… | |
… | |
56 | does so, and even documents what "correct" means. |
56 | does so, and even documents what "correct" means. |
57 | |
57 | |
58 | * round-trip integrity |
58 | * round-trip integrity |
59 | |
59 | |
60 | When you serialise a perl data structure using only data types |
60 | When you serialise a perl data structure using only data types |
61 | supported by JSON, the deserialised data structure is identical on |
61 | supported by JSON and Perl, the deserialised data structure is |
62 | the Perl level. (e.g. the string "2.0" doesn't suddenly become "2" |
62 | identical on the Perl level. (e.g. the string "2.0" doesn't suddenly |
63 | just because it looks like a number). There minor *are* exceptions |
63 | become "2" just because it looks like a number). There *are* minor |
64 | to this, read the MAPPING section below to learn about those. |
64 | exceptions to this, read the MAPPING section below to learn about |
|
|
65 | those. |
65 | |
66 | |
66 | * strict checking of JSON correctness |
67 | * strict checking of JSON correctness |
67 | |
68 | |
68 | There is no guessing, no generating of illegal JSON texts by |
69 | There is no guessing, no generating of illegal JSON texts by |
69 | default, and only JSON is accepted as input by default (the latter |
70 | default, and only JSON is accepted as input by default (the latter |
… | |
… | |
368 | output JSON objects by sorting their keys. This is adding a |
369 | output JSON objects by sorting their keys. This is adding a |
369 | comparatively high overhead. |
370 | comparatively high overhead. |
370 | |
371 | |
371 | If $enable is false, then the "encode" method will output key-value |
372 | If $enable is false, then the "encode" method will output key-value |
372 | pairs in the order Perl stores them (which will likely change |
373 | pairs in the order Perl stores them (which will likely change |
373 | between runs of the same script). |
374 | between runs of the same script, and can change even within the same |
|
|
375 | run from 5.18 onwards). |
374 | |
376 | |
375 | This option is useful if you want the same data structure to be |
377 | This option is useful if you want the same data structure to be |
376 | encoded as the same JSON text (given the same overall settings). If |
378 | encoded as the same JSON text (given the same overall settings). If |
377 | it is disabled, the same hash might be encoded differently even if |
379 | it is disabled, the same hash might be encoded differently even if |
378 | contains the same data, as key-value pairs have no inherent ordering |
380 | contains the same data, as key-value pairs have no inherent ordering |
… | |
… | |
635 | calls). |
637 | calls). |
636 | |
638 | |
637 | JSON::XS will only attempt to parse the JSON text once it is sure it has |
639 | JSON::XS will only attempt to parse the JSON text once it is sure it has |
638 | enough text to get a decisive result, using a very simple but truly |
640 | enough text to get a decisive result, using a very simple but truly |
639 | incremental parser. This means that it sometimes won't stop as early as |
641 | incremental parser. This means that it sometimes won't stop as early as |
640 | the full parser, for example, it doesn't detect parenthese mismatches. |
642 | the full parser, for example, it doesn't detect mismatched parentheses. |
641 | The only thing it guarantees is that it starts decoding as soon as a |
643 | The only thing it guarantees is that it starts decoding as soon as a |
642 | syntactically valid JSON text has been seen. This means you need to set |
644 | syntactically valid JSON text has been seen. This means you need to set |
643 | resource limits (e.g. "max_size") to ensure the parser will stop parsing |
645 | resource limits (e.g. "max_size") to ensure the parser will stop parsing |
644 | in the presence if syntax errors. |
646 | in the presence if syntax errors. |
645 | |
647 | |
… | |
… | |
669 | otherwise. For this to work, there must be no separators between the |
671 | otherwise. For this to work, there must be no separators between the |
670 | JSON objects or arrays, instead they must be concatenated |
672 | JSON objects or arrays, instead they must be concatenated |
671 | back-to-back. If an error occurs, an exception will be raised as in |
673 | back-to-back. If an error occurs, an exception will be raised as in |
672 | the scalar context case. Note that in this case, any |
674 | the scalar context case. Note that in this case, any |
673 | previously-parsed JSON texts will be lost. |
675 | previously-parsed JSON texts will be lost. |
|
|
676 | |
|
|
677 | Example: Parse some JSON arrays/objects in a given string and return |
|
|
678 | them. |
|
|
679 | |
|
|
680 | my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]"); |
674 | |
681 | |
675 | $lvalue_string = $json->incr_text |
682 | $lvalue_string = $json->incr_text |
676 | This method returns the currently stored JSON fragment as an lvalue, |
683 | This method returns the currently stored JSON fragment as an lvalue, |
677 | that is, you can manipulate it. This *only* works when a preceding |
684 | that is, you can manipulate it. This *only* works when a preceding |
678 | call to "incr_parse" in *scalar context* successfully returned an |
685 | call to "incr_parse" in *scalar context* successfully returned an |
… | |
… | |
893 | Numbers containing a fractional or exponential part will always be |
900 | Numbers containing a fractional or exponential part will always be |
894 | represented as numeric (floating point) values, possibly at a loss |
901 | represented as numeric (floating point) values, possibly at a loss |
895 | of precision (in which case you might lose perfect roundtripping |
902 | of precision (in which case you might lose perfect roundtripping |
896 | ability, but the JSON number will still be re-encoded as a JSON |
903 | ability, but the JSON number will still be re-encoded as a JSON |
897 | number). |
904 | number). |
|
|
905 | |
|
|
906 | Note that precision is not accuracy - binary floating point values |
|
|
907 | cannot represent most decimal fractions exactly, and when converting |
|
|
908 | from and to floating point, JSON::XS only guarantees precision up to |
|
|
909 | but not including the leats significant bit. |
898 | |
910 | |
899 | true, false |
911 | true, false |
900 | These JSON atoms become "JSON::XS::true" and "JSON::XS::false", |
912 | These JSON atoms become "JSON::XS::true" and "JSON::XS::false", |
901 | respectively. They are overloaded to act almost exactly like the |
913 | respectively. They are overloaded to act almost exactly like the |
902 | numbers 1 and 0. You can check whether a scalar is a JSON boolean by |
914 | numbers 1 and 0. You can check whether a scalar is a JSON boolean by |
… | |
… | |
979 | |
991 | |
980 | You can not currently force the type in other, less obscure, ways. |
992 | You can not currently force the type in other, less obscure, ways. |
981 | Tell me if you need this capability (but don't forget to explain why |
993 | Tell me if you need this capability (but don't forget to explain why |
982 | it's needed :). |
994 | it's needed :). |
983 | |
995 | |
|
|
996 | Note that numerical precision has the same meaning as under Perl (so |
|
|
997 | binary to decimal conversion follows the same rules as in Perl, |
|
|
998 | which can differ to other languages). Also, your perl interpreter |
|
|
999 | might expose extensions to the floating point numbers of your |
|
|
1000 | platform, such as infinities or NaN's - these cannot be represented |
|
|
1001 | in JSON, and it is an error to pass those in. |
|
|
1002 | |
984 | ENCODING/CODESET FLAG NOTES |
1003 | ENCODING/CODESET FLAG NOTES |
985 | The interested reader might have seen a number of flags that signify |
1004 | The interested reader might have seen a number of flags that signify |
986 | encodings or codesets - "utf8", "latin1" and "ascii". There seems to be |
1005 | encodings or codesets - "utf8", "latin1" and "ascii". There seems to be |
987 | some confusion on what these do, so here is a short comparison: |
1006 | some confusion on what these do, so here is a short comparison: |
988 | |
1007 | |
… | |
… | |
1125 | characters as well - using "eval" naively simply *will* cause problems. |
1144 | characters as well - using "eval" naively simply *will* cause problems. |
1126 | |
1145 | |
1127 | Another problem is that some javascript implementations reserve some |
1146 | Another problem is that some javascript implementations reserve some |
1128 | property names for their own purposes (which probably makes them |
1147 | property names for their own purposes (which probably makes them |
1129 | non-ECMAscript-compliant). For example, Iceweasel reserves the |
1148 | non-ECMAscript-compliant). For example, Iceweasel reserves the |
1130 | "__proto__" property name for it's own purposes. |
1149 | "__proto__" property name for its own purposes. |
1131 | |
1150 | |
1132 | If that is a problem, you could parse try to filter the resulting JSON |
1151 | If that is a problem, you could parse try to filter the resulting JSON |
1133 | output for these property strings, e.g.: |
1152 | output for these property strings, e.g.: |
1134 | |
1153 | |
1135 | $json =~ s/"__proto__"\s*:/"__proto__renamed":/g; |
1154 | $json =~ s/"__proto__"\s*:/"__proto__renamed":/g; |
… | |
… | |
1153 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
1172 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
1154 | |
1173 | |
1155 | This will *usually* generate JSON texts that also parse as valid YAML. |
1174 | This will *usually* generate JSON texts that also parse as valid YAML. |
1156 | Please note that YAML has hardcoded limits on (simple) object key |
1175 | Please note that YAML has hardcoded limits on (simple) object key |
1157 | lengths that JSON doesn't have and also has different and incompatible |
1176 | lengths that JSON doesn't have and also has different and incompatible |
1158 | unicode handling, so you should make sure that your hash keys are |
1177 | unicode character escape syntax, so you should make sure that your hash |
1159 | noticeably shorter than the 1024 "stream characters" YAML allows and |
1178 | keys are noticeably shorter than the 1024 "stream characters" YAML |
1160 | that you do not have characters with codepoint values outside the |
1179 | allows and that you do not have characters with codepoint values outside |
1161 | Unicode BMP (basic multilingual page). YAML also does not allow "\/" |
1180 | the Unicode BMP (basic multilingual page). YAML also does not allow "\/" |
1162 | sequences in strings (which JSON::XS does not *currently* generate, but |
1181 | sequences in strings (which JSON::XS does not *currently* generate, but |
1163 | other JSON generators might). |
1182 | other JSON generators might). |
1164 | |
1183 | |
1165 | There might be other incompatibilities that I am not aware of (or the |
1184 | There might be other incompatibilities that I am not aware of (or the |
1166 | YAML specification has been changed yet again - it does so quite often). |
1185 | YAML specification has been changed yet again - it does so quite often). |
… | |
… | |
1183 | (which is not that difficult or long) and finally make YAML |
1202 | (which is not that difficult or long) and finally make YAML |
1184 | compatible to it, and educating users about the changes, instead of |
1203 | compatible to it, and educating users about the changes, instead of |
1185 | spreading lies about the real compatibility for many *years* and |
1204 | spreading lies about the real compatibility for many *years* and |
1186 | trying to silence people who point out that it isn't true. |
1205 | trying to silence people who point out that it isn't true. |
1187 | |
1206 | |
|
|
1207 | Addendum/2009: the YAML 1.2 spec is still incompatible with JSON, |
|
|
1208 | even though the incompatibilities have been documented (and are |
|
|
1209 | known to Brian) for many years and the spec makes explicit claims |
|
|
1210 | that YAML is a superset of JSON. It would be so easy to fix, but |
|
|
1211 | apparently, bullying people and corrupting userdata is so much |
|
|
1212 | easier. |
|
|
1213 | |
1188 | SPEED |
1214 | SPEED |
1189 | It seems that JSON::XS is surprisingly fast, as shown in the following |
1215 | It seems that JSON::XS is surprisingly fast, as shown in the following |
1190 | tables. They have been generated with the help of the "eg/bench" program |
1216 | tables. They have been generated with the help of the "eg/bench" program |
1191 | in the JSON::XS distribution, to make it easy to compare on your own |
1217 | in the JSON::XS distribution, to make it easy to compare on your own |
1192 | system. |
1218 | system. |
… | |
… | |
1195 | single-line JSON string (also available at |
1221 | single-line JSON string (also available at |
1196 | <http://dist.schmorp.de/misc/json/short.json>). |
1222 | <http://dist.schmorp.de/misc/json/short.json>). |
1197 | |
1223 | |
1198 | {"method": "handleMessage", "params": ["user1", |
1224 | {"method": "handleMessage", "params": ["user1", |
1199 | "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7, |
1225 | "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7, |
1200 | true, false]} |
1226 | 1, 0]} |
1201 | |
1227 | |
1202 | It shows the number of encodes/decodes per second (JSON::XS uses the |
1228 | It shows the number of encodes/decodes per second (JSON::XS uses the |
1203 | functional interface, while JSON::XS/2 uses the OO interface with |
1229 | functional interface, while JSON::XS/2 uses the OO interface with |
1204 | pretty-printing and hashkey sorting enabled, JSON::XS/3 enables shrink). |
1230 | pretty-printing and hashkey sorting enabled, JSON::XS/3 enables shrink. |
1205 | Higher is better: |
1231 | JSON::DWIW/DS uses the deserialise function, while JSON::DWIW::FJ uses |
|
|
1232 | the from_json method). Higher is better: |
1206 | |
1233 | |
1207 | module | encode | decode | |
1234 | module | encode | decode | |
1208 | -----------|------------|------------| |
1235 | --------------|------------|------------| |
1209 | JSON 1.x | 4990.842 | 4088.813 | |
1236 | JSON::DWIW/DS | 86302.551 | 102300.098 | |
1210 | JSON::DWIW | 51653.990 | 71575.154 | |
1237 | JSON::DWIW/FJ | 86302.551 | 75983.768 | |
1211 | JSON::PC | 65948.176 | 74631.744 | |
1238 | JSON::PP | 15827.562 | 6638.658 | |
1212 | JSON::PP | 8931.652 | 3817.168 | |
1239 | JSON::Syck | 63358.066 | 47662.545 | |
1213 | JSON::Syck | 24877.248 | 27776.848 | |
1240 | JSON::XS | 511500.488 | 511500.488 | |
1214 | JSON::XS | 388361.481 | 227951.304 | |
1241 | JSON::XS/2 | 291271.111 | 388361.481 | |
1215 | JSON::XS/2 | 227951.304 | 218453.333 | |
1242 | JSON::XS/3 | 361577.931 | 361577.931 | |
1216 | JSON::XS/3 | 338250.323 | 218453.333 | |
1243 | Storable | 66788.280 | 265462.278 | |
1217 | Storable | 16500.016 | 135300.129 | |
|
|
1218 | -----------+------------+------------+ |
1244 | --------------+------------+------------+ |
1219 | |
1245 | |
1220 | That is, JSON::XS is about five times faster than JSON::DWIW on |
1246 | That is, JSON::XS is almost six times faster than JSON::DWIW on |
1221 | encoding, about three times faster on decoding, and over forty times |
1247 | encoding, about five times faster on decoding, and over thirty to |
1222 | faster than JSON, even with pretty-printing and key sorting. It also |
1248 | seventy times faster than JSON's pure perl implementation. It also |
1223 | compares favourably to Storable for small amounts of data. |
1249 | compares favourably to Storable for small amounts of data. |
1224 | |
1250 | |
1225 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
1251 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
1226 | search API (<http://dist.schmorp.de/misc/json/long.json>). |
1252 | search API (<http://dist.schmorp.de/misc/json/long.json>). |
1227 | |
1253 | |
1228 | module | encode | decode | |
1254 | module | encode | decode | |
1229 | -----------|------------|------------| |
1255 | --------------|------------|------------| |
1230 | JSON 1.x | 55.260 | 34.971 | |
1256 | JSON::DWIW/DS | 1647.927 | 2673.916 | |
1231 | JSON::DWIW | 825.228 | 1082.513 | |
1257 | JSON::DWIW/FJ | 1630.249 | 2596.128 | |
1232 | JSON::PC | 3571.444 | 2394.829 | |
|
|
1233 | JSON::PP | 210.987 | 32.574 | |
1258 | JSON::PP | 400.640 | 62.311 | |
1234 | JSON::Syck | 552.551 | 787.544 | |
1259 | JSON::Syck | 1481.040 | 1524.869 | |
1235 | JSON::XS | 5780.463 | 4854.519 | |
1260 | JSON::XS | 20661.596 | 9541.183 | |
1236 | JSON::XS/2 | 3869.998 | 4798.975 | |
1261 | JSON::XS/2 | 10683.403 | 9416.938 | |
1237 | JSON::XS/3 | 5862.880 | 4798.975 | |
1262 | JSON::XS/3 | 20661.596 | 9400.054 | |
1238 | Storable | 4445.002 | 5235.027 | |
1263 | Storable | 19765.806 | 10000.725 | |
1239 | -----------+------------+------------+ |
1264 | --------------+------------+------------+ |
1240 | |
1265 | |
1241 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
1266 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
1242 | decodes faster). |
1267 | decodes a bit faster). |
1243 | |
1268 | |
1244 | On large strings containing lots of high Unicode characters, some |
1269 | On large strings containing lots of high Unicode characters, some |
1245 | modules (such as JSON::PC) seem to decode faster than JSON::XS, but the |
1270 | modules (such as JSON::PC) seem to decode faster than JSON::XS, but the |
1246 | result will be broken due to missing (or wrong) Unicode handling. Others |
1271 | result will be broken due to missing (or wrong) Unicode handling. Others |
1247 | refuse to decode or encode properly, so it was impossible to prepare a |
1272 | refuse to decode or encode properly, so it was impossible to prepare a |
… | |
… | |
1282 | information you might want to make sure that exceptions thrown by |
1307 | information you might want to make sure that exceptions thrown by |
1283 | JSON::XS will not end up in front of untrusted eyes. |
1308 | JSON::XS will not end up in front of untrusted eyes. |
1284 | |
1309 | |
1285 | If you are using JSON::XS to return packets to consumption by JavaScript |
1310 | If you are using JSON::XS to return packets to consumption by JavaScript |
1286 | scripts in a browser you should have a look at |
1311 | scripts in a browser you should have a look at |
1287 | <http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
1312 | <http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> |
1288 | you are vulnerable to some common attack vectors (which really are |
1313 | to see whether you are vulnerable to some common attack vectors (which |
1289 | browser design bugs, but it is still you who will have to deal with it, |
1314 | really are browser design bugs, but it is still you who will have to |
1290 | as major browser developers care only for features, not about getting |
1315 | deal with it, as major browser developers care only for features, not |
1291 | security right). |
1316 | about getting security right). |
1292 | |
1317 | |
1293 | THREADS |
1318 | THREADS |
1294 | This module is *not* guaranteed to be thread safe and there are no plans |
1319 | This module is *not* guaranteed to be thread safe and there are no plans |
1295 | to change this until Perl gets thread support (as opposed to the |
1320 | to change this until Perl gets thread support (as opposed to the |
1296 | horribly slow so-called "threads" which are simply slow and bloated |
1321 | horribly slow so-called "threads" which are simply slow and bloated |
1297 | process simulations - use fork, it's *much* faster, cheaper, better). |
1322 | process simulations - use fork, it's *much* faster, cheaper, better). |
1298 | |
1323 | |
1299 | (It might actually work, but you have been warned). |
1324 | (It might actually work, but you have been warned). |
1300 | |
1325 | |
|
|
1326 | THE PERILS OF SETLOCALE |
|
|
1327 | Sometimes people avoid the Perl locale support and directly call the |
|
|
1328 | system's setlocale function with "LC_ALL". |
|
|
1329 | |
|
|
1330 | This breaks both perl and modules such as JSON::XS, as stringification |
|
|
1331 | of numbers no longer works correcly (e.g. "$x = 0.1; print "$x"+1" might |
|
|
1332 | print 1, and JSON::XS might output illegal JSON as JSON::XS relies on |
|
|
1333 | perl to stringify numbers). |
|
|
1334 | |
|
|
1335 | The solution is simple: don't call "setlocale", or use it for only those |
|
|
1336 | categories you need, such as "LC_MESSAGES" or "LC_CTYPE". |
|
|
1337 | |
|
|
1338 | If you need "LC_NUMERIC", you should enable it only around the code that |
|
|
1339 | actually needs it (avoiding stringification of numbers), and restore it |
|
|
1340 | afterwards. |
|
|
1341 | |
1301 | BUGS |
1342 | BUGS |
1302 | While the goal of this module is to be correct, that unfortunately does |
1343 | While the goal of this module is to be correct, that unfortunately does |
1303 | not mean it's bug-free, only that I think its design is bug-free. If you |
1344 | not mean it's bug-free, only that I think its design is bug-free. If you |
1304 | keep reporting bugs they will be fixed swiftly, though. |
1345 | keep reporting bugs they will be fixed swiftly, though. |
1305 | |
1346 | |