1 | NAME |
1 | NAME |
2 | JSON::XS - JSON serialising/deserialising, done correctly and fast |
2 | JSON::XS - JSON serialising/deserialising, done correctly and fast |
|
|
3 | |
|
|
4 | JSON::XS - 正しくて高速な JSON |
|
|
5 | シリアライザ/デシリアライザ |
|
|
6 | (http://fleur.hio.jp/perldoc/mix/lib/JSON/XS.html) |
3 | |
7 | |
4 | SYNOPSIS |
8 | SYNOPSIS |
5 | use JSON::XS; |
9 | use JSON::XS; |
6 | |
10 | |
7 | # exported functions, they croak on error |
11 | # exported functions, they croak on error |
… | |
… | |
31 | |
35 | |
32 | See MAPPING, below, on how JSON::XS maps perl values to JSON values and |
36 | See MAPPING, below, on how JSON::XS maps perl values to JSON values and |
33 | vice versa. |
37 | vice versa. |
34 | |
38 | |
35 | FEATURES |
39 | FEATURES |
36 | * correct unicode handling |
40 | * correct Unicode handling |
37 | This module knows how to handle Unicode, and even documents how and |
41 | This module knows how to handle Unicode, and even documents how and |
38 | when it does so. |
42 | when it does so. |
39 | |
43 | |
40 | * round-trip integrity |
44 | * round-trip integrity |
41 | When you serialise a perl data structure using only datatypes |
45 | When you serialise a perl data structure using only datatypes |
… | |
… | |
55 | * simple to use |
59 | * simple to use |
56 | This module has both a simple functional interface as well as an OO |
60 | This module has both a simple functional interface as well as an OO |
57 | interface. |
61 | interface. |
58 | |
62 | |
59 | * reasonably versatile output formats |
63 | * reasonably versatile output formats |
60 | You can choose between the most compact guarenteed single-line |
64 | You can choose between the most compact guaranteed single-line |
61 | format possible (nice for simple line-based protocols), a pure-ascii |
65 | format possible (nice for simple line-based protocols), a pure-ascii |
62 | format (for when your transport is not 8-bit clean, still supports |
66 | format (for when your transport is not 8-bit clean, still supports |
63 | the whole unicode range), or a pretty-printed format (for when you |
67 | the whole Unicode range), or a pretty-printed format (for when you |
64 | want to read that stuff). Or you can combine those features in |
68 | want to read that stuff). Or you can combine those features in |
65 | whatever way you like. |
69 | whatever way you like. |
66 | |
70 | |
67 | FUNCTIONAL INTERFACE |
71 | FUNCTIONAL INTERFACE |
68 | The following convinience methods are provided by this module. They are |
72 | The following convenience methods are provided by this module. They are |
69 | exported by default: |
73 | exported by default: |
70 | |
74 | |
71 | $json_text = to_json $perl_scalar |
75 | $json_text = to_json $perl_scalar |
72 | Converts the given Perl data structure (a simple scalar or a |
76 | Converts the given Perl data structure to a UTF-8 encoded, binary |
73 | reference to a hash or array) to a UTF-8 encoded, binary string |
|
|
74 | (that is, the string contains octets only). Croaks on error. |
77 | string (that is, the string contains octets only). Croaks on error. |
75 | |
78 | |
76 | This function call is functionally identical to: |
79 | This function call is functionally identical to: |
77 | |
80 | |
78 | $json_text = JSON::XS->new->utf8->encode ($perl_scalar) |
81 | $json_text = JSON::XS->new->utf8->encode ($perl_scalar) |
79 | |
82 | |
80 | except being faster. |
83 | except being faster. |
81 | |
84 | |
82 | $perl_scalar = from_json $json_text |
85 | $perl_scalar = from_json $json_text |
83 | The opposite of "to_json": expects an UTF-8 (binary) string and |
86 | The opposite of "to_json": expects an UTF-8 (binary) string and |
84 | tries to parse that as an UTF-8 encoded JSON text, returning the |
87 | tries to parse that as an UTF-8 encoded JSON text, returning the |
85 | resulting simple scalar or reference. Croaks on error. |
88 | resulting reference. Croaks on error. |
86 | |
89 | |
87 | This function call is functionally identical to: |
90 | This function call is functionally identical to: |
88 | |
91 | |
89 | $perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
92 | $perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
90 | |
93 | |
… | |
… | |
97 | values in Perl. |
100 | values in Perl. |
98 | |
101 | |
99 | See MAPPING, below, for more information on how JSON values are |
102 | See MAPPING, below, for more information on how JSON values are |
100 | mapped to Perl. |
103 | mapped to Perl. |
101 | |
104 | |
|
|
105 | A FEW NOTES ON UNICODE AND PERL |
|
|
106 | Since this often leads to confusion, here are a few very clear words on |
|
|
107 | how Unicode works in Perl, modulo bugs. |
|
|
108 | |
|
|
109 | 1. Perl strings can store characters with ordinal values > 255. |
|
|
110 | This enables you to store Unicode characters as single characters in |
|
|
111 | a Perl string - very natural. |
|
|
112 | |
|
|
113 | 2. Perl does *not* associate an encoding with your strings. |
|
|
114 | Unless you force it to, e.g. when matching it against a regex, or |
|
|
115 | printing the scalar to a file, in which case Perl either interprets |
|
|
116 | your string as locale-encoded text, octets/binary, or as Unicode, |
|
|
117 | depending on various settings. In no case is an encoding stored |
|
|
118 | together with your data, it is *use* that decides encoding, not any |
|
|
119 | magical metadata. |
|
|
120 | |
|
|
121 | 3. The internal utf-8 flag has no meaning with regards to the encoding |
|
|
122 | of your string. |
|
|
123 | Just ignore that flag unless you debug a Perl bug, a module written |
|
|
124 | in XS or want to dive into the internals of perl. Otherwise it will |
|
|
125 | only confuse you, as, despite the name, it says nothing about how |
|
|
126 | your string is encoded. You can have Unicode strings with that flag |
|
|
127 | set, with that flag clear, and you can have binary data with that |
|
|
128 | flag set and that flag clear. Other possibilities exist, too. |
|
|
129 | |
|
|
130 | If you didn't know about that flag, just the better, pretend it |
|
|
131 | doesn't exist. |
|
|
132 | |
|
|
133 | 4. A "Unicode String" is simply a string where each character can be |
|
|
134 | validly interpreted as a Unicode codepoint. |
|
|
135 | If you have UTF-8 encoded data, it is no longer a Unicode string, |
|
|
136 | but a Unicode string encoded in UTF-8, giving you a binary string. |
|
|
137 | |
|
|
138 | 5. A string containing "high" (> 255) character values is *not* a UTF-8 |
|
|
139 | string. |
|
|
140 | It's a fact. Learn to live with it. |
|
|
141 | |
|
|
142 | I hope this helps :) |
|
|
143 | |
102 | OBJECT-ORIENTED INTERFACE |
144 | OBJECT-ORIENTED INTERFACE |
103 | The object oriented interface lets you configure your own encoding or |
145 | The object oriented interface lets you configure your own encoding or |
104 | decoding style, within the limits of supported formats. |
146 | decoding style, within the limits of supported formats. |
105 | |
147 | |
106 | $json = new JSON::XS |
148 | $json = new JSON::XS |
… | |
… | |
115 | => {"a": [1, 2]} |
157 | => {"a": [1, 2]} |
116 | |
158 | |
117 | $json = $json->ascii ([$enable]) |
159 | $json = $json->ascii ([$enable]) |
118 | If $enable is true (or missing), then the "encode" method will not |
160 | If $enable is true (or missing), then the "encode" method will not |
119 | generate characters outside the code range 0..127 (which is ASCII). |
161 | generate characters outside the code range 0..127 (which is ASCII). |
120 | Any unicode characters outside that range will be escaped using |
162 | Any Unicode characters outside that range will be escaped using |
121 | either a single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL |
163 | either a single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL |
122 | escape sequence, as per RFC4627. The resulting encoded JSON text can |
164 | escape sequence, as per RFC4627. The resulting encoded JSON text can |
123 | be treated as a native unicode string, an ascii-encoded, |
165 | be treated as a native Unicode string, an ascii-encoded, |
124 | latin1-encoded or UTF-8 encoded string, or any other superset of |
166 | latin1-encoded or UTF-8 encoded string, or any other superset of |
125 | ASCII. |
167 | ASCII. |
126 | |
168 | |
127 | If $enable is false, then the "encode" method will not escape |
169 | If $enable is false, then the "encode" method will not escape |
128 | Unicode characters unless required by the JSON syntax or other |
170 | Unicode characters unless required by the JSON syntax or other |
… | |
… | |
137 | |
179 | |
138 | $json = $json->latin1 ([$enable]) |
180 | $json = $json->latin1 ([$enable]) |
139 | If $enable is true (or missing), then the "encode" method will |
181 | If $enable is true (or missing), then the "encode" method will |
140 | encode the resulting JSON text as latin1 (or iso-8859-1), escaping |
182 | encode the resulting JSON text as latin1 (or iso-8859-1), escaping |
141 | any characters outside the code range 0..255. The resulting string |
183 | any characters outside the code range 0..255. The resulting string |
142 | can be treated as a latin1-encoded JSON text or a native unicode |
184 | can be treated as a latin1-encoded JSON text or a native Unicode |
143 | string. The "decode" method will not be affected in any way by this |
185 | string. The "decode" method will not be affected in any way by this |
144 | flag, as "decode" by default expects unicode, which is a strict |
186 | flag, as "decode" by default expects Unicode, which is a strict |
145 | superset of latin1. |
187 | superset of latin1. |
146 | |
188 | |
147 | If $enable is false, then the "encode" method will not escape |
189 | If $enable is false, then the "encode" method will not escape |
148 | Unicode characters unless required by the JSON syntax or other |
190 | Unicode characters unless required by the JSON syntax or other |
149 | flags. |
191 | flags. |
150 | |
192 | |
151 | The main use for this flag is efficiently encoding binary data as |
193 | The main use for this flag is efficiently encoding binary data as |
152 | JSON text, as most octets will not be escaped, resulting in a |
194 | JSON text, as most octets will not be escaped, resulting in a |
153 | smaller encoded size. The disadvantage is that the resulting JSON |
195 | smaller encoded size. The disadvantage is that the resulting JSON |
154 | text is encoded in latin1 (and must correctly be treated as such |
196 | text is encoded in latin1 (and must correctly be treated as such |
155 | when storing and transfering), a rare encoding for JSON. It is |
197 | when storing and transferring), a rare encoding for JSON. It is |
156 | therefore most useful when you want to store data structures known |
198 | therefore most useful when you want to store data structures known |
157 | to contain binary data efficiently in files or databases, not when |
199 | to contain binary data efficiently in files or databases, not when |
158 | talking to other JSON encoders/decoders. |
200 | talking to other JSON encoders/decoders. |
159 | |
201 | |
160 | JSON::XS->new->latin1->encode (["\x{89}\x{abc}"] |
202 | JSON::XS->new->latin1->encode (["\x{89}\x{abc}"] |
… | |
… | |
169 | bytewise/binary I/O. In future versions, enabling this option might |
211 | bytewise/binary I/O. In future versions, enabling this option might |
170 | enable autodetection of the UTF-16 and UTF-32 encoding families, as |
212 | enable autodetection of the UTF-16 and UTF-32 encoding families, as |
171 | described in RFC4627. |
213 | described in RFC4627. |
172 | |
214 | |
173 | If $enable is false, then the "encode" method will return the JSON |
215 | If $enable is false, then the "encode" method will return the JSON |
174 | string as a (non-encoded) unicode string, while "decode" expects |
216 | string as a (non-encoded) Unicode string, while "decode" expects |
175 | thus a unicode string. Any decoding or encoding (e.g. to UTF-8 or |
217 | thus a Unicode string. Any decoding or encoding (e.g. to UTF-8 or |
176 | UTF-16) needs to be done yourself, e.g. using the Encode module. |
218 | UTF-16) needs to be done yourself, e.g. using the Encode module. |
177 | |
219 | |
178 | Example, output UTF-16BE-encoded JSON: |
220 | Example, output UTF-16BE-encoded JSON: |
179 | |
221 | |
180 | use Encode; |
222 | use Encode; |
… | |
… | |
202 | } |
244 | } |
203 | |
245 | |
204 | $json = $json->indent ([$enable]) |
246 | $json = $json->indent ([$enable]) |
205 | If $enable is true (or missing), then the "encode" method will use a |
247 | If $enable is true (or missing), then the "encode" method will use a |
206 | multiline format as output, putting every array member or |
248 | multiline format as output, putting every array member or |
207 | object/hash key-value pair into its own line, identing them |
249 | object/hash key-value pair into its own line, indenting them |
208 | properly. |
250 | properly. |
209 | |
251 | |
210 | If $enable is false, no newlines or indenting will be produced, and |
252 | If $enable is false, no newlines or indenting will be produced, and |
211 | the resulting JSON text is guarenteed not to contain any "newlines". |
253 | the resulting JSON text is guaranteed not to contain any "newlines". |
212 | |
254 | |
213 | This setting has no effect when decoding JSON texts. |
255 | This setting has no effect when decoding JSON texts. |
214 | |
256 | |
215 | $json = $json->space_before ([$enable]) |
257 | $json = $json->space_before ([$enable]) |
216 | If $enable is true (or missing), then the "encode" method will add |
258 | If $enable is true (or missing), then the "encode" method will add |
… | |
… | |
240 | |
282 | |
241 | Example, space_before and indent disabled, space_after enabled: |
283 | Example, space_before and indent disabled, space_after enabled: |
242 | |
284 | |
243 | {"key": "value"} |
285 | {"key": "value"} |
244 | |
286 | |
|
|
287 | $json = $json->relaxed ([$enable]) |
|
|
288 | If $enable is true (or missing), then "decode" will accept some |
|
|
289 | extensions to normal JSON syntax (see below). "encode" will not be |
|
|
290 | affected in anyway. *Be aware that this option makes you accept |
|
|
291 | invalid JSON texts as if they were valid!*. I suggest only to use |
|
|
292 | this option to parse application-specific files written by humans |
|
|
293 | (configuration files, resource files etc.) |
|
|
294 | |
|
|
295 | If $enable is false (the default), then "decode" will only accept |
|
|
296 | valid JSON texts. |
|
|
297 | |
|
|
298 | Currently accepted extensions are: |
|
|
299 | |
|
|
300 | * list items can have an end-comma |
|
|
301 | JSON *separates* array elements and key-value pairs with commas. |
|
|
302 | This can be annoying if you write JSON texts manually and want |
|
|
303 | to be able to quickly append elements, so this extension accepts |
|
|
304 | comma at the end of such items not just between them: |
|
|
305 | |
|
|
306 | [ |
|
|
307 | 1, |
|
|
308 | 2, <- this comma not normally allowed |
|
|
309 | ] |
|
|
310 | { |
|
|
311 | "k1": "v1", |
|
|
312 | "k2": "v2", <- this comma not normally allowed |
|
|
313 | } |
|
|
314 | |
|
|
315 | * shell-style '#'-comments |
|
|
316 | Whenever JSON allows whitespace, shell-style comments are |
|
|
317 | additionally allowed. They are terminated by the first |
|
|
318 | carriage-return or line-feed character, after which more |
|
|
319 | white-space and comments are allowed. |
|
|
320 | |
|
|
321 | [ |
|
|
322 | 1, # this comment not allowed in JSON |
|
|
323 | # neither this one... |
|
|
324 | ] |
|
|
325 | |
245 | $json = $json->canonical ([$enable]) |
326 | $json = $json->canonical ([$enable]) |
246 | If $enable is true (or missing), then the "encode" method will |
327 | If $enable is true (or missing), then the "encode" method will |
247 | output JSON objects by sorting their keys. This is adding a |
328 | output JSON objects by sorting their keys. This is adding a |
248 | comparatively high overhead. |
329 | comparatively high overhead. |
249 | |
330 | |
… | |
… | |
251 | pairs in the order Perl stores them (which will likely change |
332 | pairs in the order Perl stores them (which will likely change |
252 | between runs of the same script). |
333 | between runs of the same script). |
253 | |
334 | |
254 | This option is useful if you want the same data structure to be |
335 | This option is useful if you want the same data structure to be |
255 | encoded as the same JSON text (given the same overall settings). If |
336 | encoded as the same JSON text (given the same overall settings). If |
256 | it is disabled, the same hash migh be encoded differently even if |
337 | it is disabled, the same hash might be encoded differently even if |
257 | contains the same data, as key-value pairs have no inherent ordering |
338 | contains the same data, as key-value pairs have no inherent ordering |
258 | in Perl. |
339 | in Perl. |
259 | |
340 | |
260 | This setting has no effect when decoding JSON texts. |
341 | This setting has no effect when decoding JSON texts. |
261 | |
342 | |
… | |
… | |
277 | => "Hello, World!" |
358 | => "Hello, World!" |
278 | |
359 | |
279 | $json = $json->allow_blessed ([$enable]) |
360 | $json = $json->allow_blessed ([$enable]) |
280 | If $enable is true (or missing), then the "encode" method will not |
361 | If $enable is true (or missing), then the "encode" method will not |
281 | barf when it encounters a blessed reference. Instead, the value of |
362 | barf when it encounters a blessed reference. Instead, the value of |
282 | the convert_blessed option will decide wether "null" |
363 | the convert_blessed option will decide whether "null" |
283 | ("convert_blessed" disabled or no "to_json" method found) or a |
364 | ("convert_blessed" disabled or no "to_json" method found) or a |
284 | representation of the object ("convert_blessed" enabled and |
365 | representation of the object ("convert_blessed" enabled and |
285 | "to_json" method found) is being encoded. Has no effect on "decode". |
366 | "to_json" method found) is being encoded. Has no effect on "decode". |
286 | |
367 | |
287 | If $enable is false (the default), then "encode" will throw an |
368 | If $enable is false (the default), then "encode" will throw an |
… | |
… | |
350 | |
431 | |
351 | As this callback gets called less often then the |
432 | As this callback gets called less often then the |
352 | "filter_json_object" one, decoding speed will not usually suffer as |
433 | "filter_json_object" one, decoding speed will not usually suffer as |
353 | much. Therefore, single-key objects make excellent targets to |
434 | much. Therefore, single-key objects make excellent targets to |
354 | serialise Perl objects into, especially as single-key JSON objects |
435 | serialise Perl objects into, especially as single-key JSON objects |
355 | are as close to the type-tagged value concept as JSON gets (its |
436 | are as close to the type-tagged value concept as JSON gets (it's |
356 | basically an ID/VALUE tuple). Of course, JSON does not support this |
437 | basically an ID/VALUE tuple). Of course, JSON does not support this |
357 | in any way, so you need to make sure your data never looks like a |
438 | in any way, so you need to make sure your data never looks like a |
358 | serialised Perl hash. |
439 | serialised Perl hash. |
359 | |
440 | |
360 | Typical names for the single object key are "__class_whatever__", or |
441 | Typical names for the single object key are "__class_whatever__", or |
… | |
… | |
484 | vice versa. These mappings are designed to "do the right thing" in most |
565 | vice versa. These mappings are designed to "do the right thing" in most |
485 | circumstances automatically, preserving round-tripping characteristics |
566 | circumstances automatically, preserving round-tripping characteristics |
486 | (what you put in comes out as something equivalent). |
567 | (what you put in comes out as something equivalent). |
487 | |
568 | |
488 | For the more enlightened: note that in the following descriptions, |
569 | For the more enlightened: note that in the following descriptions, |
489 | lowercase *perl* refers to the Perl interpreter, while uppcercase *Perl* |
570 | lowercase *perl* refers to the Perl interpreter, while uppercase *Perl* |
490 | refers to the abstract Perl language itself. |
571 | refers to the abstract Perl language itself. |
491 | |
572 | |
492 | JSON -> PERL |
573 | JSON -> PERL |
493 | object |
574 | object |
494 | A JSON object becomes a reference to a hash in Perl. No ordering of |
575 | A JSON object becomes a reference to a hash in Perl. No ordering of |
495 | object keys is preserved (JSON does not preserver object key |
576 | object keys is preserved (JSON does not preserve object key ordering |
496 | ordering itself). |
577 | itself). |
497 | |
578 | |
498 | array |
579 | array |
499 | A JSON array becomes a reference to an array in Perl. |
580 | A JSON array becomes a reference to an array in Perl. |
500 | |
581 | |
501 | string |
582 | string |
… | |
… | |
525 | strings, but as Perl is typeless there is no other way to do it. |
606 | strings, but as Perl is typeless there is no other way to do it. |
526 | |
607 | |
527 | true, false |
608 | true, false |
528 | These JSON atoms become "JSON::XS::true" and "JSON::XS::false", |
609 | These JSON atoms become "JSON::XS::true" and "JSON::XS::false", |
529 | respectively. They are overloaded to act almost exactly like the |
610 | respectively. They are overloaded to act almost exactly like the |
530 | numbers 1 and 0. You can check wether a scalar is a JSON boolean by |
611 | numbers 1 and 0. You can check whether a scalar is a JSON boolean by |
531 | using the "JSON::XS::is_bool" function. |
612 | using the "JSON::XS::is_bool" function. |
532 | |
613 | |
533 | null |
614 | null |
534 | A JSON null atom becomes "undef" in Perl. |
615 | A JSON null atom becomes "undef" in Perl. |
535 | |
616 | |
… | |
… | |
562 | |
643 | |
563 | to_json [\0,JSON::XS::true] # yields [false,true] |
644 | to_json [\0,JSON::XS::true] # yields [false,true] |
564 | |
645 | |
565 | JSON::XS::true, JSON::XS::false |
646 | JSON::XS::true, JSON::XS::false |
566 | These special values become JSON true and JSON false values, |
647 | These special values become JSON true and JSON false values, |
567 | respectively. You cna alos use "\1" and "\0" directly if you want. |
648 | respectively. You can also use "\1" and "\0" directly if you want. |
568 | |
649 | |
569 | blessed objects |
650 | blessed objects |
570 | Blessed objects are not allowed. JSON::XS currently tries to encode |
651 | Blessed objects are not allowed. JSON::XS currently tries to encode |
571 | their underlying representation (hash- or arrayref), but this |
652 | their underlying representation (hash- or arrayref), but this |
572 | behaviour might change in future versions. |
653 | behaviour might change in future versions. |
… | |
… | |
588 | to_json [$value] # yields ["5"] |
669 | to_json [$value] # yields ["5"] |
589 | |
670 | |
590 | # undef becomes null |
671 | # undef becomes null |
591 | to_json [undef] # yields [null] |
672 | to_json [undef] # yields [null] |
592 | |
673 | |
593 | You can force the type to be a string by stringifying it: |
674 | You can force the type to be a JSON string by stringifying it: |
594 | |
675 | |
595 | my $x = 3.1; # some variable containing a number |
676 | my $x = 3.1; # some variable containing a number |
596 | "$x"; # stringified |
677 | "$x"; # stringified |
597 | $x .= ""; # another, more awkward way to stringify |
678 | $x .= ""; # another, more awkward way to stringify |
598 | print $x; # perl does it for you, too, quite often |
679 | print $x; # perl does it for you, too, quite often |
599 | |
680 | |
600 | You can force the type to be a number by numifying it: |
681 | You can force the type to be a JSON number by numifying it: |
601 | |
682 | |
602 | my $x = "3"; # some variable containing a string |
683 | my $x = "3"; # some variable containing a string |
603 | $x += 0; # numify it, ensuring it will be dumped as a number |
684 | $x += 0; # numify it, ensuring it will be dumped as a number |
604 | $x *= 1; # same thing, the choise is yours. |
685 | $x *= 1; # same thing, the choice is yours. |
605 | |
686 | |
606 | You can not currently output JSON booleans or force the type in |
687 | You can not currently force the type in other, less obscure, ways. |
607 | other, less obscure, ways. Tell me if you need this capability. |
688 | Tell me if you need this capability. |
608 | |
689 | |
609 | COMPARISON |
690 | COMPARISON |
610 | As already mentioned, this module was created because none of the |
691 | As already mentioned, this module was created because none of the |
611 | existing JSON modules could be made to work correctly. First I will |
692 | existing JSON modules could be made to work correctly. First I will |
612 | describe the problems (or pleasures) I encountered with various existing |
693 | describe the problems (or pleasures) I encountered with various existing |
… | |
… | |
614 | not to suffer from any of these problems or limitations. |
695 | not to suffer from any of these problems or limitations. |
615 | |
696 | |
616 | JSON 1.07 |
697 | JSON 1.07 |
617 | Slow (but very portable, as it is written in pure Perl). |
698 | Slow (but very portable, as it is written in pure Perl). |
618 | |
699 | |
619 | Undocumented/buggy Unicode handling (how JSON handles unicode values |
700 | Undocumented/buggy Unicode handling (how JSON handles Unicode values |
620 | is undocumented. One can get far by feeding it unicode strings and |
701 | is undocumented. One can get far by feeding it Unicode strings and |
621 | doing en-/decoding oneself, but unicode escapes are not working |
702 | doing en-/decoding oneself, but Unicode escapes are not working |
622 | properly). |
703 | properly). |
623 | |
704 | |
624 | No roundtripping (strings get clobbered if they look like numbers, |
705 | No round-tripping (strings get clobbered if they look like numbers, |
625 | e.g. the string 2.0 will encode to 2.0 instead of "2.0", and that |
706 | e.g. the string 2.0 will encode to 2.0 instead of "2.0", and that |
626 | will decode into the number 2. |
707 | will decode into the number 2. |
627 | |
708 | |
628 | JSON::PC 0.01 |
709 | JSON::PC 0.01 |
629 | Very fast. |
710 | Very fast. |
630 | |
711 | |
631 | Undocumented/buggy Unicode handling. |
712 | Undocumented/buggy Unicode handling. |
632 | |
713 | |
633 | No roundtripping. |
714 | No round-tripping. |
634 | |
715 | |
635 | Has problems handling many Perl values (e.g. regex results and other |
716 | Has problems handling many Perl values (e.g. regex results and other |
636 | magic values will make it croak). |
717 | magic values will make it croak). |
637 | |
718 | |
638 | Does not even generate valid JSON ("{1,2}" gets converted to "{1:2}" |
719 | Does not even generate valid JSON ("{1,2}" gets converted to "{1:2}" |
… | |
… | |
648 | much undocumented. I need at least a format for easy reading by |
729 | much undocumented. I need at least a format for easy reading by |
649 | humans and a single-line compact format for use in a protocol, and |
730 | humans and a single-line compact format for use in a protocol, and |
650 | preferably a way to generate ASCII-only JSON texts). |
731 | preferably a way to generate ASCII-only JSON texts). |
651 | |
732 | |
652 | Completely broken (and confusingly documented) Unicode handling |
733 | Completely broken (and confusingly documented) Unicode handling |
653 | (unicode escapes are not working properly, you need to set |
734 | (Unicode escapes are not working properly, you need to set |
654 | ImplicitUnicode to *different* values on en- and decoding to get |
735 | ImplicitUnicode to *different* values on en- and decoding to get |
655 | symmetric behaviour). |
736 | symmetric behaviour). |
656 | |
737 | |
657 | No roundtripping (simple cases work, but this depends on wether the |
738 | No round-tripping (simple cases work, but this depends on whether |
658 | scalar value was used in a numeric context or not). |
739 | the scalar value was used in a numeric context or not). |
659 | |
740 | |
660 | Dumping hashes may skip hash values depending on iterator state. |
741 | Dumping hashes may skip hash values depending on iterator state. |
661 | |
742 | |
662 | Unmaintained (maintainer unresponsive for many months, bugs are not |
743 | Unmaintained (maintainer unresponsive for many months, bugs are not |
663 | getting fixed). |
744 | getting fixed). |
664 | |
745 | |
665 | Does not check input for validity (i.e. will accept non-JSON input |
746 | Does not check input for validity (i.e. will accept non-JSON input |
666 | and return "something" instead of raising an exception. This is a |
747 | and return "something" instead of raising an exception. This is a |
667 | security issue: imagine two banks transfering money between each |
748 | security issue: imagine two banks transferring money between each |
668 | other using JSON. One bank might parse a given non-JSON request and |
749 | other using JSON. One bank might parse a given non-JSON request and |
669 | deduct money, while the other might reject the transaction with a |
750 | deduct money, while the other might reject the transaction with a |
670 | syntax error. While a good protocol will at least recover, that is |
751 | syntax error. While a good protocol will at least recover, that is |
671 | extra unnecessary work and the transaction will still not succeed). |
752 | extra unnecessary work and the transaction will still not succeed). |
672 | |
753 | |
673 | JSON::DWIW 0.04 |
754 | JSON::DWIW 0.04 |
674 | Very fast. Very natural. Very nice. |
755 | Very fast. Very natural. Very nice. |
675 | |
756 | |
676 | Undocumented unicode handling (but the best of the pack. Unicode |
757 | Undocumented Unicode handling (but the best of the pack. Unicode |
677 | escapes still don't get parsed properly). |
758 | escapes still don't get parsed properly). |
678 | |
759 | |
679 | Very inflexible. |
760 | Very inflexible. |
680 | |
761 | |
681 | No roundtripping. |
762 | No round-tripping. |
682 | |
763 | |
683 | Does not generate valid JSON texts (key strings are often unquoted, |
764 | Does not generate valid JSON texts (key strings are often unquoted, |
684 | empty keys result in nothing being output) |
765 | empty keys result in nothing being output) |
685 | |
766 | |
686 | Does not check input for validity. |
767 | Does not check input for validity. |
… | |
… | |
698 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
779 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
699 | |
780 | |
700 | This will usually generate JSON texts that also parse as valid YAML. |
781 | This will usually generate JSON texts that also parse as valid YAML. |
701 | Please note that YAML has hardcoded limits on (simple) object key |
782 | Please note that YAML has hardcoded limits on (simple) object key |
702 | lengths that JSON doesn't have, so you should make sure that your hash |
783 | lengths that JSON doesn't have, so you should make sure that your hash |
703 | keys are noticably shorter than the 1024 characters YAML allows. |
784 | keys are noticeably shorter than the 1024 characters YAML allows. |
704 | |
785 | |
705 | There might be other incompatibilities that I am not aware of. In |
786 | There might be other incompatibilities that I am not aware of. In |
706 | general you should not try to generate YAML with a JSON generator or |
787 | general you should not try to generate YAML with a JSON generator or |
707 | vice versa, or try to parse JSON with a YAML parser or vice versa: |
788 | vice versa, or try to parse JSON with a YAML parser or vice versa: |
708 | chances are high that you will run into severe interoperability |
789 | chances are high that you will run into severe interoperability |
… | |
… | |
739 | JSON::XS/3 | 338250.323 | 218453.333 | |
820 | JSON::XS/3 | 338250.323 | 218453.333 | |
740 | Storable | 16500.016 | 135300.129 | |
821 | Storable | 16500.016 | 135300.129 | |
741 | -----------+------------+------------+ |
822 | -----------+------------+------------+ |
742 | |
823 | |
743 | That is, JSON::XS is about five times faster than JSON::DWIW on |
824 | That is, JSON::XS is about five times faster than JSON::DWIW on |
744 | encoding, about three times faster on decoding, and over fourty times |
825 | encoding, about three times faster on decoding, and over forty times |
745 | faster than JSON, even with pretty-printing and key sorting. It also |
826 | faster than JSON, even with pretty-printing and key sorting. It also |
746 | compares favourably to Storable for small amounts of data. |
827 | compares favourably to Storable for small amounts of data. |
747 | |
828 | |
748 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
829 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
749 | search API (http://nanoref.com/yahooapis/mgPdGg): |
830 | search API (http://nanoref.com/yahooapis/mgPdGg): |
… | |
… | |
762 | -----------+------------+------------+ |
843 | -----------+------------+------------+ |
763 | |
844 | |
764 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
845 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
765 | decodes faster). |
846 | decodes faster). |
766 | |
847 | |
767 | On large strings containing lots of high unicode characters, some |
848 | On large strings containing lots of high Unicode characters, some |
768 | modules (such as JSON::PC) seem to decode faster than JSON::XS, but the |
849 | modules (such as JSON::PC) seem to decode faster than JSON::XS, but the |
769 | result will be broken due to missing (or wrong) unicode handling. Others |
850 | result will be broken due to missing (or wrong) Unicode handling. Others |
770 | refuse to decode or encode properly, so it was impossible to prepare a |
851 | refuse to decode or encode properly, so it was impossible to prepare a |
771 | fair comparison table for that case. |
852 | fair comparison table for that case. |
772 | |
853 | |
773 | SECURITY CONSIDERATIONS |
854 | SECURITY CONSIDERATIONS |
774 | When you are using JSON in a protocol, talking to untrusted potentially |
855 | When you are using JSON in a protocol, talking to untrusted potentially |
… | |
… | |
778 | have any buffer overflows. Obviously, this module should ensure that and |
859 | have any buffer overflows. Obviously, this module should ensure that and |
779 | I am trying hard on making that true, but you never know. |
860 | I am trying hard on making that true, but you never know. |
780 | |
861 | |
781 | Second, you need to avoid resource-starving attacks. That means you |
862 | Second, you need to avoid resource-starving attacks. That means you |
782 | should limit the size of JSON texts you accept, or make sure then when |
863 | should limit the size of JSON texts you accept, or make sure then when |
783 | your resources run out, thats just fine (e.g. by using a separate |
864 | your resources run out, that's just fine (e.g. by using a separate |
784 | process that can crash safely). The size of a JSON text in octets or |
865 | process that can crash safely). The size of a JSON text in octets or |
785 | characters is usually a good indication of the size of the resources |
866 | characters is usually a good indication of the size of the resources |
786 | required to decode it into a Perl structure. While JSON::XS can check |
867 | required to decode it into a Perl structure. While JSON::XS can check |
787 | the size of the JSON text, it might be too late when you already have it |
868 | the size of the JSON text, it might be too late when you already have it |
788 | in memory, so you might want to check the size before you accept the |
869 | in memory, so you might want to check the size before you accept the |
… | |
… | |
799 | |
880 | |
800 | And last but least, something else could bomb you that I forgot to think |
881 | And last but least, something else could bomb you that I forgot to think |
801 | of. In that case, you get to keep the pieces. I am always open for |
882 | of. In that case, you get to keep the pieces. I am always open for |
802 | hints, though... |
883 | hints, though... |
803 | |
884 | |
804 | If you are using JSON::XS to return packets to consumption by javascript |
885 | If you are using JSON::XS to return packets to consumption by JavaScript |
805 | scripts in a browser you should have a look at |
886 | scripts in a browser you should have a look at |
806 | <http://jpsykes.com/47/practical-csrf-and-json-security> to see wether |
887 | <http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
807 | you are vulnerable to some common attack vectors (which really are |
888 | you are vulnerable to some common attack vectors (which really are |
808 | browser design bugs, but it is still you who will have to deal with it, |
889 | browser design bugs, but it is still you who will have to deal with it, |
809 | as major browser developers care only for features, not about doing |
890 | as major browser developers care only for features, not about doing |
810 | security right). |
891 | security right). |
|
|
892 | |
|
|
893 | THREADS |
|
|
894 | This module is *not* guaranteed to be thread safe and there are no plans |
|
|
895 | to change this until Perl gets thread support (as opposed to the |
|
|
896 | horribly slow so-called "threads" which are simply slow and bloated |
|
|
897 | process simulations - use fork, its *much* faster, cheaper, better). |
|
|
898 | |
|
|
899 | (It might actually work, but you have been warned). |
811 | |
900 | |
812 | BUGS |
901 | BUGS |
813 | While the goal of this module is to be correct, that unfortunately does |
902 | While the goal of this module is to be correct, that unfortunately does |
814 | not mean its bug-free, only that I think its design is bug-free. It is |
903 | not mean its bug-free, only that I think its design is bug-free. It is |
815 | still relatively early in its development. If you keep reporting bugs |
904 | still relatively early in its development. If you keep reporting bugs |
816 | they will be fixed swiftly, though. |
905 | they will be fixed swiftly, though. |
817 | |
906 | |
|
|
907 | Please refrain from using rt.cpan.org or any other bug reporting |
|
|
908 | service. I put the contact address into my modules for a reason. |
|
|
909 | |
818 | AUTHOR |
910 | AUTHOR |
819 | Marc Lehmann <schmorp@schmorp.de> |
911 | Marc Lehmann <schmorp@schmorp.de> |
820 | http://home.schmorp.de/ |
912 | http://home.schmorp.de/ |
821 | |
913 | |