| … | |
… | |
| 20 | $perl_scalar = $coder->decode ($unicode_json_text); |
20 | $perl_scalar = $coder->decode ($unicode_json_text); |
| 21 | |
21 | |
| 22 | # Note that JSON version 2.0 and above will automatically use JSON::XS |
22 | # Note that JSON version 2.0 and above will automatically use JSON::XS |
| 23 | # if available, at virtually no speed overhead either, so you should |
23 | # if available, at virtually no speed overhead either, so you should |
| 24 | # be able to just: |
24 | # be able to just: |
| 25 | |
25 | |
| 26 | use JSON; |
26 | use JSON; |
| 27 | |
27 | |
| 28 | # and do the same things, except that you have a pure-perl fallback now. |
28 | # and do the same things, except that you have a pure-perl fallback now. |
| 29 | |
29 | |
| 30 | DESCRIPTION |
30 | DESCRIPTION |
| 31 | This module converts Perl data structures to JSON and vice versa. Its |
31 | This module converts Perl data structures to JSON and vice versa. Its |
| 32 | primary goal is to be *correct* and its secondary goal is to be *fast*. |
32 | primary goal is to be *correct* and its secondary goal is to be *fast*. |
| 33 | To reach the latter goal it was written in C. |
33 | To reach the latter goal it was written in C. |
| 34 | |
34 | |
| 35 | Beginning with version 2.0 of the JSON module, when both JSON and |
35 | Beginning with version 2.0 of the JSON module, when both JSON and |
| 36 | JSON::XS are installed, then JSON will fall back on JSON::XS (this can |
36 | JSON::XS are installed, then JSON will fall back on JSON::XS (this can |
| 37 | be overriden) with no overhead due to emulation (by inheritign |
37 | be overridden) with no overhead due to emulation (by inheriting |
| 38 | constructor and methods). If JSON::XS is not available, it will fall |
38 | constructor and methods). If JSON::XS is not available, it will fall |
| 39 | back to the compatible JSON::PP module as backend, so using JSON instead |
39 | back to the compatible JSON::PP module as backend, so using JSON instead |
| 40 | of JSON::XS gives you a portable JSON API that can be fast when you need |
40 | of JSON::XS gives you a portable JSON API that can be fast when you need |
| 41 | and doesn't require a C compiler when that is a problem. |
41 | and doesn't require a C compiler when that is a problem. |
| 42 | |
42 | |
| … | |
… | |
| 44 | to write yet another JSON module? While it seems there are many JSON |
44 | to write yet another JSON module? While it seems there are many JSON |
| 45 | modules, none of them correctly handle all corner cases, and in most |
45 | modules, none of them correctly handle all corner cases, and in most |
| 46 | cases their maintainers are unresponsive, gone missing, or not listening |
46 | cases their maintainers are unresponsive, gone missing, or not listening |
| 47 | to bug reports for other reasons. |
47 | to bug reports for other reasons. |
| 48 | |
48 | |
| 49 | See COMPARISON, below, for a comparison to some other JSON modules. |
|
|
| 50 | |
|
|
| 51 | See MAPPING, below, on how JSON::XS maps perl values to JSON values and |
49 | See MAPPING, below, on how JSON::XS maps perl values to JSON values and |
| 52 | vice versa. |
50 | vice versa. |
| 53 | |
51 | |
| 54 | FEATURES |
52 | FEATURES |
| 55 | * correct Unicode handling |
53 | * correct Unicode handling |
| … | |
… | |
| 57 | This module knows how to handle Unicode, documents how and when it |
55 | This module knows how to handle Unicode, documents how and when it |
| 58 | does so, and even documents what "correct" means. |
56 | does so, and even documents what "correct" means. |
| 59 | |
57 | |
| 60 | * round-trip integrity |
58 | * round-trip integrity |
| 61 | |
59 | |
| 62 | When you serialise a perl data structure using only datatypes |
60 | When you serialise a perl data structure using only data types |
| 63 | supported by JSON, the deserialised data structure is identical on |
61 | supported by JSON and Perl, the deserialised data structure is |
| 64 | the Perl level. (e.g. the string "2.0" doesn't suddenly become "2" |
62 | identical on the Perl level. (e.g. the string "2.0" doesn't suddenly |
| 65 | just because it looks like a number). There minor *are* exceptions |
63 | become "2" just because it looks like a number). There *are* minor |
| 66 | to this, read the MAPPING section below to learn about those. |
64 | exceptions to this, read the MAPPING section below to learn about |
|
|
65 | those. |
| 67 | |
66 | |
| 68 | * strict checking of JSON correctness |
67 | * strict checking of JSON correctness |
| 69 | |
68 | |
| 70 | There is no guessing, no generating of illegal JSON texts by |
69 | There is no guessing, no generating of illegal JSON texts by |
| 71 | default, and only JSON is accepted as input by default (the latter |
70 | default, and only JSON is accepted as input by default (the latter |
| … | |
… | |
| 78 | too. |
77 | too. |
| 79 | |
78 | |
| 80 | * simple to use |
79 | * simple to use |
| 81 | |
80 | |
| 82 | This module has both a simple functional interface as well as an |
81 | This module has both a simple functional interface as well as an |
| 83 | objetc oriented interface interface. |
82 | object oriented interface. |
| 84 | |
83 | |
| 85 | * reasonably versatile output formats |
84 | * reasonably versatile output formats |
| 86 | |
85 | |
| 87 | You can choose between the most compact guaranteed-single-line |
86 | You can choose between the most compact guaranteed-single-line |
| 88 | format possible (nice for simple line-based protocols), a pure-ascii |
87 | format possible (nice for simple line-based protocols), a pure-ASCII |
| 89 | format (for when your transport is not 8-bit clean, still supports |
88 | format (for when your transport is not 8-bit clean, still supports |
| 90 | the whole Unicode range), or a pretty-printed format (for when you |
89 | the whole Unicode range), or a pretty-printed format (for when you |
| 91 | want to read that stuff). Or you can combine those features in |
90 | want to read that stuff). Or you can combine those features in |
| 92 | whatever way you like. |
91 | whatever way you like. |
| 93 | |
92 | |
| … | |
… | |
| 101 | |
100 | |
| 102 | This function call is functionally identical to: |
101 | This function call is functionally identical to: |
| 103 | |
102 | |
| 104 | $json_text = JSON::XS->new->utf8->encode ($perl_scalar) |
103 | $json_text = JSON::XS->new->utf8->encode ($perl_scalar) |
| 105 | |
104 | |
| 106 | except being faster. |
105 | Except being faster. |
| 107 | |
106 | |
| 108 | $perl_scalar = decode_json $json_text |
107 | $perl_scalar = decode_json $json_text |
| 109 | The opposite of "encode_json": expects an UTF-8 (binary) string and |
108 | The opposite of "encode_json": expects an UTF-8 (binary) string and |
| 110 | tries to parse that as an UTF-8 encoded JSON text, returning the |
109 | tries to parse that as an UTF-8 encoded JSON text, returning the |
| 111 | resulting reference. Croaks on error. |
110 | resulting reference. Croaks on error. |
| 112 | |
111 | |
| 113 | This function call is functionally identical to: |
112 | This function call is functionally identical to: |
| 114 | |
113 | |
| 115 | $perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
114 | $perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
| 116 | |
115 | |
| 117 | except being faster. |
116 | Except being faster. |
| 118 | |
|
|
| 119 | $is_boolean = JSON::XS::is_bool $scalar |
|
|
| 120 | Returns true if the passed scalar represents either JSON::XS::true |
|
|
| 121 | or JSON::XS::false, two constants that act like 1 and 0, |
|
|
| 122 | respectively and are used to represent JSON "true" and "false" |
|
|
| 123 | values in Perl. |
|
|
| 124 | |
|
|
| 125 | See MAPPING, below, for more information on how JSON values are |
|
|
| 126 | mapped to Perl. |
|
|
| 127 | |
117 | |
| 128 | A FEW NOTES ON UNICODE AND PERL |
118 | A FEW NOTES ON UNICODE AND PERL |
| 129 | Since this often leads to confusion, here are a few very clear words on |
119 | Since this often leads to confusion, here are a few very clear words on |
| 130 | how Unicode works in Perl, modulo bugs. |
120 | how Unicode works in Perl, modulo bugs. |
| 131 | |
121 | |
| … | |
… | |
| 152 | |
142 | |
| 153 | If you didn't know about that flag, just the better, pretend it |
143 | If you didn't know about that flag, just the better, pretend it |
| 154 | doesn't exist. |
144 | doesn't exist. |
| 155 | |
145 | |
| 156 | 4. A "Unicode String" is simply a string where each character can be |
146 | 4. A "Unicode String" is simply a string where each character can be |
| 157 | validly interpreted as a Unicode codepoint. |
147 | validly interpreted as a Unicode code point. |
| 158 | If you have UTF-8 encoded data, it is no longer a Unicode string, |
148 | If you have UTF-8 encoded data, it is no longer a Unicode string, |
| 159 | but a Unicode string encoded in UTF-8, giving you a binary string. |
149 | but a Unicode string encoded in UTF-8, giving you a binary string. |
| 160 | |
150 | |
| 161 | 5. A string containing "high" (> 255) character values is *not* a UTF-8 |
151 | 5. A string containing "high" (> 255) character values is *not* a UTF-8 |
| 162 | string. |
152 | string. |
| … | |
… | |
| 362 | [ |
352 | [ |
| 363 | 1, # this comment not allowed in JSON |
353 | 1, # this comment not allowed in JSON |
| 364 | # neither this one... |
354 | # neither this one... |
| 365 | ] |
355 | ] |
| 366 | |
356 | |
|
|
357 | * literal ASCII TAB characters in strings |
|
|
358 | |
|
|
359 | Literal ASCII TAB characters are now allowed in strings (and |
|
|
360 | treated as "\t"). |
|
|
361 | |
|
|
362 | [ |
|
|
363 | "Hello\tWorld", |
|
|
364 | "Hello<TAB>World", # literal <TAB> would not normally be allowed |
|
|
365 | ] |
|
|
366 | |
| 367 | $json = $json->canonical ([$enable]) |
367 | $json = $json->canonical ([$enable]) |
| 368 | $enabled = $json->get_canonical |
368 | $enabled = $json->get_canonical |
| 369 | If $enable is true (or missing), then the "encode" method will |
369 | If $enable is true (or missing), then the "encode" method will |
| 370 | output JSON objects by sorting their keys. This is adding a |
370 | output JSON objects by sorting their keys. This is adding a |
| 371 | comparatively high overhead. |
371 | comparatively high overhead. |
| 372 | |
372 | |
| 373 | If $enable is false, then the "encode" method will output key-value |
373 | If $enable is false, then the "encode" method will output key-value |
| 374 | pairs in the order Perl stores them (which will likely change |
374 | pairs in the order Perl stores them (which will likely change |
| 375 | between runs of the same script). |
375 | between runs of the same script, and can change even within the same |
|
|
376 | run from 5.18 onwards). |
| 376 | |
377 | |
| 377 | This option is useful if you want the same data structure to be |
378 | This option is useful if you want the same data structure to be |
| 378 | encoded as the same JSON text (given the same overall settings). If |
379 | encoded as the same JSON text (given the same overall settings). If |
| 379 | it is disabled, the same hash might be encoded differently even if |
380 | it is disabled, the same hash might be encoded differently even if |
| 380 | contains the same data, as key-value pairs have no inherent ordering |
381 | contains the same data, as key-value pairs have no inherent ordering |
| 381 | in Perl. |
382 | in Perl. |
| 382 | |
383 | |
| 383 | This setting has no effect when decoding JSON texts. |
384 | This setting has no effect when decoding JSON texts. |
|
|
385 | |
|
|
386 | This setting has currently no effect on tied hashes. |
| 384 | |
387 | |
| 385 | $json = $json->allow_nonref ([$enable]) |
388 | $json = $json->allow_nonref ([$enable]) |
| 386 | $enabled = $json->get_allow_nonref |
389 | $enabled = $json->get_allow_nonref |
| 387 | If $enable is true (or missing), then the "encode" method can |
390 | If $enable is true (or missing), then the "encode" method can |
| 388 | convert a non-reference into its corresponding string, number or |
391 | convert a non-reference into its corresponding string, number or |
| … | |
… | |
| 398 | "allow_nonref", resulting in an invalid JSON text: |
401 | "allow_nonref", resulting in an invalid JSON text: |
| 399 | |
402 | |
| 400 | JSON::XS->new->allow_nonref->encode ("Hello, World!") |
403 | JSON::XS->new->allow_nonref->encode ("Hello, World!") |
| 401 | => "Hello, World!" |
404 | => "Hello, World!" |
| 402 | |
405 | |
|
|
406 | $json = $json->allow_unknown ([$enable]) |
|
|
407 | $enabled = $json->get_allow_unknown |
|
|
408 | If $enable is true (or missing), then "encode" will *not* throw an |
|
|
409 | exception when it encounters values it cannot represent in JSON (for |
|
|
410 | example, filehandles) but instead will encode a JSON "null" value. |
|
|
411 | Note that blessed objects are not included here and are handled |
|
|
412 | separately by c<allow_nonref>. |
|
|
413 | |
|
|
414 | If $enable is false (the default), then "encode" will throw an |
|
|
415 | exception when it encounters anything it cannot encode as JSON. |
|
|
416 | |
|
|
417 | This option does not affect "decode" in any way, and it is |
|
|
418 | recommended to leave it off unless you know your communications |
|
|
419 | partner. |
|
|
420 | |
| 403 | $json = $json->allow_blessed ([$enable]) |
421 | $json = $json->allow_blessed ([$enable]) |
| 404 | $enabled = $json->get_allow_blessed |
422 | $enabled = $json->get_allow_blessed |
|
|
423 | See "OBJECT SERIALISATION" for details. |
|
|
424 | |
| 405 | If $enable is true (or missing), then the "encode" method will not |
425 | If $enable is true (or missing), then the "encode" method will not |
| 406 | barf when it encounters a blessed reference. Instead, the value of |
426 | barf when it encounters a blessed reference that it cannot convert |
| 407 | the convert_blessed option will decide whether "null" |
427 | otherwise. Instead, a JSON "null" value is encoded instead of the |
| 408 | ("convert_blessed" disabled or no "TO_JSON" method found) or a |
428 | object. |
| 409 | representation of the object ("convert_blessed" enabled and |
|
|
| 410 | "TO_JSON" method found) is being encoded. Has no effect on "decode". |
|
|
| 411 | |
429 | |
| 412 | If $enable is false (the default), then "encode" will throw an |
430 | If $enable is false (the default), then "encode" will throw an |
| 413 | exception when it encounters a blessed object. |
431 | exception when it encounters a blessed object that it cannot convert |
|
|
432 | otherwise. |
|
|
433 | |
|
|
434 | This setting has no effect on "decode". |
| 414 | |
435 | |
| 415 | $json = $json->convert_blessed ([$enable]) |
436 | $json = $json->convert_blessed ([$enable]) |
| 416 | $enabled = $json->get_convert_blessed |
437 | $enabled = $json->get_convert_blessed |
|
|
438 | See "OBJECT SERIALISATION" for details. |
|
|
439 | |
| 417 | If $enable is true (or missing), then "encode", upon encountering a |
440 | If $enable is true (or missing), then "encode", upon encountering a |
| 418 | blessed object, will check for the availability of the "TO_JSON" |
441 | blessed object, will check for the availability of the "TO_JSON" |
| 419 | method on the object's class. If found, it will be called in scalar |
442 | method on the object's class. If found, it will be called in scalar |
| 420 | context and the resulting scalar will be encoded instead of the |
443 | context and the resulting scalar will be encoded instead of the |
| 421 | object. If no "TO_JSON" method is found, the value of |
444 | object. |
| 422 | "allow_blessed" will decide what to do. |
|
|
| 423 | |
445 | |
| 424 | The "TO_JSON" method may safely call die if it wants. If "TO_JSON" |
446 | The "TO_JSON" method may safely call die if it wants. If "TO_JSON" |
| 425 | returns other blessed objects, those will be handled in the same |
447 | returns other blessed objects, those will be handled in the same |
| 426 | way. "TO_JSON" must take care of not causing an endless recursion |
448 | way. "TO_JSON" must take care of not causing an endless recursion |
| 427 | cycle (== crash) in this case. The name of "TO_JSON" was chosen |
449 | cycle (== crash) in this case. The name of "TO_JSON" was chosen |
| 428 | because other methods called by the Perl core (== not by the user of |
450 | because other methods called by the Perl core (== not by the user of |
| 429 | the object) are usually in upper case letters and to avoid |
451 | the object) are usually in upper case letters and to avoid |
| 430 | collisions with any "to_json" function or method. |
452 | collisions with any "to_json" function or method. |
| 431 | |
453 | |
| 432 | This setting does not yet influence "decode" in any way, but in the |
454 | If $enable is false (the default), then "encode" will not consider |
| 433 | future, global hooks might get installed that influence "decode" and |
455 | this type of conversion. |
| 434 | are enabled by this setting. |
|
|
| 435 | |
456 | |
| 436 | If $enable is false, then the "allow_blessed" setting will decide |
457 | This setting has no effect on "decode". |
| 437 | what to do when a blessed object is found. |
458 | |
|
|
459 | $json = $json->allow_tags ([$enable]) |
|
|
460 | $enabled = $json->allow_tags |
|
|
461 | See "OBJECT SERIALISATION" for details. |
|
|
462 | |
|
|
463 | If $enable is true (or missing), then "encode", upon encountering a |
|
|
464 | blessed object, will check for the availability of the "FREEZE" |
|
|
465 | method on the object's class. If found, it will be used to serialise |
|
|
466 | the object into a nonstandard tagged JSON value (that JSON decoders |
|
|
467 | cannot decode). |
|
|
468 | |
|
|
469 | It also causes "decode" to parse such tagged JSON values and |
|
|
470 | deserialise them via a call to the "THAW" method. |
|
|
471 | |
|
|
472 | If $enable is false (the default), then "encode" will not consider |
|
|
473 | this type of conversion, and tagged JSON values will cause a parse |
|
|
474 | error in "decode", as if tags were not part of the grammar. |
| 438 | |
475 | |
| 439 | $json = $json->filter_json_object ([$coderef->($hashref)]) |
476 | $json = $json->filter_json_object ([$coderef->($hashref)]) |
| 440 | When $coderef is specified, it will be called from "decode" each |
477 | When $coderef is specified, it will be called from "decode" each |
| 441 | time it decodes a JSON object. The only argument is a reference to |
478 | time it decodes a JSON object. The only argument is a reference to |
| 442 | the newly-created hash. If the code references returns a single |
479 | the newly-created hash. If the code references returns a single |
| … | |
… | |
| 541 | saving space. |
578 | saving space. |
| 542 | |
579 | |
| 543 | $json = $json->max_depth ([$maximum_nesting_depth]) |
580 | $json = $json->max_depth ([$maximum_nesting_depth]) |
| 544 | $max_depth = $json->get_max_depth |
581 | $max_depth = $json->get_max_depth |
| 545 | Sets the maximum nesting level (default 512) accepted while encoding |
582 | Sets the maximum nesting level (default 512) accepted while encoding |
| 546 | or decoding. If the JSON text or Perl data structure has an equal or |
583 | or decoding. If a higher nesting level is detected in JSON text or a |
| 547 | higher nesting level then this limit, then the encoder and decoder |
584 | Perl data structure, then the encoder and decoder will stop and |
| 548 | will stop and croak at that point. |
585 | croak at that point. |
| 549 | |
586 | |
| 550 | Nesting level is defined by number of hash- or arrayrefs that the |
587 | Nesting level is defined by number of hash- or arrayrefs that the |
| 551 | encoder needs to traverse to reach a given point or the number of |
588 | encoder needs to traverse to reach a given point or the number of |
| 552 | "{" or "[" characters without their matching closing parenthesis |
589 | "{" or "[" characters without their matching closing parenthesis |
| 553 | crossed to reach a given character in a string. |
590 | crossed to reach a given character in a string. |
| 554 | |
591 | |
| 555 | Setting the maximum depth to one disallows any nesting, so that |
592 | Setting the maximum depth to one disallows any nesting, so that |
| 556 | ensures that the object is only a single hash/object or array. |
593 | ensures that the object is only a single hash/object or array. |
| 557 | |
594 | |
| 558 | The argument to "max_depth" will be rounded up to the next highest |
|
|
| 559 | power of two. If no argument is given, the highest possible setting |
595 | If no argument is given, the highest possible setting will be used, |
| 560 | will be used, which is rarely useful. |
596 | which is rarely useful. |
|
|
597 | |
|
|
598 | Note that nesting is implemented by recursion in C. The default |
|
|
599 | value has been chosen to be as large as typical operating systems |
|
|
600 | allow without crashing. |
| 561 | |
601 | |
| 562 | See SECURITY CONSIDERATIONS, below, for more info on why this is |
602 | See SECURITY CONSIDERATIONS, below, for more info on why this is |
| 563 | useful. |
603 | useful. |
| 564 | |
604 | |
| 565 | $json = $json->max_size ([$maximum_string_size]) |
605 | $json = $json->max_size ([$maximum_string_size]) |
| 566 | $max_size = $json->get_max_size |
606 | $max_size = $json->get_max_size |
| 567 | Set the maximum length a JSON text may have (in bytes) where |
607 | Set the maximum length a JSON text may have (in bytes) where |
| 568 | decoding is being attempted. The default is 0, meaning no limit. |
608 | decoding is being attempted. The default is 0, meaning no limit. |
| 569 | When "decode" is called on a string longer then this number of |
609 | When "decode" is called on a string that is longer then this many |
| 570 | characters it will not attempt to decode the string but throw an |
610 | bytes, it will not attempt to decode the string but throw an |
| 571 | exception. This setting has no effect on "encode" (yet). |
611 | exception. This setting has no effect on "encode" (yet). |
| 572 | |
612 | |
| 573 | The argument to "max_size" will be rounded up to the next highest |
|
|
| 574 | power of two (so may be more than requested). If no argument is |
|
|
| 575 | given, the limit check will be deactivated (same as when 0 is |
613 | If no argument is given, the limit check will be deactivated (same |
| 576 | specified). |
614 | as when 0 is specified). |
| 577 | |
615 | |
| 578 | See SECURITY CONSIDERATIONS, below, for more info on why this is |
616 | See SECURITY CONSIDERATIONS, below, for more info on why this is |
| 579 | useful. |
617 | useful. |
| 580 | |
618 | |
| 581 | $json_text = $json->encode ($perl_scalar) |
619 | $json_text = $json->encode ($perl_scalar) |
| 582 | Converts the given Perl data structure (a simple scalar or a |
620 | Converts the given Perl value or data structure to its JSON |
| 583 | reference to a hash or array) to its JSON representation. Simple |
621 | representation. Croaks on error. |
| 584 | scalars will be converted into JSON string or number sequences, |
|
|
| 585 | while references to arrays become JSON arrays and references to |
|
|
| 586 | hashes become JSON objects. Undefined Perl values (e.g. "undef") |
|
|
| 587 | become JSON "null" values. Neither "true" nor "false" values will be |
|
|
| 588 | generated. |
|
|
| 589 | |
622 | |
| 590 | $perl_scalar = $json->decode ($json_text) |
623 | $perl_scalar = $json->decode ($json_text) |
| 591 | The opposite of "encode": expects a JSON text and tries to parse it, |
624 | The opposite of "encode": expects a JSON text and tries to parse it, |
| 592 | returning the resulting simple scalar or reference. Croaks on error. |
625 | returning the resulting simple scalar or reference. Croaks on error. |
| 593 | |
|
|
| 594 | JSON numbers and strings become simple Perl scalars. JSON arrays |
|
|
| 595 | become Perl arrayrefs and JSON objects become Perl hashrefs. "true" |
|
|
| 596 | becomes 1, "false" becomes 0 and "null" becomes "undef". |
|
|
| 597 | |
626 | |
| 598 | ($perl_scalar, $characters) = $json->decode_prefix ($json_text) |
627 | ($perl_scalar, $characters) = $json->decode_prefix ($json_text) |
| 599 | This works like the "decode" method, but instead of raising an |
628 | This works like the "decode" method, but instead of raising an |
| 600 | exception when there is trailing garbage after the first JSON |
629 | exception when there is trailing garbage after the first JSON |
| 601 | object, it will silently stop parsing there and return the number of |
630 | object, it will silently stop parsing there and return the number of |
| 602 | characters consumed so far. |
631 | characters consumed so far. |
| 603 | |
632 | |
| 604 | This is useful if your JSON texts are not delimited by an outer |
633 | This is useful if your JSON texts are not delimited by an outer |
| 605 | protocol (which is not the brightest thing to do in the first place) |
|
|
| 606 | and you need to know where the JSON text ends. |
634 | protocol and you need to know where the JSON text ends. |
| 607 | |
635 | |
| 608 | JSON::XS->new->decode_prefix ("[1] the tail") |
636 | JSON::XS->new->decode_prefix ("[1] the tail") |
| 609 | => ([], 3) |
637 | => ([1], 3) |
|
|
638 | |
|
|
639 | INCREMENTAL PARSING |
|
|
640 | In some cases, there is the need for incremental parsing of JSON texts. |
|
|
641 | While this module always has to keep both JSON text and resulting Perl |
|
|
642 | data structure in memory at one time, it does allow you to parse a JSON |
|
|
643 | stream incrementally. It does so by accumulating text until it has a |
|
|
644 | full JSON object, which it then can decode. This process is similar to |
|
|
645 | using "decode_prefix" to see if a full JSON object is available, but is |
|
|
646 | much more efficient (and can be implemented with a minimum of method |
|
|
647 | calls). |
|
|
648 | |
|
|
649 | JSON::XS will only attempt to parse the JSON text once it is sure it has |
|
|
650 | enough text to get a decisive result, using a very simple but truly |
|
|
651 | incremental parser. This means that it sometimes won't stop as early as |
|
|
652 | the full parser, for example, it doesn't detect mismatched parentheses. |
|
|
653 | The only thing it guarantees is that it starts decoding as soon as a |
|
|
654 | syntactically valid JSON text has been seen. This means you need to set |
|
|
655 | resource limits (e.g. "max_size") to ensure the parser will stop parsing |
|
|
656 | in the presence if syntax errors. |
|
|
657 | |
|
|
658 | The following methods implement this incremental parser. |
|
|
659 | |
|
|
660 | [void, scalar or list context] = $json->incr_parse ([$string]) |
|
|
661 | This is the central parsing function. It can both append new text |
|
|
662 | and extract objects from the stream accumulated so far (both of |
|
|
663 | these functions are optional). |
|
|
664 | |
|
|
665 | If $string is given, then this string is appended to the already |
|
|
666 | existing JSON fragment stored in the $json object. |
|
|
667 | |
|
|
668 | After that, if the function is called in void context, it will |
|
|
669 | simply return without doing anything further. This can be used to |
|
|
670 | add more text in as many chunks as you want. |
|
|
671 | |
|
|
672 | If the method is called in scalar context, then it will try to |
|
|
673 | extract exactly *one* JSON object. If that is successful, it will |
|
|
674 | return this object, otherwise it will return "undef". If there is a |
|
|
675 | parse error, this method will croak just as "decode" would do (one |
|
|
676 | can then use "incr_skip" to skip the erroneous part). This is the |
|
|
677 | most common way of using the method. |
|
|
678 | |
|
|
679 | And finally, in list context, it will try to extract as many objects |
|
|
680 | from the stream as it can find and return them, or the empty list |
|
|
681 | otherwise. For this to work, there must be no separators between the |
|
|
682 | JSON objects or arrays, instead they must be concatenated |
|
|
683 | back-to-back. If an error occurs, an exception will be raised as in |
|
|
684 | the scalar context case. Note that in this case, any |
|
|
685 | previously-parsed JSON texts will be lost. |
|
|
686 | |
|
|
687 | Example: Parse some JSON arrays/objects in a given string and return |
|
|
688 | them. |
|
|
689 | |
|
|
690 | my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]"); |
|
|
691 | |
|
|
692 | $lvalue_string = $json->incr_text |
|
|
693 | This method returns the currently stored JSON fragment as an lvalue, |
|
|
694 | that is, you can manipulate it. This *only* works when a preceding |
|
|
695 | call to "incr_parse" in *scalar context* successfully returned an |
|
|
696 | object. Under all other circumstances you must not call this |
|
|
697 | function (I mean it. although in simple tests it might actually |
|
|
698 | work, it *will* fail under real world conditions). As a special |
|
|
699 | exception, you can also call this method before having parsed |
|
|
700 | anything. |
|
|
701 | |
|
|
702 | This function is useful in two cases: a) finding the trailing text |
|
|
703 | after a JSON object or b) parsing multiple JSON objects separated by |
|
|
704 | non-JSON text (such as commas). |
|
|
705 | |
|
|
706 | $json->incr_skip |
|
|
707 | This will reset the state of the incremental parser and will remove |
|
|
708 | the parsed text from the input buffer so far. This is useful after |
|
|
709 | "incr_parse" died, in which case the input buffer and incremental |
|
|
710 | parser state is left unchanged, to skip the text parsed so far and |
|
|
711 | to reset the parse state. |
|
|
712 | |
|
|
713 | The difference to "incr_reset" is that only text until the parse |
|
|
714 | error occurred is removed. |
|
|
715 | |
|
|
716 | $json->incr_reset |
|
|
717 | This completely resets the incremental parser, that is, after this |
|
|
718 | call, it will be as if the parser had never parsed anything. |
|
|
719 | |
|
|
720 | This is useful if you want to repeatedly parse JSON objects and want |
|
|
721 | to ignore any trailing data, which means you have to reset the |
|
|
722 | parser after each successful decode. |
|
|
723 | |
|
|
724 | LIMITATIONS |
|
|
725 | All options that affect decoding are supported, except "allow_nonref". |
|
|
726 | The reason for this is that it cannot be made to work sensibly: JSON |
|
|
727 | objects and arrays are self-delimited, i.e. you can concatenate them |
|
|
728 | back to back and still decode them perfectly. This does not hold true |
|
|
729 | for JSON numbers, however. |
|
|
730 | |
|
|
731 | For example, is the string 1 a single JSON number, or is it simply the |
|
|
732 | start of 12? Or is 12 a single JSON number, or the concatenation of 1 |
|
|
733 | and 2? In neither case you can tell, and this is why JSON::XS takes the |
|
|
734 | conservative route and disallows this case. |
|
|
735 | |
|
|
736 | EXAMPLES |
|
|
737 | Some examples will make all this clearer. First, a simple example that |
|
|
738 | works similarly to "decode_prefix": We want to decode the JSON object at |
|
|
739 | the start of a string and identify the portion after the JSON object: |
|
|
740 | |
|
|
741 | my $text = "[1,2,3] hello"; |
|
|
742 | |
|
|
743 | my $json = new JSON::XS; |
|
|
744 | |
|
|
745 | my $obj = $json->incr_parse ($text) |
|
|
746 | or die "expected JSON object or array at beginning of string"; |
|
|
747 | |
|
|
748 | my $tail = $json->incr_text; |
|
|
749 | # $tail now contains " hello" |
|
|
750 | |
|
|
751 | Easy, isn't it? |
|
|
752 | |
|
|
753 | Now for a more complicated example: Imagine a hypothetical protocol |
|
|
754 | where you read some requests from a TCP stream, and each request is a |
|
|
755 | JSON array, without any separation between them (in fact, it is often |
|
|
756 | useful to use newlines as "separators", as these get interpreted as |
|
|
757 | whitespace at the start of the JSON text, which makes it possible to |
|
|
758 | test said protocol with "telnet"...). |
|
|
759 | |
|
|
760 | Here is how you'd do it (it is trivial to write this in an event-based |
|
|
761 | manner): |
|
|
762 | |
|
|
763 | my $json = new JSON::XS; |
|
|
764 | |
|
|
765 | # read some data from the socket |
|
|
766 | while (sysread $socket, my $buf, 4096) { |
|
|
767 | |
|
|
768 | # split and decode as many requests as possible |
|
|
769 | for my $request ($json->incr_parse ($buf)) { |
|
|
770 | # act on the $request |
|
|
771 | } |
|
|
772 | } |
|
|
773 | |
|
|
774 | Another complicated example: Assume you have a string with JSON objects |
|
|
775 | or arrays, all separated by (optional) comma characters (e.g. "[1],[2], |
|
|
776 | [3]"). To parse them, we have to skip the commas between the JSON texts, |
|
|
777 | and here is where the lvalue-ness of "incr_text" comes in useful: |
|
|
778 | |
|
|
779 | my $text = "[1],[2], [3]"; |
|
|
780 | my $json = new JSON::XS; |
|
|
781 | |
|
|
782 | # void context, so no parsing done |
|
|
783 | $json->incr_parse ($text); |
|
|
784 | |
|
|
785 | # now extract as many objects as possible. note the |
|
|
786 | # use of scalar context so incr_text can be called. |
|
|
787 | while (my $obj = $json->incr_parse) { |
|
|
788 | # do something with $obj |
|
|
789 | |
|
|
790 | # now skip the optional comma |
|
|
791 | $json->incr_text =~ s/^ \s* , //x; |
|
|
792 | } |
|
|
793 | |
|
|
794 | Now lets go for a very complex example: Assume that you have a gigantic |
|
|
795 | JSON array-of-objects, many gigabytes in size, and you want to parse it, |
|
|
796 | but you cannot load it into memory fully (this has actually happened in |
|
|
797 | the real world :). |
|
|
798 | |
|
|
799 | Well, you lost, you have to implement your own JSON parser. But JSON::XS |
|
|
800 | can still help you: You implement a (very simple) array parser and let |
|
|
801 | JSON decode the array elements, which are all full JSON objects on their |
|
|
802 | own (this wouldn't work if the array elements could be JSON numbers, for |
|
|
803 | example): |
|
|
804 | |
|
|
805 | my $json = new JSON::XS; |
|
|
806 | |
|
|
807 | # open the monster |
|
|
808 | open my $fh, "<bigfile.json" |
|
|
809 | or die "bigfile: $!"; |
|
|
810 | |
|
|
811 | # first parse the initial "[" |
|
|
812 | for (;;) { |
|
|
813 | sysread $fh, my $buf, 65536 |
|
|
814 | or die "read error: $!"; |
|
|
815 | $json->incr_parse ($buf); # void context, so no parsing |
|
|
816 | |
|
|
817 | # Exit the loop once we found and removed(!) the initial "[". |
|
|
818 | # In essence, we are (ab-)using the $json object as a simple scalar |
|
|
819 | # we append data to. |
|
|
820 | last if $json->incr_text =~ s/^ \s* \[ //x; |
|
|
821 | } |
|
|
822 | |
|
|
823 | # now we have the skipped the initial "[", so continue |
|
|
824 | # parsing all the elements. |
|
|
825 | for (;;) { |
|
|
826 | # in this loop we read data until we got a single JSON object |
|
|
827 | for (;;) { |
|
|
828 | if (my $obj = $json->incr_parse) { |
|
|
829 | # do something with $obj |
|
|
830 | last; |
|
|
831 | } |
|
|
832 | |
|
|
833 | # add more data |
|
|
834 | sysread $fh, my $buf, 65536 |
|
|
835 | or die "read error: $!"; |
|
|
836 | $json->incr_parse ($buf); # void context, so no parsing |
|
|
837 | } |
|
|
838 | |
|
|
839 | # in this loop we read data until we either found and parsed the |
|
|
840 | # separating "," between elements, or the final "]" |
|
|
841 | for (;;) { |
|
|
842 | # first skip whitespace |
|
|
843 | $json->incr_text =~ s/^\s*//; |
|
|
844 | |
|
|
845 | # if we find "]", we are done |
|
|
846 | if ($json->incr_text =~ s/^\]//) { |
|
|
847 | print "finished.\n"; |
|
|
848 | exit; |
|
|
849 | } |
|
|
850 | |
|
|
851 | # if we find ",", we can continue with the next element |
|
|
852 | if ($json->incr_text =~ s/^,//) { |
|
|
853 | last; |
|
|
854 | } |
|
|
855 | |
|
|
856 | # if we find anything else, we have a parse error! |
|
|
857 | if (length $json->incr_text) { |
|
|
858 | die "parse error near ", $json->incr_text; |
|
|
859 | } |
|
|
860 | |
|
|
861 | # else add more data |
|
|
862 | sysread $fh, my $buf, 65536 |
|
|
863 | or die "read error: $!"; |
|
|
864 | $json->incr_parse ($buf); # void context, so no parsing |
|
|
865 | } |
|
|
866 | |
|
|
867 | This is a complex example, but most of the complexity comes from the |
|
|
868 | fact that we are trying to be correct (bear with me if I am wrong, I |
|
|
869 | never ran the above example :). |
| 610 | |
870 | |
| 611 | MAPPING |
871 | MAPPING |
| 612 | This section describes how JSON::XS maps Perl values to JSON values and |
872 | This section describes how JSON::XS maps Perl values to JSON values and |
| 613 | vice versa. These mappings are designed to "do the right thing" in most |
873 | vice versa. These mappings are designed to "do the right thing" in most |
| 614 | circumstances automatically, preserving round-tripping characteristics |
874 | circumstances automatically, preserving round-tripping characteristics |
| … | |
… | |
| 643 | If the number consists of digits only, JSON::XS will try to |
903 | If the number consists of digits only, JSON::XS will try to |
| 644 | represent it as an integer value. If that fails, it will try to |
904 | represent it as an integer value. If that fails, it will try to |
| 645 | represent it as a numeric (floating point) value if that is possible |
905 | represent it as a numeric (floating point) value if that is possible |
| 646 | without loss of precision. Otherwise it will preserve the number as |
906 | without loss of precision. Otherwise it will preserve the number as |
| 647 | a string value (in which case you lose roundtripping ability, as the |
907 | a string value (in which case you lose roundtripping ability, as the |
| 648 | JSON number will be re-encoded toa JSON string). |
908 | JSON number will be re-encoded to a JSON string). |
| 649 | |
909 | |
| 650 | Numbers containing a fractional or exponential part will always be |
910 | Numbers containing a fractional or exponential part will always be |
| 651 | represented as numeric (floating point) values, possibly at a loss |
911 | represented as numeric (floating point) values, possibly at a loss |
| 652 | of precision (in which case you might lose perfect roundtripping |
912 | of precision (in which case you might lose perfect roundtripping |
| 653 | ability, but the JSON number will still be re-encoded as a JSON |
913 | ability, but the JSON number will still be re-encoded as a JSON |
| 654 | number). |
914 | number). |
| 655 | |
915 | |
|
|
916 | Note that precision is not accuracy - binary floating point values |
|
|
917 | cannot represent most decimal fractions exactly, and when converting |
|
|
918 | from and to floating point, JSON::XS only guarantees precision up to |
|
|
919 | but not including the least significant bit. |
|
|
920 | |
| 656 | true, false |
921 | true, false |
| 657 | These JSON atoms become "JSON::XS::true" and "JSON::XS::false", |
922 | These JSON atoms become "Types::Serialiser::true" and |
| 658 | respectively. They are overloaded to act almost exactly like the |
923 | "Types::Serialiser::false", respectively. They are overloaded to act |
| 659 | numbers 1 and 0. You can check whether a scalar is a JSON boolean by |
924 | almost exactly like the numbers 1 and 0. You can check whether a |
| 660 | using the "JSON::XS::is_bool" function. |
925 | scalar is a JSON boolean by using the "Types::Serialiser::is_bool" |
|
|
926 | function (after "use Types::Serialier", of course). |
| 661 | |
927 | |
| 662 | null |
928 | null |
| 663 | A JSON null atom becomes "undef" in Perl. |
929 | A JSON null atom becomes "undef" in Perl. |
|
|
930 | |
|
|
931 | shell-style comments ("# *text*") |
|
|
932 | As a nonstandard extension to the JSON syntax that is enabled by the |
|
|
933 | "relaxed" setting, shell-style comments are allowed. They can start |
|
|
934 | anywhere outside strings and go till the end of the line. |
|
|
935 | |
|
|
936 | tagged values ("(*tag*)*value*"). |
|
|
937 | Another nonstandard extension to the JSON syntax, enabled with the |
|
|
938 | "allow_tags" setting, are tagged values. In this implementation, the |
|
|
939 | *tag* must be a perl package/class name encoded as a JSON string, |
|
|
940 | and the *value* must be a JSON array encoding optional constructor |
|
|
941 | arguments. |
|
|
942 | |
|
|
943 | See "OBJECT SERIALISATION", below, for details. |
| 664 | |
944 | |
| 665 | PERL -> JSON |
945 | PERL -> JSON |
| 666 | The mapping from Perl to JSON is slightly more difficult, as Perl is a |
946 | The mapping from Perl to JSON is slightly more difficult, as Perl is a |
| 667 | truly typeless language, so we can only guess which JSON type is meant |
947 | truly typeless language, so we can only guess which JSON type is meant |
| 668 | by a Perl value. |
948 | by a Perl value. |
| 669 | |
949 | |
| 670 | hash references |
950 | hash references |
| 671 | Perl hash references become JSON objects. As there is no inherent |
951 | Perl hash references become JSON objects. As there is no inherent |
| 672 | ordering in hash keys (or JSON objects), they will usually be |
952 | ordering in hash keys (or JSON objects), they will usually be |
| 673 | encoded in a pseudo-random order that can change between runs of the |
953 | encoded in a pseudo-random order. JSON::XS can optionally sort the |
| 674 | same program but stays generally the same within a single run of a |
954 | hash keys (determined by the *canonical* flag), so the same |
| 675 | program. JSON::XS can optionally sort the hash keys (determined by |
955 | datastructure will serialise to the same JSON text (given same |
| 676 | the *canonical* flag), so the same datastructure will serialise to |
956 | settings and version of JSON::XS), but this incurs a runtime |
| 677 | the same JSON text (given same settings and version of JSON::XS), |
957 | overhead and is only rarely useful, e.g. when you want to compare |
| 678 | but this incurs a runtime overhead and is only rarely useful, e.g. |
958 | some JSON text against another for equality. |
| 679 | when you want to compare some JSON text against another for |
|
|
| 680 | equality. |
|
|
| 681 | |
959 | |
| 682 | array references |
960 | array references |
| 683 | Perl array references become JSON arrays. |
961 | Perl array references become JSON arrays. |
| 684 | |
962 | |
| 685 | other references |
963 | other references |
| 686 | Other unblessed references are generally not allowed and will cause |
964 | Other unblessed references are generally not allowed and will cause |
| 687 | an exception to be thrown, except for references to the integers 0 |
965 | an exception to be thrown, except for references to the integers 0 |
| 688 | and 1, which get turned into "false" and "true" atoms in JSON. You |
966 | and 1, which get turned into "false" and "true" atoms in JSON. |
| 689 | can also use "JSON::XS::false" and "JSON::XS::true" to improve |
967 | |
|
|
968 | Since "JSON::XS" uses the boolean model from Types::Serialiser, you |
|
|
969 | can also "use Types::Serialiser" and then use |
|
|
970 | "Types::Serialiser::false" and "Types::Serialiser::true" to improve |
| 690 | readability. |
971 | readability. |
| 691 | |
972 | |
|
|
973 | use Types::Serialiser; |
| 692 | encode_json [\0,JSON::XS::true] # yields [false,true] |
974 | encode_json [\0, Types::Serialiser::true] # yields [false,true] |
| 693 | |
975 | |
| 694 | JSON::XS::true, JSON::XS::false |
976 | Types::Serialiser::true, Types::Serialiser::false |
| 695 | These special values become JSON true and JSON false values, |
977 | These special values from the Types::Serialiser module become JSON |
| 696 | respectively. You can also use "\1" and "\0" directly if you want. |
978 | true and JSON false values, respectively. You can also use "\1" and |
|
|
979 | "\0" directly if you want. |
| 697 | |
980 | |
| 698 | blessed objects |
981 | blessed objects |
| 699 | Blessed objects are not directly representable in JSON. See the |
982 | Blessed objects are not directly representable in JSON, but |
| 700 | "allow_blessed" and "convert_blessed" methods on various options on |
983 | "JSON::XS" allows various ways of handling objects. See "OBJECT |
| 701 | how to deal with this: basically, you can choose between throwing an |
984 | SERIALISATION", below, for details. |
| 702 | exception, encoding the reference as if it weren't blessed, or |
|
|
| 703 | provide your own serialiser method. |
|
|
| 704 | |
985 | |
| 705 | simple scalars |
986 | simple scalars |
| 706 | Simple Perl scalars (any scalar that is not a reference) are the |
987 | Simple Perl scalars (any scalar that is not a reference) are the |
| 707 | most difficult objects to encode: JSON::XS will encode undefined |
988 | most difficult objects to encode: JSON::XS will encode undefined |
| 708 | scalars as JSON "null" values, scalars that have last been used in a |
989 | scalars as JSON "null" values, scalars that have last been used in a |
| … | |
… | |
| 734 | $x += 0; # numify it, ensuring it will be dumped as a number |
1015 | $x += 0; # numify it, ensuring it will be dumped as a number |
| 735 | $x *= 1; # same thing, the choice is yours. |
1016 | $x *= 1; # same thing, the choice is yours. |
| 736 | |
1017 | |
| 737 | You can not currently force the type in other, less obscure, ways. |
1018 | You can not currently force the type in other, less obscure, ways. |
| 738 | Tell me if you need this capability (but don't forget to explain why |
1019 | Tell me if you need this capability (but don't forget to explain why |
| 739 | its needed :). |
1020 | it's needed :). |
|
|
1021 | |
|
|
1022 | Note that numerical precision has the same meaning as under Perl (so |
|
|
1023 | binary to decimal conversion follows the same rules as in Perl, |
|
|
1024 | which can differ to other languages). Also, your perl interpreter |
|
|
1025 | might expose extensions to the floating point numbers of your |
|
|
1026 | platform, such as infinities or NaN's - these cannot be represented |
|
|
1027 | in JSON, and it is an error to pass those in. |
|
|
1028 | |
|
|
1029 | OBJECT SERIALISATION |
|
|
1030 | As JSON cannot directly represent Perl objects, you have to choose |
|
|
1031 | between a pure JSON representation (without the ability to deserialise |
|
|
1032 | the object automatically again), and a nonstandard extension to the JSON |
|
|
1033 | syntax, tagged values. |
|
|
1034 | |
|
|
1035 | SERIALISATION |
|
|
1036 | What happens when "JSON::XS" encounters a Perl object depends on the |
|
|
1037 | "allow_blessed", "convert_blessed" and "allow_tags" settings, which are |
|
|
1038 | used in this order: |
|
|
1039 | |
|
|
1040 | 1. "allow_tags" is enabled and the object has a "FREEZE" method. |
|
|
1041 | In this case, "JSON::XS" uses the Types::Serialiser object |
|
|
1042 | serialisation protocol to create a tagged JSON value, using a |
|
|
1043 | nonstandard extension to the JSON syntax. |
|
|
1044 | |
|
|
1045 | This works by invoking the "FREEZE" method on the object, with the |
|
|
1046 | first argument being the object to serialise, and the second |
|
|
1047 | argument being the constant string "JSON" to distinguish it from |
|
|
1048 | other serialisers. |
|
|
1049 | |
|
|
1050 | The "FREEZE" method can return any number of values (i.e. zero or |
|
|
1051 | more). These values and the paclkage/classname of the object will |
|
|
1052 | then be encoded as a tagged JSON value in the following format: |
|
|
1053 | |
|
|
1054 | ("classname")[FREEZE return values...] |
|
|
1055 | |
|
|
1056 | e.g.: |
|
|
1057 | |
|
|
1058 | ("URI")["http://www.google.com/"] |
|
|
1059 | ("MyDate")[2013,10,29] |
|
|
1060 | ("ImageData::JPEG")["Z3...VlCg=="] |
|
|
1061 | |
|
|
1062 | For example, the hypothetical "My::Object" "FREEZE" method might use |
|
|
1063 | the objects "type" and "id" members to encode the object: |
|
|
1064 | |
|
|
1065 | sub My::Object::FREEZE { |
|
|
1066 | my ($self, $serialiser) = @_; |
|
|
1067 | |
|
|
1068 | ($self->{type}, $self->{id}) |
|
|
1069 | } |
|
|
1070 | |
|
|
1071 | 2. "convert_blessed" is enabled and the object has a "TO_JSON" method. |
|
|
1072 | In this case, the "TO_JSON" method of the object is invoked in |
|
|
1073 | scalar context. It must return a single scalar that can be directly |
|
|
1074 | encoded into JSON. This scalar replaces the object in the JSON text. |
|
|
1075 | |
|
|
1076 | For example, the following "TO_JSON" method will convert all URI |
|
|
1077 | objects to JSON strings when serialised. The fatc that these values |
|
|
1078 | originally were URI objects is lost. |
|
|
1079 | |
|
|
1080 | sub URI::TO_JSON { |
|
|
1081 | my ($uri) = @_; |
|
|
1082 | $uri->as_string |
|
|
1083 | } |
|
|
1084 | |
|
|
1085 | 3. "allow_blessed" is enabled. |
|
|
1086 | The object will be serialised as a JSON null value. |
|
|
1087 | |
|
|
1088 | 4. none of the above |
|
|
1089 | If none of the settings are enabled or the respective methods are |
|
|
1090 | missing, "JSON::XS" throws an exception. |
|
|
1091 | |
|
|
1092 | DESERIALISATION |
|
|
1093 | For deserialisation there are only two cases to consider: either |
|
|
1094 | nonstandard tagging was used, in which case "allow_tags" decides, or |
|
|
1095 | objects cannot be automatically be deserialised, in which case you can |
|
|
1096 | use postprocessing or the "filter_json_object" or |
|
|
1097 | "filter_json_single_key_object" callbacks to get some real objects our |
|
|
1098 | of your JSON. |
|
|
1099 | |
|
|
1100 | This section only considers the tagged value case: I a tagged JSON |
|
|
1101 | object is encountered during decoding and "allow_tags" is disabled, a |
|
|
1102 | parse error will result (as if tagged values were not part of the |
|
|
1103 | grammar). |
|
|
1104 | |
|
|
1105 | If "allow_tags" is enabled, "JSON::XS" will look up the "THAW" method of |
|
|
1106 | the package/classname used during serialisation (it will not attempt to |
|
|
1107 | load the package as a Perl module). If there is no such method, the |
|
|
1108 | decoding will fail with an error. |
|
|
1109 | |
|
|
1110 | Otherwise, the "THAW" method is invoked with the classname as first |
|
|
1111 | argument, the constant string "JSON" as second argument, and all the |
|
|
1112 | values from the JSON array (the values originally returned by the |
|
|
1113 | "FREEZE" method) as remaining arguments. |
|
|
1114 | |
|
|
1115 | The method must then return the object. While technically you can return |
|
|
1116 | any Perl scalar, you might have to enable the "enable_nonref" setting to |
|
|
1117 | make that work in all cases, so better return an actual blessed |
|
|
1118 | reference. |
|
|
1119 | |
|
|
1120 | As an example, let's implement a "THAW" function that regenerates the |
|
|
1121 | "My::Object" from the "FREEZE" example earlier: |
|
|
1122 | |
|
|
1123 | sub My::Object::THAW { |
|
|
1124 | my ($class, $serialiser, $type, $id) = @_; |
|
|
1125 | |
|
|
1126 | $class->new (type => $type, id => $id) |
|
|
1127 | } |
| 740 | |
1128 | |
| 741 | ENCODING/CODESET FLAG NOTES |
1129 | ENCODING/CODESET FLAG NOTES |
| 742 | The interested reader might have seen a number of flags that signify |
1130 | The interested reader might have seen a number of flags that signify |
| 743 | encodings or codesets - "utf8", "latin1" and "ascii". There seems to be |
1131 | encodings or codesets - "utf8", "latin1" and "ascii". There seems to be |
| 744 | some confusion on what these do, so here is a short comparison: |
1132 | some confusion on what these do, so here is a short comparison: |
| 745 | |
1133 | |
| 746 | "utf8" controls wether the JSON text created by "encode" (and expected |
1134 | "utf8" controls whether the JSON text created by "encode" (and expected |
| 747 | by "decode") is UTF-8 encoded or not, while "latin1" and "ascii" only |
1135 | by "decode") is UTF-8 encoded or not, while "latin1" and "ascii" only |
| 748 | control wether "encode" escapes character values outside their |
1136 | control whether "encode" escapes character values outside their |
| 749 | respective codeset range. Neither of these flags conflict with each |
1137 | respective codeset range. Neither of these flags conflict with each |
| 750 | other, although some combinations make less sense than others. |
1138 | other, although some combinations make less sense than others. |
| 751 | |
1139 | |
| 752 | Care has been taken to make all flags symmetrical with respect to |
1140 | Care has been taken to make all flags symmetrical with respect to |
| 753 | "encode" and "decode", that is, texts encoded with any combination of |
1141 | "encode" and "decode", that is, texts encoded with any combination of |
| … | |
… | |
| 764 | |
1152 | |
| 765 | "utf8" flag disabled |
1153 | "utf8" flag disabled |
| 766 | When "utf8" is disabled (the default), then "encode"/"decode" |
1154 | When "utf8" is disabled (the default), then "encode"/"decode" |
| 767 | generate and expect Unicode strings, that is, characters with high |
1155 | generate and expect Unicode strings, that is, characters with high |
| 768 | ordinal Unicode values (> 255) will be encoded as such characters, |
1156 | ordinal Unicode values (> 255) will be encoded as such characters, |
| 769 | and likewise such characters are decoded as-is, no canges to them |
1157 | and likewise such characters are decoded as-is, no changes to them |
| 770 | will be done, except "(re-)interpreting" them as Unicode codepoints |
1158 | will be done, except "(re-)interpreting" them as Unicode codepoints |
| 771 | or Unicode characters, respectively (to Perl, these are the same |
1159 | or Unicode characters, respectively (to Perl, these are the same |
| 772 | thing in strings unless you do funny/weird/dumb stuff). |
1160 | thing in strings unless you do funny/weird/dumb stuff). |
| 773 | |
1161 | |
| 774 | This is useful when you want to do the encoding yourself (e.g. when |
1162 | This is useful when you want to do the encoding yourself (e.g. when |
| … | |
… | |
| 831 | structure back. This is useful when your channel for JSON transfer |
1219 | structure back. This is useful when your channel for JSON transfer |
| 832 | is not 8-bit clean or the encoding might be mangled in between (e.g. |
1220 | is not 8-bit clean or the encoding might be mangled in between (e.g. |
| 833 | in mail), and works because ASCII is a proper subset of most 8-bit |
1221 | in mail), and works because ASCII is a proper subset of most 8-bit |
| 834 | and multibyte encodings in use in the world. |
1222 | and multibyte encodings in use in the world. |
| 835 | |
1223 | |
| 836 | COMPARISON |
1224 | JSON and ECMAscript |
| 837 | As already mentioned, this module was created because none of the |
1225 | JSON syntax is based on how literals are represented in javascript (the |
| 838 | existing JSON modules could be made to work correctly. First I will |
1226 | not-standardised predecessor of ECMAscript) which is presumably why it |
| 839 | describe the problems (or pleasures) I encountered with various existing |
1227 | is called "JavaScript Object Notation". |
| 840 | JSON modules, followed by some benchmark values. JSON::XS was designed |
|
|
| 841 | not to suffer from any of these problems or limitations. |
|
|
| 842 | |
1228 | |
| 843 | JSON 2.xx |
1229 | However, JSON is not a subset (and also not a superset of course) of |
| 844 | A marvellous piece of engineering, this module either uses JSON::XS |
1230 | ECMAscript (the standard) or javascript (whatever browsers actually |
| 845 | directly when available (so will be 100% compatible with it, |
1231 | implement). |
| 846 | including speed), or it uses JSON::PP, which is basically JSON::XS |
|
|
| 847 | translated to Pure Perl, which should be 100% compatible with |
|
|
| 848 | JSON::XS, just a bit slower. |
|
|
| 849 | |
1232 | |
| 850 | You cannot really lose by using this module, especially as it tries |
1233 | If you want to use javascript's "eval" function to "parse" JSON, you |
| 851 | very hard to work even with ancient Perl versions, while JSON::XS |
1234 | might run into parse errors for valid JSON texts, or the resulting data |
| 852 | does not. |
1235 | structure might not be queryable: |
| 853 | |
1236 | |
| 854 | JSON 1.07 |
1237 | One of the problems is that U+2028 and U+2029 are valid characters |
| 855 | Slow (but very portable, as it is written in pure Perl). |
1238 | inside JSON strings, but are not allowed in ECMAscript string literals, |
|
|
1239 | so the following Perl fragment will not output something that can be |
|
|
1240 | guaranteed to be parsable by javascript's "eval": |
| 856 | |
1241 | |
| 857 | Undocumented/buggy Unicode handling (how JSON handles Unicode values |
1242 | use JSON::XS; |
| 858 | is undocumented. One can get far by feeding it Unicode strings and |
|
|
| 859 | doing en-/decoding oneself, but Unicode escapes are not working |
|
|
| 860 | properly). |
|
|
| 861 | |
1243 | |
| 862 | No round-tripping (strings get clobbered if they look like numbers, |
1244 | print encode_json [chr 0x2028]; |
| 863 | e.g. the string 2.0 will encode to 2.0 instead of "2.0", and that |
|
|
| 864 | will decode into the number 2. |
|
|
| 865 | |
1245 | |
| 866 | JSON::PC 0.01 |
1246 | The right fix for this is to use a proper JSON parser in your javascript |
| 867 | Very fast. |
1247 | programs, and not rely on "eval" (see for example Douglas Crockford's |
|
|
1248 | json2.js parser). |
| 868 | |
1249 | |
| 869 | Undocumented/buggy Unicode handling. |
1250 | If this is not an option, you can, as a stop-gap measure, simply encode |
|
|
1251 | to ASCII-only JSON: |
| 870 | |
1252 | |
| 871 | No round-tripping. |
1253 | use JSON::XS; |
| 872 | |
1254 | |
| 873 | Has problems handling many Perl values (e.g. regex results and other |
1255 | print JSON::XS->new->ascii->encode ([chr 0x2028]); |
| 874 | magic values will make it croak). |
|
|
| 875 | |
1256 | |
| 876 | Does not even generate valid JSON ("{1,2}" gets converted to "{1:2}" |
1257 | Note that this will enlarge the resulting JSON text quite a bit if you |
| 877 | which is not a valid JSON text. |
1258 | have many non-ASCII characters. You might be tempted to run some regexes |
|
|
1259 | to only escape U+2028 and U+2029, e.g.: |
| 878 | |
1260 | |
| 879 | Unmaintained (maintainer unresponsive for many months, bugs are not |
1261 | # DO NOT USE THIS! |
| 880 | getting fixed). |
1262 | my $json = JSON::XS->new->utf8->encode ([chr 0x2028]); |
|
|
1263 | $json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028 |
|
|
1264 | $json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029 |
|
|
1265 | print $json; |
| 881 | |
1266 | |
| 882 | JSON::Syck 0.21 |
1267 | Note that *this is a bad idea*: the above only works for U+2028 and |
| 883 | Very buggy (often crashes). |
1268 | U+2029 and thus only for fully ECMAscript-compliant parsers. Many |
|
|
1269 | existing javascript implementations, however, have issues with other |
|
|
1270 | characters as well - using "eval" naively simply *will* cause problems. |
| 884 | |
1271 | |
| 885 | Very inflexible (no human-readable format supported, format pretty |
1272 | Another problem is that some javascript implementations reserve some |
| 886 | much undocumented. I need at least a format for easy reading by |
1273 | property names for their own purposes (which probably makes them |
| 887 | humans and a single-line compact format for use in a protocol, and |
1274 | non-ECMAscript-compliant). For example, Iceweasel reserves the |
| 888 | preferably a way to generate ASCII-only JSON texts). |
1275 | "__proto__" property name for its own purposes. |
| 889 | |
1276 | |
| 890 | Completely broken (and confusingly documented) Unicode handling |
1277 | If that is a problem, you could parse try to filter the resulting JSON |
| 891 | (Unicode escapes are not working properly, you need to set |
1278 | output for these property strings, e.g.: |
| 892 | ImplicitUnicode to *different* values on en- and decoding to get |
|
|
| 893 | symmetric behaviour). |
|
|
| 894 | |
1279 | |
| 895 | No round-tripping (simple cases work, but this depends on whether |
1280 | $json =~ s/"__proto__"\s*:/"__proto__renamed":/g; |
| 896 | the scalar value was used in a numeric context or not). |
|
|
| 897 | |
1281 | |
| 898 | Dumping hashes may skip hash values depending on iterator state. |
1282 | This works because "__proto__" is not valid outside of strings, so every |
|
|
1283 | occurrence of ""__proto__"\s*:" must be a string used as property name. |
| 899 | |
1284 | |
| 900 | Unmaintained (maintainer unresponsive for many months, bugs are not |
1285 | If you know of other incompatibilities, please let me know. |
| 901 | getting fixed). |
|
|
| 902 | |
|
|
| 903 | Does not check input for validity (i.e. will accept non-JSON input |
|
|
| 904 | and return "something" instead of raising an exception. This is a |
|
|
| 905 | security issue: imagine two banks transferring money between each |
|
|
| 906 | other using JSON. One bank might parse a given non-JSON request and |
|
|
| 907 | deduct money, while the other might reject the transaction with a |
|
|
| 908 | syntax error. While a good protocol will at least recover, that is |
|
|
| 909 | extra unnecessary work and the transaction will still not succeed). |
|
|
| 910 | |
|
|
| 911 | JSON::DWIW 0.04 |
|
|
| 912 | Very fast. Very natural. Very nice. |
|
|
| 913 | |
|
|
| 914 | Undocumented Unicode handling (but the best of the pack. Unicode |
|
|
| 915 | escapes still don't get parsed properly). |
|
|
| 916 | |
|
|
| 917 | Very inflexible. |
|
|
| 918 | |
|
|
| 919 | No round-tripping. |
|
|
| 920 | |
|
|
| 921 | Does not generate valid JSON texts (key strings are often unquoted, |
|
|
| 922 | empty keys result in nothing being output) |
|
|
| 923 | |
|
|
| 924 | Does not check input for validity. |
|
|
| 925 | |
1286 | |
| 926 | JSON and YAML |
1287 | JSON and YAML |
| 927 | You often hear that JSON is a subset of YAML. This is, however, a mass |
1288 | You often hear that JSON is a subset of YAML. This is, however, a mass |
| 928 | hysteria(*) and very far from the truth (as of the time of this |
1289 | hysteria(*) and very far from the truth (as of the time of this |
| 929 | writing), so let me state it clearly: *in general, there is no way to |
1290 | writing), so let me state it clearly: *in general, there is no way to |
| … | |
… | |
| 937 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
1298 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
| 938 | |
1299 | |
| 939 | This will *usually* generate JSON texts that also parse as valid YAML. |
1300 | This will *usually* generate JSON texts that also parse as valid YAML. |
| 940 | Please note that YAML has hardcoded limits on (simple) object key |
1301 | Please note that YAML has hardcoded limits on (simple) object key |
| 941 | lengths that JSON doesn't have and also has different and incompatible |
1302 | lengths that JSON doesn't have and also has different and incompatible |
| 942 | unicode handling, so you should make sure that your hash keys are |
1303 | unicode character escape syntax, so you should make sure that your hash |
| 943 | noticeably shorter than the 1024 "stream characters" YAML allows and |
1304 | keys are noticeably shorter than the 1024 "stream characters" YAML |
| 944 | that you do not have characters with codepoint values outside the |
1305 | allows and that you do not have characters with codepoint values outside |
| 945 | Unicode BMP (basic multilingual page). YAML also does not allow "\/" |
1306 | the Unicode BMP (basic multilingual page). YAML also does not allow "\/" |
| 946 | sequences in strings (which JSON::XS does not *currently* generate, but |
1307 | sequences in strings (which JSON::XS does not *currently* generate, but |
| 947 | other JSON generators might). |
1308 | other JSON generators might). |
| 948 | |
1309 | |
| 949 | There might be other incompatibilities that I am not aware of (or the |
1310 | There might be other incompatibilities that I am not aware of (or the |
| 950 | YAML specification has been changed yet again - it does so quite often). |
1311 | YAML specification has been changed yet again - it does so quite often). |
| … | |
… | |
| 967 | (which is not that difficult or long) and finally make YAML |
1328 | (which is not that difficult or long) and finally make YAML |
| 968 | compatible to it, and educating users about the changes, instead of |
1329 | compatible to it, and educating users about the changes, instead of |
| 969 | spreading lies about the real compatibility for many *years* and |
1330 | spreading lies about the real compatibility for many *years* and |
| 970 | trying to silence people who point out that it isn't true. |
1331 | trying to silence people who point out that it isn't true. |
| 971 | |
1332 | |
|
|
1333 | Addendum/2009: the YAML 1.2 spec is still incompatible with JSON, |
|
|
1334 | even though the incompatibilities have been documented (and are |
|
|
1335 | known to Brian) for many years and the spec makes explicit claims |
|
|
1336 | that YAML is a superset of JSON. It would be so easy to fix, but |
|
|
1337 | apparently, bullying people and corrupting userdata is so much |
|
|
1338 | easier. |
|
|
1339 | |
| 972 | SPEED |
1340 | SPEED |
| 973 | It seems that JSON::XS is surprisingly fast, as shown in the following |
1341 | It seems that JSON::XS is surprisingly fast, as shown in the following |
| 974 | tables. They have been generated with the help of the "eg/bench" program |
1342 | tables. They have been generated with the help of the "eg/bench" program |
| 975 | in the JSON::XS distribution, to make it easy to compare on your own |
1343 | in the JSON::XS distribution, to make it easy to compare on your own |
| 976 | system. |
1344 | system. |
| 977 | |
1345 | |
| 978 | First comes a comparison between various modules using a very short |
1346 | First comes a comparison between various modules using a very short |
| 979 | single-line JSON string (also available at |
1347 | single-line JSON string (also available at |
| 980 | <http://dist.schmorp.de/misc/json/short.json>). |
1348 | <http://dist.schmorp.de/misc/json/short.json>). |
| 981 | |
1349 | |
| 982 | {"method": "handleMessage", "params": ["user1", "we were just talking"], \ |
1350 | {"method": "handleMessage", "params": ["user1", |
| 983 | "id": null, "array":[1,11,234,-5,1e5,1e7, true, false]} |
1351 | "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7, |
|
|
1352 | 1, 0]} |
| 984 | |
1353 | |
| 985 | It shows the number of encodes/decodes per second (JSON::XS uses the |
1354 | It shows the number of encodes/decodes per second (JSON::XS uses the |
| 986 | functional interface, while JSON::XS/2 uses the OO interface with |
1355 | functional interface, while JSON::XS/2 uses the OO interface with |
| 987 | pretty-printing and hashkey sorting enabled, JSON::XS/3 enables shrink). |
1356 | pretty-printing and hashkey sorting enabled, JSON::XS/3 enables shrink. |
| 988 | Higher is better: |
1357 | JSON::DWIW/DS uses the deserialise function, while JSON::DWIW::FJ uses |
|
|
1358 | the from_json method). Higher is better: |
| 989 | |
1359 | |
| 990 | module | encode | decode | |
1360 | module | encode | decode | |
| 991 | -----------|------------|------------| |
1361 | --------------|------------|------------| |
| 992 | JSON 1.x | 4990.842 | 4088.813 | |
1362 | JSON::DWIW/DS | 86302.551 | 102300.098 | |
| 993 | JSON::DWIW | 51653.990 | 71575.154 | |
1363 | JSON::DWIW/FJ | 86302.551 | 75983.768 | |
| 994 | JSON::PC | 65948.176 | 74631.744 | |
1364 | JSON::PP | 15827.562 | 6638.658 | |
| 995 | JSON::PP | 8931.652 | 3817.168 | |
1365 | JSON::Syck | 63358.066 | 47662.545 | |
| 996 | JSON::Syck | 24877.248 | 27776.848 | |
1366 | JSON::XS | 511500.488 | 511500.488 | |
| 997 | JSON::XS | 388361.481 | 227951.304 | |
1367 | JSON::XS/2 | 291271.111 | 388361.481 | |
| 998 | JSON::XS/2 | 227951.304 | 218453.333 | |
1368 | JSON::XS/3 | 361577.931 | 361577.931 | |
| 999 | JSON::XS/3 | 338250.323 | 218453.333 | |
1369 | Storable | 66788.280 | 265462.278 | |
| 1000 | Storable | 16500.016 | 135300.129 | |
|
|
| 1001 | -----------+------------+------------+ |
1370 | --------------+------------+------------+ |
| 1002 | |
1371 | |
| 1003 | That is, JSON::XS is about five times faster than JSON::DWIW on |
1372 | That is, JSON::XS is almost six times faster than JSON::DWIW on |
| 1004 | encoding, about three times faster on decoding, and over forty times |
1373 | encoding, about five times faster on decoding, and over thirty to |
| 1005 | faster than JSON, even with pretty-printing and key sorting. It also |
1374 | seventy times faster than JSON's pure perl implementation. It also |
| 1006 | compares favourably to Storable for small amounts of data. |
1375 | compares favourably to Storable for small amounts of data. |
| 1007 | |
1376 | |
| 1008 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
1377 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
| 1009 | search API (<http://dist.schmorp.de/misc/json/long.json>). |
1378 | search API (<http://dist.schmorp.de/misc/json/long.json>). |
| 1010 | |
1379 | |
| 1011 | module | encode | decode | |
1380 | module | encode | decode | |
| 1012 | -----------|------------|------------| |
1381 | --------------|------------|------------| |
| 1013 | JSON 1.x | 55.260 | 34.971 | |
1382 | JSON::DWIW/DS | 1647.927 | 2673.916 | |
| 1014 | JSON::DWIW | 825.228 | 1082.513 | |
1383 | JSON::DWIW/FJ | 1630.249 | 2596.128 | |
| 1015 | JSON::PC | 3571.444 | 2394.829 | |
|
|
| 1016 | JSON::PP | 210.987 | 32.574 | |
1384 | JSON::PP | 400.640 | 62.311 | |
| 1017 | JSON::Syck | 552.551 | 787.544 | |
1385 | JSON::Syck | 1481.040 | 1524.869 | |
| 1018 | JSON::XS | 5780.463 | 4854.519 | |
1386 | JSON::XS | 20661.596 | 9541.183 | |
| 1019 | JSON::XS/2 | 3869.998 | 4798.975 | |
1387 | JSON::XS/2 | 10683.403 | 9416.938 | |
| 1020 | JSON::XS/3 | 5862.880 | 4798.975 | |
1388 | JSON::XS/3 | 20661.596 | 9400.054 | |
| 1021 | Storable | 4445.002 | 5235.027 | |
1389 | Storable | 19765.806 | 10000.725 | |
| 1022 | -----------+------------+------------+ |
1390 | --------------+------------+------------+ |
| 1023 | |
1391 | |
| 1024 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
1392 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
| 1025 | decodes faster). |
1393 | decodes a bit faster). |
| 1026 | |
1394 | |
| 1027 | On large strings containing lots of high Unicode characters, some |
1395 | On large strings containing lots of high Unicode characters, some |
| 1028 | modules (such as JSON::PC) seem to decode faster than JSON::XS, but the |
1396 | modules (such as JSON::PC) seem to decode faster than JSON::XS, but the |
| 1029 | result will be broken due to missing (or wrong) Unicode handling. Others |
1397 | result will be broken due to missing (or wrong) Unicode handling. Others |
| 1030 | refuse to decode or encode properly, so it was impossible to prepare a |
1398 | refuse to decode or encode properly, so it was impossible to prepare a |
| … | |
… | |
| 1065 | information you might want to make sure that exceptions thrown by |
1433 | information you might want to make sure that exceptions thrown by |
| 1066 | JSON::XS will not end up in front of untrusted eyes. |
1434 | JSON::XS will not end up in front of untrusted eyes. |
| 1067 | |
1435 | |
| 1068 | If you are using JSON::XS to return packets to consumption by JavaScript |
1436 | If you are using JSON::XS to return packets to consumption by JavaScript |
| 1069 | scripts in a browser you should have a look at |
1437 | scripts in a browser you should have a look at |
| 1070 | <http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
1438 | <http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> |
| 1071 | you are vulnerable to some common attack vectors (which really are |
1439 | to see whether you are vulnerable to some common attack vectors (which |
| 1072 | browser design bugs, but it is still you who will have to deal with it, |
1440 | really are browser design bugs, but it is still you who will have to |
| 1073 | as major browser developers care only for features, not about getting |
1441 | deal with it, as major browser developers care only for features, not |
| 1074 | security right). |
1442 | about getting security right). |
|
|
1443 | |
|
|
1444 | "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159) |
|
|
1445 | TL;DR: Due to security concerns, JSON::XS will not allow scalar data in |
|
|
1446 | JSON texts by default - you need to create your own JSON::XS object and |
|
|
1447 | enable "allow_nonref": |
|
|
1448 | |
|
|
1449 | my $json = JSON::XS->new->allow_nonref; |
|
|
1450 | |
|
|
1451 | $text = $json->encode ($data); |
|
|
1452 | $data = $json->decode ($text); |
|
|
1453 | |
|
|
1454 | The long version: JSON being an important and supposedly stable format, |
|
|
1455 | the IETF standardised it as RFC 4627 in 2006. Unfortunately, the |
|
|
1456 | inventor of JSON, Dougles Crockford, unilaterally changed the definition |
|
|
1457 | of JSON in javascript. Rather than create a fork, the IETF decided to |
|
|
1458 | standardise the new syntax (apparently, so Iw as told, without finding |
|
|
1459 | it very amusing). |
|
|
1460 | |
|
|
1461 | The biggest difference between thed original JSON and the new JSON is |
|
|
1462 | that the new JSON supports scalars (anything other than arrays and |
|
|
1463 | objects) at the toplevel of a JSON text. While this is strictly |
|
|
1464 | backwards compatible to older versions, it breaks a number of protocols |
|
|
1465 | that relied on sending JSON back-to-back, and is a minor security |
|
|
1466 | concern. |
|
|
1467 | |
|
|
1468 | For example, imagine you have two banks communicating, and on one side, |
|
|
1469 | trhe JSON coder gets upgraded. Two messages, such as 10 and 1000 might |
|
|
1470 | then be confused to mean 101000, something that couldn't happen in the |
|
|
1471 | original JSON, because niether of these messages would be valid JSON. |
|
|
1472 | |
|
|
1473 | If one side accepts these messages, then an upgrade in the coder on |
|
|
1474 | either side could result in this becoming exploitable. |
|
|
1475 | |
|
|
1476 | This module has always allowed these messages as an optional extension, |
|
|
1477 | by default disabled. The security concerns are the reason why the |
|
|
1478 | default is still disabled, but future versions might/will likely upgrade |
|
|
1479 | to the newer RFC as default format, so you are advised to check your |
|
|
1480 | implementation and/or override the default with "->allow_nonref (0)" to |
|
|
1481 | ensure that future versions are safe. |
|
|
1482 | |
|
|
1483 | INTEROPERABILITY WITH OTHER MODULES |
|
|
1484 | "JSON::XS" uses the Types::Serialiser module to provide boolean |
|
|
1485 | constants. That means that the JSON true and false values will be |
|
|
1486 | comaptible to true and false values of iother modules that do the same, |
|
|
1487 | such as JSON::PP and CBOR::XS. |
|
|
1488 | |
|
|
1489 | INTEROPERABILITY WITH OTHER JSON DECODERS |
|
|
1490 | As long as you only serialise data that can be directly expressed in |
|
|
1491 | JSON, "JSON::XS" is incapable of generating invalid JSON output (modulo |
|
|
1492 | bugs, but "JSON::XS" has found more bugs in the official JSON testsuite |
|
|
1493 | (1) than the official JSON testsuite has found in "JSON::XS" (0)). |
|
|
1494 | |
|
|
1495 | When you have trouble decoding JSON generated by this module using other |
|
|
1496 | decoders, then it is very likely that you have an encoding mismatch or |
|
|
1497 | the other decoder is broken. |
|
|
1498 | |
|
|
1499 | When decoding, "JSON::XS" is strict by default and will likely catch all |
|
|
1500 | errors. There are currently two settings that change this: "relaxed" |
|
|
1501 | makes "JSON::XS" accept (but not generate) some non-standard extensions, |
|
|
1502 | and "allow_tags" will allow you to encode and decode Perl objects, at |
|
|
1503 | the cost of not outputting valid JSON anymore. |
|
|
1504 | |
|
|
1505 | TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS |
|
|
1506 | When you use "allow_tags" to use the extended (and also nonstandard and |
|
|
1507 | invalid) JSON syntax for serialised objects, and you still want to |
|
|
1508 | decode the generated When you want to serialise objects, you can run a |
|
|
1509 | regex to replace the tagged syntax by standard JSON arrays (it only |
|
|
1510 | works for "normal" packagesnames without comma, newlines or single |
|
|
1511 | colons). First, the readable Perl version: |
|
|
1512 | |
|
|
1513 | # if your FREEZE methods return no values, you need this replace first: |
|
|
1514 | $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx; |
|
|
1515 | |
|
|
1516 | # this works for non-empty constructor arg lists: |
|
|
1517 | $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx; |
|
|
1518 | |
|
|
1519 | And here is a less readable version that is easy to adapt to other |
|
|
1520 | languages: |
|
|
1521 | |
|
|
1522 | $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g; |
|
|
1523 | |
|
|
1524 | Here is an ECMAScript version (same regex): |
|
|
1525 | |
|
|
1526 | json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,"); |
|
|
1527 | |
|
|
1528 | Since this syntax converts to standard JSON arrays, it might be hard to |
|
|
1529 | distinguish serialised objects from normal arrays. You can prepend a |
|
|
1530 | "magic number" as first array element to reduce chances of a collision: |
|
|
1531 | |
|
|
1532 | $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g; |
|
|
1533 | |
|
|
1534 | And after decoding the JSON text, you could walk the data structure |
|
|
1535 | looking for arrays with a first element of |
|
|
1536 | "XU1peReLzT4ggEllLanBYq4G9VzliwKF". |
|
|
1537 | |
|
|
1538 | The same approach can be used to create the tagged format with another |
|
|
1539 | encoder. First, you create an array with the magic string as first |
|
|
1540 | member, the classname as second, and constructor arguments last, encode |
|
|
1541 | it as part of your JSON structure, and then: |
|
|
1542 | |
|
|
1543 | $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g; |
|
|
1544 | |
|
|
1545 | Again, this has some limitations - the magic string must not be encoded |
|
|
1546 | with character escapes, and the constructor arguments must be non-empty. |
|
|
1547 | |
|
|
1548 | RFC7159 |
|
|
1549 | Since this module was written, Google has written a new JSON RFC, RFC |
|
|
1550 | 7159 (and RFC7158). Unfortunately, this RFC breaks compatibility with |
|
|
1551 | both the original JSON specification on www.json.org and RFC4627. |
|
|
1552 | |
|
|
1553 | As far as I can see, you can get partial compatibility when parsing by |
|
|
1554 | using "->allow_nonref". However, consider thew security implications of |
|
|
1555 | doing so. |
|
|
1556 | |
|
|
1557 | I haven't decided yet when to break compatibility with RFC4627 by |
|
|
1558 | default (and potentially leave applications insecure) and change the |
|
|
1559 | default to follow RFC7159, but application authors are well advised to |
|
|
1560 | call "->allow_nonref(0)" even if this is the current default, if they |
|
|
1561 | cannot handle non-reference values, in preparation for the day when the4 |
|
|
1562 | default will change. |
| 1075 | |
1563 | |
| 1076 | THREADS |
1564 | THREADS |
| 1077 | This module is *not* guaranteed to be thread safe and there are no plans |
1565 | This module is *not* guaranteed to be thread safe and there are no plans |
| 1078 | to change this until Perl gets thread support (as opposed to the |
1566 | to change this until Perl gets thread support (as opposed to the |
| 1079 | horribly slow so-called "threads" which are simply slow and bloated |
1567 | horribly slow so-called "threads" which are simply slow and bloated |
| 1080 | process simulations - use fork, its *much* faster, cheaper, better). |
1568 | process simulations - use fork, it's *much* faster, cheaper, better). |
| 1081 | |
1569 | |
| 1082 | (It might actually work, but you have been warned). |
1570 | (It might actually work, but you have been warned). |
|
|
1571 | |
|
|
1572 | THE PERILS OF SETLOCALE |
|
|
1573 | Sometimes people avoid the Perl locale support and directly call the |
|
|
1574 | system's setlocale function with "LC_ALL". |
|
|
1575 | |
|
|
1576 | This breaks both perl and modules such as JSON::XS, as stringification |
|
|
1577 | of numbers no longer works correctly (e.g. "$x = 0.1; print "$x"+1" |
|
|
1578 | might print 1, and JSON::XS might output illegal JSON as JSON::XS relies |
|
|
1579 | on perl to stringify numbers). |
|
|
1580 | |
|
|
1581 | The solution is simple: don't call "setlocale", or use it for only those |
|
|
1582 | categories you need, such as "LC_MESSAGES" or "LC_CTYPE". |
|
|
1583 | |
|
|
1584 | If you need "LC_NUMERIC", you should enable it only around the code that |
|
|
1585 | actually needs it (avoiding stringification of numbers), and restore it |
|
|
1586 | afterwards. |
| 1083 | |
1587 | |
| 1084 | BUGS |
1588 | BUGS |
| 1085 | While the goal of this module is to be correct, that unfortunately does |
1589 | While the goal of this module is to be correct, that unfortunately does |
| 1086 | not mean its bug-free, only that I think its design is bug-free. It is |
1590 | not mean it's bug-free, only that I think its design is bug-free. If you |
| 1087 | still relatively early in its development. If you keep reporting bugs |
|
|
| 1088 | they will be fixed swiftly, though. |
1591 | keep reporting bugs they will be fixed swiftly, though. |
| 1089 | |
1592 | |
| 1090 | Please refrain from using rt.cpan.org or any other bug reporting |
1593 | Please refrain from using rt.cpan.org or any other bug reporting |
| 1091 | service. I put the contact address into my modules for a reason. |
1594 | service. I put the contact address into my modules for a reason. |
|
|
1595 | |
|
|
1596 | SEE ALSO |
|
|
1597 | The json_xs command line utility for quick experiments. |
| 1092 | |
1598 | |
| 1093 | AUTHOR |
1599 | AUTHOR |
| 1094 | Marc Lehmann <schmorp@schmorp.de> |
1600 | Marc Lehmann <schmorp@schmorp.de> |
| 1095 | http://home.schmorp.de/ |
1601 | http://home.schmorp.de/ |
| 1096 | |
1602 | |
