instead of croaking. 372 "decode" will accept those JSON values instead of croaking.
207 373
208 If $enable is false, then the "encode" method will croak if it isn't 374 If $enable is false, then the "encode" method will croak if it isn't
209 passed an arrayref or hashref, as JSON strings must either be an 375 passed an arrayref or hashref, as JSON texts must either be an
210 object or array. Likewise, "decode" will croak if given something 376 object or array. Likewise, "decode" will croak if given something
211 that is not a JSON object or array. 377 that is not a JSON object or array.
212 378
213 Example, encode a Perl scalar as JSON value with enabled 379 Example, encode a Perl scalar as JSON value with enabled
214 "allow_nonref", resulting in an invalid JSON text: 380 "allow_nonref", resulting in an invalid JSON text:
215 381
216 JSON::XS->new->allow_nonref->encode ("Hello, World!") 382 JSON::XS->new->allow_nonref->encode ("Hello, World!")
217 => "Hello, World!" 383 => "Hello, World!"
218 384
385 $json = $json->allow_blessed ([$enable])
386 $enabled = $json->get_allow_blessed
387 If $enable is true (or missing), then the "encode" method will not
388 barf when it encounters a blessed reference. Instead, the value of
389 the convert_blessed option will decide whether "null"
390 ("convert_blessed" disabled or no "TO_JSON" method found) or a
391 representation of the object ("convert_blessed" enabled and
392 "TO_JSON" method found) is being encoded. Has no effect on "decode".
393
394 If $enable is false (the default), then "encode" will throw an
395 exception when it encounters a blessed object.
396
397 $json = $json->convert_blessed ([$enable])
398 $enabled = $json->get_convert_blessed
399 If $enable is true (or missing), then "encode", upon encountering a
400 blessed object, will check for the availability of the "TO_JSON"
401 method on the object's class. If found, it will be called in scalar
402 context and the resulting scalar will be encoded instead of the
403 object. If no "TO_JSON" method is found, the value of
404 "allow_blessed" will decide what to do.
405
406 The "TO_JSON" method may safely call die if it wants. If "TO_JSON"
407 returns other blessed objects, those will be handled in the same
408 way. "TO_JSON" must take care of not causing an endless recursion
409 cycle (== crash) in this case. The name of "TO_JSON" was chosen
410 because other methods called by the Perl core (== not by the user of
411 the object) are usually in upper case letters and to avoid
412 collisions with the "to_json" function.
413
414 This setting does not yet influence "decode" in any way, but in the
415 future, global hooks might get installed that influence "decode" and
416 are enabled by this setting.
417
418 If $enable is false, then the "allow_blessed" setting will decide
419 what to do when a blessed object is found.
420
421 $json = $json->filter_json_object ([$coderef->($hashref)])
422 When $coderef is specified, it will be called from "decode" each
423 time it decodes a JSON object. The only argument is a reference to
424 the newly-created hash. If the code references returns a single
425 scalar (which need not be a reference), this value (i.e. a copy of
426 that scalar to avoid aliasing) is inserted into the deserialised
427 data structure. If it returns an empty list (NOTE: *not* "undef",
428 which is a valid scalar), the original deserialised hash will be
429 inserted. This setting can slow down decoding considerably.
430
431 When $coderef is omitted or undefined, any existing callback will be
432 removed and "decode" will not change the deserialised hash in any
433 way.
434
435 Example, convert all JSON objects into the integer 5:
436
437 my $js = JSON::XS->new->filter_json_object (sub { 5 });
438 # returns [5]
439 $js->decode ('[{}]')
440 # throw an exception because allow_nonref is not enabled
441 # so a lone 5 is not allowed.
442 $js->decode ('{"a":1, "b":2}');
443
444 $json = $json->filter_json_single_key_object ($key [=>
445 $coderef->($value)])
446 Works remotely similar to "filter_json_object", but is only called
447 for JSON objects having a single key named $key.
448
449 This $coderef is called before the one specified via
450 "filter_json_object", if any. It gets passed the single value in the
451 JSON object. If it returns a single value, it will be inserted into
452 the data structure. If it returns nothing (not even "undef" but the
453 empty list), the callback from "filter_json_object" will be called
454 next, as if no single-key callback were specified.
455
456 If $coderef is omitted or undefined, the corresponding callback will
457 be disabled. There can only ever be one callback for a given key.
458
459 As this callback gets called less often then the
460 "filter_json_object" one, decoding speed will not usually suffer as
461 much. Therefore, single-key objects make excellent targets to
462 serialise Perl objects into, especially as single-key JSON objects
463 are as close to the type-tagged value concept as JSON gets (it's
464 basically an ID/VALUE tuple). Of course, JSON does not support this
465 in any way, so you need to make sure your data never looks like a
466 serialised Perl hash.
467
468 Typical names for the single object key are "__class_whatever__", or
469 "$__dollars_are_rarely_used__$" or "}ugly_brace_placement", or even
470 things like "__class_md5sum(classname)__", to reduce the risk of
471 clashing with real hashes.
472
473 Example, decode JSON objects of the form "{ "__widget__" => <id> }"
474 into the corresponding $WIDGET{<id>} object:
475
476 # return whatever is in $WIDGET{5}:
477 JSON::XS
478 ->new
479 ->filter_json_single_key_object (__widget__ => sub {
480 $WIDGET{ $_[0] }
481 })
482 ->decode ('{"__widget__": 5')
483
484 # this can be used with a TO_JSON method in some "widget" class
485 # for serialisation to json:
486 sub WidgetBase::TO_JSON {
487 my ($self) = @_;
488
489 unless ($self->{id}) {
490 $self->{id} = ..get..some..id..;
491 $WIDGET{$self->{id}} = $self;
492 }
493
494 { __widget__ => $self->{id} }
495 }
496
219 $json = $json->shrink ([$enable]) 497 $json = $json->shrink ([$enable])
498 $enabled = $json->get_shrink
220 Perl usually over-allocates memory a bit when allocating space for 499 Perl usually over-allocates memory a bit when allocating space for
221 strings. This flag optionally resizes strings generated by either 500 strings. This flag optionally resizes strings generated by either
222 "encode" or "decode" to their minimum size possible. This can save 501 "encode" or "decode" to their minimum size possible. This can save
223 memory when your JSON strings are either very very long or you have 502 memory when your JSON texts are either very very long or you have
224 many short strings. It will also try to downgrade any strings to 503 many short strings. It will also try to downgrade any strings to
225 octet-form if possible: perl stores strings internally either in an 504 octet-form if possible: perl stores strings internally either in an
226 encoding called UTF-X or in octet-form. The latter cannot store 505 encoding called UTF-X or in octet-form. The latter cannot store
227 everything but uses less space in general. 506 everything but uses less space in general (and some buggy Perl or C
507 code might even rely on that internal representation being used).
508
509 The actual definition of what shrink does might change in future
510 versions, but it will always try to save space at the expense of
511 time.
228 512
229 If $enable is true (or missing), the string returned by "encode" 513 If $enable is true (or missing), the string returned by "encode"
230 will be shrunk-to-fit, while all strings generated by "decode" will 514 will be shrunk-to-fit, while all strings generated by "decode" will
231 also be shrunk-to-fit. 515 also be shrunk-to-fit.
232 516
236 In the future, this setting might control other things, such as 520 In the future, this setting might control other things, such as
237 converting strings that look like integers or floats into integers 521 converting strings that look like integers or floats into integers
238 or floats internally (there is no difference on the Perl level), 522 or floats internally (there is no difference on the Perl level),
239 saving space. 523 saving space.
240 524
525 $json = $json->max_depth ([$maximum_nesting_depth])
526 $max_depth = $json->get_max_depth
527 Sets the maximum nesting level (default 512) accepted while encoding
528 or decoding. If the JSON text or Perl data structure has an equal or
529 higher nesting level then this limit, then the encoder and decoder
530 will stop and croak at that point.
531
532 Nesting level is defined by number of hash- or arrayrefs that the
533 encoder needs to traverse to reach a given point or the number of
534 "{" or "[" characters without their matching closing parenthesis
535 crossed to reach a given character in a string.
536
537 Setting the maximum depth to one disallows any nesting, so that
538 ensures that the object is only a single hash/object or array.
539
540 The argument to "max_depth" will be rounded up to the next highest
541 power of two. If no argument is given, the highest possible setting
542 will be used, which is rarely useful.
543
544 See SECURITY CONSIDERATIONS, below, for more info on why this is
545 useful.
546
547 $json = $json->max_size ([$maximum_string_size])
548 $max_size = $json->get_max_size
549 Set the maximum length a JSON text may have (in bytes) where
550 decoding is being attempted. The default is 0, meaning no limit.
551 When "decode" is called on a string longer then this number of
552 characters it will not attempt to decode the string but throw an
553 exception. This setting has no effect on "encode" (yet).
554
555 The argument to "max_size" will be rounded up to the next highest
556 power of two (so may be more than requested). If no argument is
557 given, the limit check will be deactivated (same as when 0 is
558 specified).
559
560 See SECURITY CONSIDERATIONS, below, for more info on why this is
561 useful.
562
241 $json_string = $json->encode ($perl_scalar) 563 $json_text = $json->encode ($perl_scalar)
242 Converts the given Perl data structure (a simple scalar or a 564 Converts the given Perl data structure (a simple scalar or a
243 reference to a hash or array) to its JSON representation. Simple 565 reference to a hash or array) to its JSON representation. Simple
244 scalars will be converted into JSON string or number sequences, 566 scalars will be converted into JSON string or number sequences,
245 while references to arrays become JSON arrays and references to 567 while references to arrays become JSON arrays and references to
246 hashes become JSON objects. Undefined Perl values (e.g. "undef") 568 hashes become JSON objects. Undefined Perl values (e.g. "undef")
247 become JSON "null" values. Neither "true" nor "false" values will be 569 become JSON "null" values. Neither "true" nor "false" values will be
248 generated. 570 generated.
249 571
250 $perl_scalar = $json->decode ($json_string) 572 $perl_scalar = $json->decode ($json_text)
251 The opposite of "encode": expects a JSON string and tries to parse 573 The opposite of "encode": expects a JSON text and tries to parse it,
252 it, returning the resulting simple scalar or reference. Croaks on 574 returning the resulting simple scalar or reference. Croaks on error.
253 error.
254 575
255 JSON numbers and strings become simple Perl scalars. JSON arrays 576 JSON numbers and strings become simple Perl scalars. JSON arrays
256 become Perl arrayrefs and JSON objects become Perl hashrefs. "true" 577 become Perl arrayrefs and JSON objects become Perl hashrefs. "true"
257 becomes 1, "false" becomes 0 and "null" becomes "undef". 578 becomes 1, "false" becomes 0 and "null" becomes "undef".
579
580 ($perl_scalar, $characters) = $json->decode_prefix ($json_text)
581 This works like the "decode" method, but instead of raising an
582 exception when there is trailing garbage after the first JSON
583 object, it will silently stop parsing there and return the number of
584 characters consumed so far.
585
586 This is useful if your JSON texts are not delimited by an outer
587 protocol (which is not the brightest thing to do in the first place)
588 and you need to know where the JSON text ends.
589
590 JSON::XS->new->decode_prefix ("[1] the tail")
591 => ([], 3)
258 592
259MAPPING 593MAPPING
260 This section describes how JSON::XS maps Perl values to JSON values and 594 This section describes how JSON::XS maps Perl values to JSON values and
261 vice versa. These mappings are designed to "do the right thing" in most 595 vice versa. These mappings are designed to "do the right thing" in most
262 circumstances automatically, preserving round-tripping characteristics 596 circumstances automatically, preserving round-tripping characteristics
263 (what you put in comes out as something equivalent). 597 (what you put in comes out as something equivalent).
264 598
265 For the more enlightened: note that in the following descriptions, 599 For the more enlightened: note that in the following descriptions,
266 lowercase *perl* refers to the Perl interpreter, while uppcercase *Perl* 600 lowercase *perl* refers to the Perl interpreter, while uppercase *Perl*
267 refers to the abstract Perl language itself. 601 refers to the abstract Perl language itself.
268 602
269 JSON -> PERL 603 JSON -> PERL
270 object 604 object
271 A JSON object becomes a reference to a hash in Perl. No ordering of 605 A JSON object becomes a reference to a hash in Perl. No ordering of
272 object keys is preserved (JSON does not preserver object key 606 object keys is preserved (JSON does not preserve object key ordering
273 ordering itself). 607 itself).
274 608
275 array 609 array
276 A JSON array becomes a reference to an array in Perl. 610 A JSON array becomes a reference to an array in Perl.
277 611
278 string 612 string
279 A JSON string becomes a string scalar in Perl - Unicode codepoints 613 A JSON string becomes a string scalar in Perl - Unicode codepoints
280 in JSON are represented by the same codepoints in the Perl string, 614 in JSON are represented by the same codepoints in the Perl string,
281 so no manual decoding is necessary. 615 so no manual decoding is necessary.
282 616
283 number 617 number
284 A JSON number becomes either an integer or numeric (floating point) 618 A JSON number becomes either an integer, numeric (floating point) or
285 scalar in perl, depending on its range and any fractional parts. On 619 string scalar in perl, depending on its range and any fractional
286 the Perl level, there is no difference between those as Perl handles 620 parts. On the Perl level, there is no difference between those as
287 all the conversion details, but an integer may take slightly less 621 Perl handles all the conversion details, but an integer may take
288 memory and might represent more values exactly than (floating point) 622 slightly less memory and might represent more values exactly than
289 numbers. 623 (floating point) numbers.
624
625 If the number consists of digits only, JSON::XS will try to
626 represent it as an integer value. If that fails, it will try to
627 represent it as a numeric (floating point) value if that is possible
628 without loss of precision. Otherwise it will preserve the number as
629 a string value.
630
631 Numbers containing a fractional or exponential part will always be
632 represented as numeric (floating point) values, possibly at a loss
633 of precision.
634
635 This might create round-tripping problems as numbers might become
636 strings, but as Perl is typeless there is no other way to do it.
290 637
291 true, false 638 true, false
292 These JSON atoms become 0, 1, respectively. Information is lost in 639 These JSON atoms become "JSON::XS::true" and "JSON::XS::false",
293 this process. Future versions might represent those values 640 respectively. They are overloaded to act almost exactly like the
294 differently, but they will be guarenteed to act like these integers 641 numbers 1 and 0. You can check whether a scalar is a JSON boolean by
295 would normally in Perl. 642 using the "JSON::XS::is_bool" function.
296 643
297 null 644 null
298 A JSON null atom becomes "undef" in Perl. 645 A JSON null atom becomes "undef" in Perl.
299 646
300 PERL -> JSON 647 PERL -> JSON
302 truly typeless language, so we can only guess which JSON type is meant 649 truly typeless language, so we can only guess which JSON type is meant
303 by a Perl value. 650 by a Perl value.
304 651
305 hash references 652 hash references
306 Perl hash references become JSON objects. As there is no inherent 653 Perl hash references become JSON objects. As there is no inherent
307 ordering in hash keys, they will usually be encoded in a 654 ordering in hash keys (or JSON objects), they will usually be
308 pseudo-random order that can change between runs of the same program 655 encoded in a pseudo-random order that can change between runs of the
309 but stays generally the same within a single run of a program. 656 same program but stays generally the same within a single run of a
310 JSON::XS can optionally sort the hash keys (determined by the 657 program. JSON::XS can optionally sort the hash keys (determined by
311 *canonical* flag), so the same datastructure will serialise to the 658 the *canonical* flag), so the same datastructure will serialise to
312 same JSON text (given same settings and version of JSON::XS), but 659 the same JSON text (given same settings and version of JSON::XS),
313 this incurs a runtime overhead. 660 but this incurs a runtime overhead and is only rarely useful, e.g.
661 when you want to compare some JSON text against another for
662 equality.
314 663
315 array references 664 array references
316 Perl array references become JSON arrays. 665 Perl array references become JSON arrays.
666
667 other references
668 Other unblessed references are generally not allowed and will cause
669 an exception to be thrown, except for references to the integers 0
670 and 1, which get turned into "false" and "true" atoms in JSON. You
671 can also use "JSON::XS::false" and "JSON::XS::true" to improve
672 readability.
673
674 to_json [\0,JSON::XS::true] # yields [false,true]
675
676 JSON::XS::true, JSON::XS::false
677 These special values become JSON true and JSON false values,
678 respectively. You can also use "\1" and "\0" directly if you want.
317 679
318 blessed objects 680 blessed objects
319 Blessed objects are not allowed. JSON::XS currently tries to encode 681 Blessed objects are not allowed. JSON::XS currently tries to encode
320 their underlying representation (hash- or arrayref), but this 682 their underlying representation (hash- or arrayref), but this
321 behaviour might change in future versions. 683 behaviour might change in future versions.
337 to_json [$value] # yields ["5"] 699 to_json [$value] # yields ["5"]
338 700
339 # undef becomes null 701 # undef becomes null
340 to_json [undef] # yields [null] 702 to_json [undef] # yields [null]
341 703
342 You can force the type to be a string by stringifying it: 704 You can force the type to be a JSON string by stringifying it:
343 705
344 my $x = 3.1; # some variable containing a number 706 my $x = 3.1; # some variable containing a number
345 "$x"; # stringified 707 "$x"; # stringified
346 $x .= ""; # another, more awkward way to stringify 708 $x .= ""; # another, more awkward way to stringify
347 print $x; # perl does it for you, too, quite often 709 print $x; # perl does it for you, too, quite often
348 710
349 You can force the type to be a number by numifying it: 711 You can force the type to be a JSON number by numifying it:
350 712
351 my $x = "3"; # some variable containing a string 713 my $x = "3"; # some variable containing a string
352 $x += 0; # numify it, ensuring it will be dumped as a number 714 $x += 0; # numify it, ensuring it will be dumped as a number
353 $x *= 1; # same thing, the choise is yours. 715 $x *= 1; # same thing, the choice is yours.
354 716
355 You can not currently output JSON booleans or force the type in 717 You can not currently force the type in other, less obscure, ways.
356 other, less obscure, ways. Tell me if you need this capability. 718 Tell me if you need this capability.
357
358 circular data structures
359 Those will be encoded until memory or stackspace runs out.
360 719
361COMPARISON 720COMPARISON
362 As already mentioned, this module was created because none of the 721 As already mentioned, this module was created because none of the
363 existing JSON modules could be made to work correctly. First I will 722 existing JSON modules could be made to work correctly. First I will
364 describe the problems (or pleasures) I encountered with various existing 723 describe the problems (or pleasures) I encountered with various existing
366 not to suffer from any of these problems or limitations. 725 not to suffer from any of these problems or limitations.
367 726
368 JSON 1.07 727 JSON 1.07
369 Slow (but very portable, as it is written in pure Perl). 728 Slow (but very portable, as it is written in pure Perl).
370 729
371 Undocumented/buggy Unicode handling (how JSON handles unicode values 730 Undocumented/buggy Unicode handling (how JSON handles Unicode values
372 is undocumented. One can get far by feeding it unicode strings and 731 is undocumented. One can get far by feeding it Unicode strings and
373 doing en-/decoding oneself, but unicode escapes are not working 732 doing en-/decoding oneself, but Unicode escapes are not working
374 properly). 733 properly).
375 734
376 No roundtripping (strings get clobbered if they look like numbers, 735 No round-tripping (strings get clobbered if they look like numbers,
377 e.g. the string 2.0 will encode to 2.0 instead of "2.0", and that 736 e.g. the string 2.0 will encode to 2.0 instead of "2.0", and that
378 will decode into the number 2. 737 will decode into the number 2.
379 738
380 JSON::PC 0.01 739 JSON::PC 0.01
381 Very fast. 740 Very fast.
382 741
383 Undocumented/buggy Unicode handling. 742 Undocumented/buggy Unicode handling.
384 743
385 No roundtripping. 744 No round-tripping.
386 745
387 Has problems handling many Perl values (e.g. regex results and other 746 Has problems handling many Perl values (e.g. regex results and other
388 magic values will make it croak). 747 magic values will make it croak).
389 748
390 Does not even generate valid JSON ("{1,2}" gets converted to "{1:2}" 749 Does not even generate valid JSON ("{1,2}" gets converted to "{1:2}"
391 which is not a valid JSON string. 750 which is not a valid JSON text.
392 751
393 Unmaintained (maintainer unresponsive for many months, bugs are not 752 Unmaintained (maintainer unresponsive for many months, bugs are not
394 getting fixed). 753 getting fixed).
395 754
396 JSON::Syck 0.21 755 JSON::Syck 0.21
397 Very buggy (often crashes). 756 Very buggy (often crashes).
398 757
399 Very inflexible (no human-readable format supported, format pretty 758 Very inflexible (no human-readable format supported, format pretty
400 much undocumented. I need at least a format for easy reading by 759 much undocumented. I need at least a format for easy reading by
401 humans and a single-line compact format for use in a protocol, and 760 humans and a single-line compact format for use in a protocol, and
402 preferably a way to generate ASCII-only JSON strings). 761 preferably a way to generate ASCII-only JSON texts).
403 762
404 Completely broken (and confusingly documented) Unicode handling 763 Completely broken (and confusingly documented) Unicode handling
405 (unicode escapes are not working properly, you need to set 764 (Unicode escapes are not working properly, you need to set
406 ImplicitUnicode to *different* values on en- and decoding to get 765 ImplicitUnicode to *different* values on en- and decoding to get
407 symmetric behaviour). 766 symmetric behaviour).
408 767
409 No roundtripping (simple cases work, but this depends on wether the 768 No round-tripping (simple cases work, but this depends on whether
410 scalar value was used in a numeric context or not). 769 the scalar value was used in a numeric context or not).
411 770
412 Dumping hashes may skip hash values depending on iterator state. 771 Dumping hashes may skip hash values depending on iterator state.
413 772
414 Unmaintained (maintainer unresponsive for many months, bugs are not 773 Unmaintained (maintainer unresponsive for many months, bugs are not
415 getting fixed). 774 getting fixed).
416 775
417 Does not check input for validity (i.e. will accept non-JSON input 776 Does not check input for validity (i.e. will accept non-JSON input
418 and return "something" instead of raising an exception. This is a 777 and return "something" instead of raising an exception. This is a
419 security issue: imagine two banks transfering money between each 778 security issue: imagine two banks transferring money between each
420 other using JSON. One bank might parse a given non-JSON request and 779 other using JSON. One bank might parse a given non-JSON request and
421 deduct money, while the other might reject the transaction with a 780 deduct money, while the other might reject the transaction with a
422 syntax error. While a good protocol will at least recover, that is 781 syntax error. While a good protocol will at least recover, that is
423 extra unnecessary work and the transaction will still not succeed). 782 extra unnecessary work and the transaction will still not succeed).
424 783
425 JSON::DWIW 0.04 784 JSON::DWIW 0.04
426 Very fast. Very natural. Very nice. 785 Very fast. Very natural. Very nice.
427 786
428 Undocumented unicode handling (but the best of the pack. Unicode 787 Undocumented Unicode handling (but the best of the pack. Unicode
429 escapes still don't get parsed properly). 788 escapes still don't get parsed properly).
430 789
431 Very inflexible. 790 Very inflexible.
432 791
433 No roundtripping. 792 No round-tripping.
434 793
435 Does not generate valid JSON (key strings are often unquoted, empty 794 Does not generate valid JSON texts (key strings are often unquoted,
436 keys result in nothing being output) 795 empty keys result in nothing being output)
437 796
438 Does not check input for validity. 797 Does not check input for validity.
798
799 JSON and YAML
800 You often hear that JSON is a subset (or a close subset) of YAML. This
801 is, however, a mass hysteria and very far from the truth. In general,
802 there is no way to configure JSON::XS to output a data structure as
803 valid YAML.
804
805 If you really must use JSON::XS to generate YAML, you should use this
806 algorithm (subject to change in future versions):
807
808 my $to_yaml = JSON::XS->new->utf8->space_after (1);
809 my $yaml = $to_yaml->encode ($ref) . "\n";
810
811 This will usually generate JSON texts that also parse as valid YAML.
812 Please note that YAML has hardcoded limits on (simple) object key
813 lengths that JSON doesn't have, so you should make sure that your hash
814 keys are noticeably shorter than the 1024 characters YAML allows.
815
816 There might be other incompatibilities that I am not aware of. In
817 general you should not try to generate YAML with a JSON generator or
818 vice versa, or try to parse JSON with a YAML parser or vice versa:
819 chances are high that you will run into severe interoperability
820 problems.
439 821
440 SPEED 822 SPEED
441 It seems that JSON::XS is surprisingly fast, as shown in the following 823 It seems that JSON::XS is surprisingly fast, as shown in the following
442 tables. They have been generated with the help of the "eg/bench" program 824 tables. They have been generated with the help of the "eg/bench" program
443 in the JSON::XS distribution, to make it easy to compare on your own 825 in the JSON::XS distribution, to make it easy to compare on your own
444 system. 826 system.
445 827
446 First comes a comparison between various modules using a very short JSON 828 First comes a comparison between various modules using a very short
447 string (83 bytes), showing the number of encodes/decodes per second 829 single-line JSON string:
448 (JSON::XS is the functional interface, while JSON::XS/2 is the OO 830
449 interface with pretty-printing and hashkey sorting enabled). Higher is 831 {"method": "handleMessage", "params": ["user1", "we were just talking"], \
450 better: 832 "id": null, "array":[1,11,234,-5,1e5,1e7, true, false]}
833
834 It shows the number of encodes/decodes per second (JSON::XS uses the
835 functional interface, while JSON::XS/2 uses the OO interface with
836 pretty-printing and hashkey sorting enabled, JSON::XS/3 enables shrink).
837 Higher is better:
451 838
452 module | encode | decode | 839 module | encode | decode |
453 -----------|------------|------------| 840 -----------|------------|------------|
454 JSON | 14006 | 6820 | 841 JSON 1.x | 4990.842 | 4088.813 |
455 JSON::DWIW | 200937 | 120386 | 842 JSON::DWIW | 51653.990 | 71575.154 |
456 JSON::PC | 85065 | 129366 | 843 JSON::PC | 65948.176 | 74631.744 |
457 JSON::Syck | 59898 | 44232 | 844 JSON::PP | 8931.652 | 3817.168 |
458 JSON::XS | 1171478 | 342435 | 845 JSON::Syck | 24877.248 | 27776.848 |
459 JSON::XS/2 | 730760 | 328714 | 846 JSON::XS | 388361.481 | 227951.304 |
847 JSON::XS/2 | 227951.304 | 218453.333 |
848 JSON::XS/3 | 338250.323 | 218453.333 |
849 Storable | 16500.016 | 135300.129 |
460 -----------+------------+------------+ 850 -----------+------------+------------+
461 851
462 That is, JSON::XS is 6 times faster than than JSON::DWIW and about 80 852 That is, JSON::XS is about five times faster than JSON::DWIW on
853 encoding, about three times faster on decoding, and over forty times
463 times faster than JSON, even with pretty-printing and key sorting. 854 faster than JSON, even with pretty-printing and key sorting. It also
855 compares favourably to Storable for small amounts of data.
464 856
465 Using a longer test string (roughly 18KB, generated from Yahoo! Locals 857 Using a longer test string (roughly 18KB, generated from Yahoo! Locals
466 search API (http://nanoref.com/yahooapis/mgPdGg): 858 search API (http://nanoref.com/yahooapis/mgPdGg):
467 859
468 module | encode | decode | 860 module | encode | decode |
469 -----------|------------|------------| 861 -----------|------------|------------|
470 JSON | 673 | 38 | 862 JSON 1.x | 55.260 | 34.971 |
471 JSON::DWIW | 5271 | 770 | 863 JSON::DWIW | 825.228 | 1082.513 |
864 JSON::PC | 3571.444 | 2394.829 |
472 JSON::PC | 9901 | 2491 | 865 JSON::PP | 210.987 | 32.574 |
473 JSON::Syck | 2360 | 786 | 866 JSON::Syck | 552.551 | 787.544 |
474 JSON::XS | 37398 | 3202 | 867 JSON::XS | 5780.463 | 4854.519 |
475 JSON::XS/2 | 13765 | 3153 | 868 JSON::XS/2 | 3869.998 | 4798.975 |
869 JSON::XS/3 | 5862.880 | 4798.975 |
870 Storable | 4445.002 | 5235.027 |
476 -----------+------------+------------+ 871 -----------+------------+------------+
477 872
478 Again, JSON::XS leads by far in the encoding case, while still beating 873 Again, JSON::XS leads by far (except for Storable which non-surprisingly
479 every other module in the decoding case. 874 decodes faster).
480 875
481 On large strings containing lots of unicode characters, some modules 876 On large strings containing lots of high Unicode characters, some
482 (such as JSON::PC) decode faster than JSON::XS, but the result will be 877 modules (such as JSON::PC) seem to decode faster than JSON::XS, but the
483 broken due to missing unicode handling. Others refuse to decode or 878 result will be broken due to missing (or wrong) Unicode handling. Others
484 encode properly, so it was impossible to prepare a fair comparison table 879 refuse to decode or encode properly, so it was impossible to prepare a
485 for that case. 880 fair comparison table for that case.
486 881
487RESOURCE LIMITS 882SECURITY CONSIDERATIONS
488 JSON::XS does not impose any limits on the size of JSON texts or Perl 883 When you are using JSON in a protocol, talking to untrusted potentially
489 values they represent - if your machine can handle it, JSON::XS will 884 hostile creatures requires relatively few measures.
490 encode or decode it. Future versions might optionally impose structure 885
491 depth and memory use resource limits. 886 First of all, your JSON decoder should be secure, that is, should not
887 have any buffer overflows. Obviously, this module should ensure that and
888 I am trying hard on making that true, but you never know.
889
890 Second, you need to avoid resource-starving attacks. That means you
891 should limit the size of JSON texts you accept, or make sure then when
892 your resources run out, that's just fine (e.g. by using a separate
893 process that can crash safely). The size of a JSON text in octets or
894 characters is usually a good indication of the size of the resources
895 required to decode it into a Perl structure. While JSON::XS can check
896 the size of the JSON text, it might be too late when you already have it
897 in memory, so you might want to check the size before you accept the
898 string.
899
900 Third, JSON::XS recurses using the C stack when decoding objects and
901 arrays. The C stack is a limited resource: for instance, on my amd64
902 machine with 8MB of stack size I can decode around 180k nested arrays
903 but only 14k nested JSON objects (due to perl itself recursing deeply on
904 croak to free the temporary). If that is exceeded, the program crashes.
905 to be conservative, the default nesting limit is set to 512. If your
906 process has a smaller stack, you should adjust this setting accordingly
907 with the "max_depth" method.
908
909 And last but least, something else could bomb you that I forgot to think
910 of. In that case, you get to keep the pieces. I am always open for
911 hints, though...
912
913 If you are using JSON::XS to return packets to consumption by JavaScript
914 scripts in a browser you should have a look at
915 <http://jpsykes.com/47/practical-csrf-and-json-security> to see whether
916 you are vulnerable to some common attack vectors (which really are
917 browser design bugs, but it is still you who will have to deal with it,
918 as major browser developers care only for features, not about doing
919 security right).
920
921THREADS
922 This module is *not* guaranteed to be thread safe and there are no plans
923 to change this until Perl gets thread support (as opposed to the
924 horribly slow so-called "threads" which are simply slow and bloated
925 process simulations - use fork, its *much* faster, cheaper, better).
926
927 (It might actually work, but you have been warned).
492 928
493BUGS 929BUGS
494 While the goal of this module is to be correct, that unfortunately does 930 While the goal of this module is to be correct, that unfortunately does
495 not mean its bug-free, only that I think its design is bug-free. It is 931 not mean its bug-free, only that I think its design is bug-free. It is
496 still very young and not well-tested. If you keep reporting bugs they 932 still relatively early in its development. If you keep reporting bugs
497 will be fixed swiftly, though. 933 they will be fixed swiftly, though.
934
935 Please refrain from using rt.cpan.org or any other bug reporting
936 service. I put the contact address into my modules for a reason.
498 937
499AUTHOR 938AUTHOR
500 Marc Lehmann <schmorp@schmorp.de> 939 Marc Lehmann <schmorp@schmorp.de>
501 http://home.schmorp.de/ 940 http://home.schmorp.de/
502 941

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines