| 1 | NAME |
1 | NAME |
| 2 | JSON::XS - JSON serialising/deserialising, done correctly and fast |
2 | JSON::XS - JSON serialising/deserialising, done correctly and fast |
| 3 | |
3 | |
|
|
4 | JSON::XS - 正しくて高速な JSON シリアライザ/デシリアライザ |
|
|
5 | (http://fleur.hio.jp/perldoc/mix/lib/JSON/XS.html) |
|
|
6 | |
| 4 | SYNOPSIS |
7 | SYNOPSIS |
| 5 | use JSON::XS; |
8 | use JSON::XS; |
| 6 | |
9 | |
| 7 | # exported functions, they croak on error |
10 | # exported functions, they croak on error |
| 8 | # and expect/generate UTF-8 |
11 | # and expect/generate UTF-8 |
| 9 | |
12 | |
| 10 | $utf8_encoded_json_text = to_json $perl_hash_or_arrayref; |
13 | $utf8_encoded_json_text = encode_json $perl_hash_or_arrayref; |
| 11 | $perl_hash_or_arrayref = from_json $utf8_encoded_json_text; |
14 | $perl_hash_or_arrayref = decode_json $utf8_encoded_json_text; |
| 12 | |
|
|
| 13 | # objToJson and jsonToObj aliases to to_json and from_json |
|
|
| 14 | # are exported for compatibility to the JSON module, |
|
|
| 15 | # but should not be used in new code. |
|
|
| 16 | |
15 | |
| 17 | # OO-interface |
16 | # OO-interface |
| 18 | |
17 | |
| 19 | $coder = JSON::XS->new->ascii->pretty->allow_nonref; |
18 | $coder = JSON::XS->new->ascii->pretty->allow_nonref; |
| 20 | $pretty_printed_unencoded = $coder->encode ($perl_scalar); |
19 | $pretty_printed_unencoded = $coder->encode ($perl_scalar); |
| 21 | $perl_scalar = $coder->decode ($unicode_json_text); |
20 | $perl_scalar = $coder->decode ($unicode_json_text); |
|
|
21 | |
|
|
22 | # Note that JSON version 2.0 and above will automatically use JSON::XS |
|
|
23 | # if available, at virtually no speed overhead either, so you should |
|
|
24 | # be able to just: |
|
|
25 | |
|
|
26 | use JSON; |
|
|
27 | |
|
|
28 | # and do the same things, except that you have a pure-perl fallback now. |
| 22 | |
29 | |
| 23 | DESCRIPTION |
30 | DESCRIPTION |
| 24 | This module converts Perl data structures to JSON and vice versa. Its |
31 | This module converts Perl data structures to JSON and vice versa. Its |
| 25 | primary goal is to be *correct* and its secondary goal is to be *fast*. |
32 | primary goal is to be *correct* and its secondary goal is to be *fast*. |
| 26 | To reach the latter goal it was written in C. |
33 | To reach the latter goal it was written in C. |
|
|
34 | |
|
|
35 | Beginning with version 2.0 of the JSON module, when both JSON and |
|
|
36 | JSON::XS are installed, then JSON will fall back on JSON::XS (this can |
|
|
37 | be overridden) with no overhead due to emulation (by inheriting |
|
|
38 | constructor and methods). If JSON::XS is not available, it will fall |
|
|
39 | back to the compatible JSON::PP module as backend, so using JSON instead |
|
|
40 | of JSON::XS gives you a portable JSON API that can be fast when you need |
|
|
41 | and doesn't require a C compiler when that is a problem. |
| 27 | |
42 | |
| 28 | As this is the n-th-something JSON module on CPAN, what was the reason |
43 | As this is the n-th-something JSON module on CPAN, what was the reason |
| 29 | to write yet another JSON module? While it seems there are many JSON |
44 | to write yet another JSON module? While it seems there are many JSON |
| 30 | modules, none of them correctly handle all corner cases, and in most |
45 | modules, none of them correctly handle all corner cases, and in most |
| 31 | cases their maintainers are unresponsive, gone missing, or not listening |
46 | cases their maintainers are unresponsive, gone missing, or not listening |
| 32 | to bug reports for other reasons. |
47 | to bug reports for other reasons. |
| 33 | |
48 | |
| 34 | See COMPARISON, below, for a comparison to some other JSON modules. |
|
|
| 35 | |
|
|
| 36 | See MAPPING, below, on how JSON::XS maps perl values to JSON values and |
49 | See MAPPING, below, on how JSON::XS maps perl values to JSON values and |
| 37 | vice versa. |
50 | vice versa. |
| 38 | |
51 | |
| 39 | FEATURES |
52 | FEATURES |
| 40 | * correct unicode handling |
53 | * correct Unicode handling |
|
|
54 | |
| 41 | This module knows how to handle Unicode, and even documents how and |
55 | This module knows how to handle Unicode, documents how and when it |
| 42 | when it does so. |
56 | does so, and even documents what "correct" means. |
| 43 | |
57 | |
| 44 | * round-trip integrity |
58 | * round-trip integrity |
|
|
59 | |
| 45 | When you serialise a perl data structure using only datatypes |
60 | When you serialise a perl data structure using only data types |
| 46 | supported by JSON, the deserialised data structure is identical on |
61 | supported by JSON and Perl, the deserialised data structure is |
| 47 | the Perl level. (e.g. the string "2.0" doesn't suddenly become "2" |
62 | identical on the Perl level. (e.g. the string "2.0" doesn't suddenly |
| 48 | just because it looks like a number). |
63 | become "2" just because it looks like a number). There *are* minor |
|
|
64 | exceptions to this, read the MAPPING section below to learn about |
|
|
65 | those. |
| 49 | |
66 | |
| 50 | * strict checking of JSON correctness |
67 | * strict checking of JSON correctness |
|
|
68 | |
| 51 | There is no guessing, no generating of illegal JSON texts by |
69 | There is no guessing, no generating of illegal JSON texts by |
| 52 | default, and only JSON is accepted as input by default (the latter |
70 | default, and only JSON is accepted as input by default (the latter |
| 53 | is a security feature). |
71 | is a security feature). |
| 54 | |
72 | |
| 55 | * fast |
73 | * fast |
| 56 | Compared to other JSON modules, this module compares favourably in |
|
|
| 57 | terms of speed, too. |
|
|
| 58 | |
74 | |
|
|
75 | Compared to other JSON modules and other serialisers such as |
|
|
76 | Storable, this module usually compares favourably in terms of speed, |
|
|
77 | too. |
|
|
78 | |
| 59 | * simple to use |
79 | * simple to use |
|
|
80 | |
| 60 | This module has both a simple functional interface as well as an OO |
81 | This module has both a simple functional interface as well as an |
| 61 | interface. |
82 | object oriented interface. |
| 62 | |
83 | |
| 63 | * reasonably versatile output formats |
84 | * reasonably versatile output formats |
|
|
85 | |
| 64 | You can choose between the most compact guarenteed single-line |
86 | You can choose between the most compact guaranteed-single-line |
| 65 | format possible (nice for simple line-based protocols), a pure-ascii |
87 | format possible (nice for simple line-based protocols), a pure-ASCII |
| 66 | format (for when your transport is not 8-bit clean, still supports |
88 | format (for when your transport is not 8-bit clean, still supports |
| 67 | the whole unicode range), or a pretty-printed format (for when you |
89 | the whole Unicode range), or a pretty-printed format (for when you |
| 68 | want to read that stuff). Or you can combine those features in |
90 | want to read that stuff). Or you can combine those features in |
| 69 | whatever way you like. |
91 | whatever way you like. |
| 70 | |
92 | |
| 71 | FUNCTIONAL INTERFACE |
93 | FUNCTIONAL INTERFACE |
| 72 | The following convinience methods are provided by this module. They are |
94 | The following convenience methods are provided by this module. They are |
| 73 | exported by default: |
95 | exported by default: |
| 74 | |
96 | |
| 75 | $json_text = to_json $perl_scalar |
97 | $json_text = encode_json $perl_scalar |
| 76 | Converts the given Perl data structure (a simple scalar or a |
98 | Converts the given Perl data structure to a UTF-8 encoded, binary |
| 77 | reference to a hash or array) to a UTF-8 encoded, binary string |
|
|
| 78 | (that is, the string contains octets only). Croaks on error. |
99 | string (that is, the string contains octets only). Croaks on error. |
| 79 | |
100 | |
| 80 | This function call is functionally identical to: |
101 | This function call is functionally identical to: |
| 81 | |
102 | |
| 82 | $json_text = JSON::XS->new->utf8->encode ($perl_scalar) |
103 | $json_text = JSON::XS->new->utf8->encode ($perl_scalar) |
| 83 | |
104 | |
| 84 | except being faster. |
105 | Except being faster. |
| 85 | |
106 | |
| 86 | $perl_scalar = from_json $json_text |
107 | $perl_scalar = decode_json $json_text |
| 87 | The opposite of "to_json": expects an UTF-8 (binary) string and |
108 | The opposite of "encode_json": expects an UTF-8 (binary) string and |
| 88 | tries to parse that as an UTF-8 encoded JSON text, returning the |
109 | tries to parse that as an UTF-8 encoded JSON text, returning the |
| 89 | resulting simple scalar or reference. Croaks on error. |
110 | resulting reference. Croaks on error. |
| 90 | |
111 | |
| 91 | This function call is functionally identical to: |
112 | This function call is functionally identical to: |
| 92 | |
113 | |
| 93 | $perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
114 | $perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
| 94 | |
115 | |
| 95 | except being faster. |
116 | Except being faster. |
|
|
117 | |
|
|
118 | A FEW NOTES ON UNICODE AND PERL |
|
|
119 | Since this often leads to confusion, here are a few very clear words on |
|
|
120 | how Unicode works in Perl, modulo bugs. |
|
|
121 | |
|
|
122 | 1. Perl strings can store characters with ordinal values > 255. |
|
|
123 | This enables you to store Unicode characters as single characters in |
|
|
124 | a Perl string - very natural. |
|
|
125 | |
|
|
126 | 2. Perl does *not* associate an encoding with your strings. |
|
|
127 | ... until you force it to, e.g. when matching it against a regex, or |
|
|
128 | printing the scalar to a file, in which case Perl either interprets |
|
|
129 | your string as locale-encoded text, octets/binary, or as Unicode, |
|
|
130 | depending on various settings. In no case is an encoding stored |
|
|
131 | together with your data, it is *use* that decides encoding, not any |
|
|
132 | magical meta data. |
|
|
133 | |
|
|
134 | 3. The internal utf-8 flag has no meaning with regards to the encoding |
|
|
135 | of your string. |
|
|
136 | Just ignore that flag unless you debug a Perl bug, a module written |
|
|
137 | in XS or want to dive into the internals of perl. Otherwise it will |
|
|
138 | only confuse you, as, despite the name, it says nothing about how |
|
|
139 | your string is encoded. You can have Unicode strings with that flag |
|
|
140 | set, with that flag clear, and you can have binary data with that |
|
|
141 | flag set and that flag clear. Other possibilities exist, too. |
|
|
142 | |
|
|
143 | If you didn't know about that flag, just the better, pretend it |
|
|
144 | doesn't exist. |
|
|
145 | |
|
|
146 | 4. A "Unicode String" is simply a string where each character can be |
|
|
147 | validly interpreted as a Unicode code point. |
|
|
148 | If you have UTF-8 encoded data, it is no longer a Unicode string, |
|
|
149 | but a Unicode string encoded in UTF-8, giving you a binary string. |
|
|
150 | |
|
|
151 | 5. A string containing "high" (> 255) character values is *not* a UTF-8 |
|
|
152 | string. |
|
|
153 | It's a fact. Learn to live with it. |
|
|
154 | |
|
|
155 | I hope this helps :) |
| 96 | |
156 | |
| 97 | OBJECT-ORIENTED INTERFACE |
157 | OBJECT-ORIENTED INTERFACE |
| 98 | The object oriented interface lets you configure your own encoding or |
158 | The object oriented interface lets you configure your own encoding or |
| 99 | decoding style, within the limits of supported formats. |
159 | decoding style, within the limits of supported formats. |
| 100 | |
160 | |
| … | |
… | |
| 108 | |
168 | |
| 109 | my $json = JSON::XS->new->utf8->space_after->encode ({a => [1,2]}) |
169 | my $json = JSON::XS->new->utf8->space_after->encode ({a => [1,2]}) |
| 110 | => {"a": [1, 2]} |
170 | => {"a": [1, 2]} |
| 111 | |
171 | |
| 112 | $json = $json->ascii ([$enable]) |
172 | $json = $json->ascii ([$enable]) |
|
|
173 | $enabled = $json->get_ascii |
| 113 | If $enable is true (or missing), then the "encode" method will not |
174 | If $enable is true (or missing), then the "encode" method will not |
| 114 | generate characters outside the code range 0..127 (which is ASCII). |
175 | generate characters outside the code range 0..127 (which is ASCII). |
| 115 | Any unicode characters outside that range will be escaped using |
176 | Any Unicode characters outside that range will be escaped using |
| 116 | either a single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL |
177 | either a single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL |
| 117 | escape sequence, as per RFC4627. The resulting encoded JSON text can |
178 | escape sequence, as per RFC4627. The resulting encoded JSON text can |
| 118 | be treated as a native unicode string, an ascii-encoded, |
179 | be treated as a native Unicode string, an ascii-encoded, |
| 119 | latin1-encoded or UTF-8 encoded string, or any other superset of |
180 | latin1-encoded or UTF-8 encoded string, or any other superset of |
| 120 | ASCII. |
181 | ASCII. |
| 121 | |
182 | |
| 122 | If $enable is false, then the "encode" method will not escape |
183 | If $enable is false, then the "encode" method will not escape |
| 123 | Unicode characters unless required by the JSON syntax or other |
184 | Unicode characters unless required by the JSON syntax or other |
| 124 | flags. This results in a faster and more compact format. |
185 | flags. This results in a faster and more compact format. |
| 125 | |
186 | |
|
|
187 | See also the section *ENCODING/CODESET FLAG NOTES* later in this |
|
|
188 | document. |
|
|
189 | |
| 126 | The main use for this flag is to produce JSON texts that can be |
190 | The main use for this flag is to produce JSON texts that can be |
| 127 | transmitted over a 7-bit channel, as the encoded JSON texts will not |
191 | transmitted over a 7-bit channel, as the encoded JSON texts will not |
| 128 | contain any 8 bit characters. |
192 | contain any 8 bit characters. |
| 129 | |
193 | |
| 130 | JSON::XS->new->ascii (1)->encode ([chr 0x10401]) |
194 | JSON::XS->new->ascii (1)->encode ([chr 0x10401]) |
| 131 | => ["\ud801\udc01"] |
195 | => ["\ud801\udc01"] |
| 132 | |
196 | |
| 133 | $json = $json->latin1 ([$enable]) |
197 | $json = $json->latin1 ([$enable]) |
|
|
198 | $enabled = $json->get_latin1 |
| 134 | If $enable is true (or missing), then the "encode" method will |
199 | If $enable is true (or missing), then the "encode" method will |
| 135 | encode the resulting JSON text as latin1 (or iso-8859-1), escaping |
200 | encode the resulting JSON text as latin1 (or iso-8859-1), escaping |
| 136 | any characters outside the code range 0..255. The resulting string |
201 | any characters outside the code range 0..255. The resulting string |
| 137 | can be treated as a latin1-encoded JSON text or a native unicode |
202 | can be treated as a latin1-encoded JSON text or a native Unicode |
| 138 | string. The "decode" method will not be affected in any way by this |
203 | string. The "decode" method will not be affected in any way by this |
| 139 | flag, as "decode" by default expects unicode, which is a strict |
204 | flag, as "decode" by default expects Unicode, which is a strict |
| 140 | superset of latin1. |
205 | superset of latin1. |
| 141 | |
206 | |
| 142 | If $enable is false, then the "encode" method will not escape |
207 | If $enable is false, then the "encode" method will not escape |
| 143 | Unicode characters unless required by the JSON syntax or other |
208 | Unicode characters unless required by the JSON syntax or other |
| 144 | flags. |
209 | flags. |
|
|
210 | |
|
|
211 | See also the section *ENCODING/CODESET FLAG NOTES* later in this |
|
|
212 | document. |
| 145 | |
213 | |
| 146 | The main use for this flag is efficiently encoding binary data as |
214 | The main use for this flag is efficiently encoding binary data as |
| 147 | JSON text, as most octets will not be escaped, resulting in a |
215 | JSON text, as most octets will not be escaped, resulting in a |
| 148 | smaller encoded size. The disadvantage is that the resulting JSON |
216 | smaller encoded size. The disadvantage is that the resulting JSON |
| 149 | text is encoded in latin1 (and must correctly be treated as such |
217 | text is encoded in latin1 (and must correctly be treated as such |
| 150 | when storing and transfering), a rare encoding for JSON. It is |
218 | when storing and transferring), a rare encoding for JSON. It is |
| 151 | therefore most useful when you want to store data structures known |
219 | therefore most useful when you want to store data structures known |
| 152 | to contain binary data efficiently in files or databases, not when |
220 | to contain binary data efficiently in files or databases, not when |
| 153 | talking to other JSON encoders/decoders. |
221 | talking to other JSON encoders/decoders. |
| 154 | |
222 | |
| 155 | JSON::XS->new->latin1->encode (["\x{89}\x{abc}"] |
223 | JSON::XS->new->latin1->encode (["\x{89}\x{abc}"] |
| 156 | => ["\x{89}\\u0abc"] # (perl syntax, U+abc escaped, U+89 not) |
224 | => ["\x{89}\\u0abc"] # (perl syntax, U+abc escaped, U+89 not) |
| 157 | |
225 | |
| 158 | $json = $json->utf8 ([$enable]) |
226 | $json = $json->utf8 ([$enable]) |
|
|
227 | $enabled = $json->get_utf8 |
| 159 | If $enable is true (or missing), then the "encode" method will |
228 | If $enable is true (or missing), then the "encode" method will |
| 160 | encode the JSON result into UTF-8, as required by many protocols, |
229 | encode the JSON result into UTF-8, as required by many protocols, |
| 161 | while the "decode" method expects to be handled an UTF-8-encoded |
230 | while the "decode" method expects to be handled an UTF-8-encoded |
| 162 | string. Please note that UTF-8-encoded strings do not contain any |
231 | string. Please note that UTF-8-encoded strings do not contain any |
| 163 | characters outside the range 0..255, they are thus useful for |
232 | characters outside the range 0..255, they are thus useful for |
| 164 | bytewise/binary I/O. In future versions, enabling this option might |
233 | bytewise/binary I/O. In future versions, enabling this option might |
| 165 | enable autodetection of the UTF-16 and UTF-32 encoding families, as |
234 | enable autodetection of the UTF-16 and UTF-32 encoding families, as |
| 166 | described in RFC4627. |
235 | described in RFC4627. |
| 167 | |
236 | |
| 168 | If $enable is false, then the "encode" method will return the JSON |
237 | If $enable is false, then the "encode" method will return the JSON |
| 169 | string as a (non-encoded) unicode string, while "decode" expects |
238 | string as a (non-encoded) Unicode string, while "decode" expects |
| 170 | thus a unicode string. Any decoding or encoding (e.g. to UTF-8 or |
239 | thus a Unicode string. Any decoding or encoding (e.g. to UTF-8 or |
| 171 | UTF-16) needs to be done yourself, e.g. using the Encode module. |
240 | UTF-16) needs to be done yourself, e.g. using the Encode module. |
|
|
241 | |
|
|
242 | See also the section *ENCODING/CODESET FLAG NOTES* later in this |
|
|
243 | document. |
| 172 | |
244 | |
| 173 | Example, output UTF-16BE-encoded JSON: |
245 | Example, output UTF-16BE-encoded JSON: |
| 174 | |
246 | |
| 175 | use Encode; |
247 | use Encode; |
| 176 | $jsontext = encode "UTF-16BE", JSON::XS->new->encode ($object); |
248 | $jsontext = encode "UTF-16BE", JSON::XS->new->encode ($object); |
| … | |
… | |
| 195 | 2 |
267 | 2 |
| 196 | ] |
268 | ] |
| 197 | } |
269 | } |
| 198 | |
270 | |
| 199 | $json = $json->indent ([$enable]) |
271 | $json = $json->indent ([$enable]) |
|
|
272 | $enabled = $json->get_indent |
| 200 | If $enable is true (or missing), then the "encode" method will use a |
273 | If $enable is true (or missing), then the "encode" method will use a |
| 201 | multiline format as output, putting every array member or |
274 | multiline format as output, putting every array member or |
| 202 | object/hash key-value pair into its own line, identing them |
275 | object/hash key-value pair into its own line, indenting them |
| 203 | properly. |
276 | properly. |
| 204 | |
277 | |
| 205 | If $enable is false, no newlines or indenting will be produced, and |
278 | If $enable is false, no newlines or indenting will be produced, and |
| 206 | the resulting JSON text is guarenteed not to contain any "newlines". |
279 | the resulting JSON text is guaranteed not to contain any "newlines". |
| 207 | |
280 | |
| 208 | This setting has no effect when decoding JSON texts. |
281 | This setting has no effect when decoding JSON texts. |
| 209 | |
282 | |
| 210 | $json = $json->space_before ([$enable]) |
283 | $json = $json->space_before ([$enable]) |
|
|
284 | $enabled = $json->get_space_before |
| 211 | If $enable is true (or missing), then the "encode" method will add |
285 | If $enable is true (or missing), then the "encode" method will add |
| 212 | an extra optional space before the ":" separating keys from values |
286 | an extra optional space before the ":" separating keys from values |
| 213 | in JSON objects. |
287 | in JSON objects. |
| 214 | |
288 | |
| 215 | If $enable is false, then the "encode" method will not add any extra |
289 | If $enable is false, then the "encode" method will not add any extra |
| … | |
… | |
| 221 | Example, space_before enabled, space_after and indent disabled: |
295 | Example, space_before enabled, space_after and indent disabled: |
| 222 | |
296 | |
| 223 | {"key" :"value"} |
297 | {"key" :"value"} |
| 224 | |
298 | |
| 225 | $json = $json->space_after ([$enable]) |
299 | $json = $json->space_after ([$enable]) |
|
|
300 | $enabled = $json->get_space_after |
| 226 | If $enable is true (or missing), then the "encode" method will add |
301 | If $enable is true (or missing), then the "encode" method will add |
| 227 | an extra optional space after the ":" separating keys from values in |
302 | an extra optional space after the ":" separating keys from values in |
| 228 | JSON objects and extra whitespace after the "," separating key-value |
303 | JSON objects and extra whitespace after the "," separating key-value |
| 229 | pairs and array members. |
304 | pairs and array members. |
| 230 | |
305 | |
| … | |
… | |
| 235 | |
310 | |
| 236 | Example, space_before and indent disabled, space_after enabled: |
311 | Example, space_before and indent disabled, space_after enabled: |
| 237 | |
312 | |
| 238 | {"key": "value"} |
313 | {"key": "value"} |
| 239 | |
314 | |
|
|
315 | $json = $json->relaxed ([$enable]) |
|
|
316 | $enabled = $json->get_relaxed |
|
|
317 | If $enable is true (or missing), then "decode" will accept some |
|
|
318 | extensions to normal JSON syntax (see below). "encode" will not be |
|
|
319 | affected in anyway. *Be aware that this option makes you accept |
|
|
320 | invalid JSON texts as if they were valid!*. I suggest only to use |
|
|
321 | this option to parse application-specific files written by humans |
|
|
322 | (configuration files, resource files etc.) |
|
|
323 | |
|
|
324 | If $enable is false (the default), then "decode" will only accept |
|
|
325 | valid JSON texts. |
|
|
326 | |
|
|
327 | Currently accepted extensions are: |
|
|
328 | |
|
|
329 | * list items can have an end-comma |
|
|
330 | |
|
|
331 | JSON *separates* array elements and key-value pairs with commas. |
|
|
332 | This can be annoying if you write JSON texts manually and want |
|
|
333 | to be able to quickly append elements, so this extension accepts |
|
|
334 | comma at the end of such items not just between them: |
|
|
335 | |
|
|
336 | [ |
|
|
337 | 1, |
|
|
338 | 2, <- this comma not normally allowed |
|
|
339 | ] |
|
|
340 | { |
|
|
341 | "k1": "v1", |
|
|
342 | "k2": "v2", <- this comma not normally allowed |
|
|
343 | } |
|
|
344 | |
|
|
345 | * shell-style '#'-comments |
|
|
346 | |
|
|
347 | Whenever JSON allows whitespace, shell-style comments are |
|
|
348 | additionally allowed. They are terminated by the first |
|
|
349 | carriage-return or line-feed character, after which more |
|
|
350 | white-space and comments are allowed. |
|
|
351 | |
|
|
352 | [ |
|
|
353 | 1, # this comment not allowed in JSON |
|
|
354 | # neither this one... |
|
|
355 | ] |
|
|
356 | |
|
|
357 | * literal ASCII TAB characters in strings |
|
|
358 | |
|
|
359 | Literal ASCII TAB characters are now allowed in strings (and |
|
|
360 | treated as "\t"). |
|
|
361 | |
|
|
362 | [ |
|
|
363 | "Hello\tWorld", |
|
|
364 | "Hello<TAB>World", # literal <TAB> would not normally be allowed |
|
|
365 | ] |
|
|
366 | |
| 240 | $json = $json->canonical ([$enable]) |
367 | $json = $json->canonical ([$enable]) |
|
|
368 | $enabled = $json->get_canonical |
| 241 | If $enable is true (or missing), then the "encode" method will |
369 | If $enable is true (or missing), then the "encode" method will |
| 242 | output JSON objects by sorting their keys. This is adding a |
370 | output JSON objects by sorting their keys. This is adding a |
| 243 | comparatively high overhead. |
371 | comparatively high overhead. |
| 244 | |
372 | |
| 245 | If $enable is false, then the "encode" method will output key-value |
373 | If $enable is false, then the "encode" method will output key-value |
| 246 | pairs in the order Perl stores them (which will likely change |
374 | pairs in the order Perl stores them (which will likely change |
| 247 | between runs of the same script). |
375 | between runs of the same script, and can change even within the same |
|
|
376 | run from 5.18 onwards). |
| 248 | |
377 | |
| 249 | This option is useful if you want the same data structure to be |
378 | This option is useful if you want the same data structure to be |
| 250 | encoded as the same JSON text (given the same overall settings). If |
379 | encoded as the same JSON text (given the same overall settings). If |
| 251 | it is disabled, the same hash migh be encoded differently even if |
380 | it is disabled, the same hash might be encoded differently even if |
| 252 | contains the same data, as key-value pairs have no inherent ordering |
381 | contains the same data, as key-value pairs have no inherent ordering |
| 253 | in Perl. |
382 | in Perl. |
| 254 | |
383 | |
| 255 | This setting has no effect when decoding JSON texts. |
384 | This setting has no effect when decoding JSON texts. |
| 256 | |
385 | |
|
|
386 | This setting has currently no effect on tied hashes. |
|
|
387 | |
| 257 | $json = $json->allow_nonref ([$enable]) |
388 | $json = $json->allow_nonref ([$enable]) |
|
|
389 | $enabled = $json->get_allow_nonref |
| 258 | If $enable is true (or missing), then the "encode" method can |
390 | If $enable is true (or missing), then the "encode" method can |
| 259 | convert a non-reference into its corresponding string, number or |
391 | convert a non-reference into its corresponding string, number or |
| 260 | null JSON value, which is an extension to RFC4627. Likewise, |
392 | null JSON value, which is an extension to RFC4627. Likewise, |
| 261 | "decode" will accept those JSON values instead of croaking. |
393 | "decode" will accept those JSON values instead of croaking. |
| 262 | |
394 | |
| … | |
… | |
| 269 | "allow_nonref", resulting in an invalid JSON text: |
401 | "allow_nonref", resulting in an invalid JSON text: |
| 270 | |
402 | |
| 271 | JSON::XS->new->allow_nonref->encode ("Hello, World!") |
403 | JSON::XS->new->allow_nonref->encode ("Hello, World!") |
| 272 | => "Hello, World!" |
404 | => "Hello, World!" |
| 273 | |
405 | |
|
|
406 | $json = $json->allow_unknown ([$enable]) |
|
|
407 | $enabled = $json->get_allow_unknown |
|
|
408 | If $enable is true (or missing), then "encode" will *not* throw an |
|
|
409 | exception when it encounters values it cannot represent in JSON (for |
|
|
410 | example, filehandles) but instead will encode a JSON "null" value. |
|
|
411 | Note that blessed objects are not included here and are handled |
|
|
412 | separately by c<allow_nonref>. |
|
|
413 | |
|
|
414 | If $enable is false (the default), then "encode" will throw an |
|
|
415 | exception when it encounters anything it cannot encode as JSON. |
|
|
416 | |
|
|
417 | This option does not affect "decode" in any way, and it is |
|
|
418 | recommended to leave it off unless you know your communications |
|
|
419 | partner. |
|
|
420 | |
|
|
421 | $json = $json->allow_blessed ([$enable]) |
|
|
422 | $enabled = $json->get_allow_blessed |
|
|
423 | See "OBJECT SERIALISATION" for details. |
|
|
424 | |
|
|
425 | If $enable is true (or missing), then the "encode" method will not |
|
|
426 | barf when it encounters a blessed reference that it cannot convert |
|
|
427 | otherwise. Instead, a JSON "null" value is encoded instead of the |
|
|
428 | object. |
|
|
429 | |
|
|
430 | If $enable is false (the default), then "encode" will throw an |
|
|
431 | exception when it encounters a blessed object that it cannot convert |
|
|
432 | otherwise. |
|
|
433 | |
|
|
434 | This setting has no effect on "decode". |
|
|
435 | |
|
|
436 | $json = $json->convert_blessed ([$enable]) |
|
|
437 | $enabled = $json->get_convert_blessed |
|
|
438 | See "OBJECT SERIALISATION" for details. |
|
|
439 | |
|
|
440 | If $enable is true (or missing), then "encode", upon encountering a |
|
|
441 | blessed object, will check for the availability of the "TO_JSON" |
|
|
442 | method on the object's class. If found, it will be called in scalar |
|
|
443 | context and the resulting scalar will be encoded instead of the |
|
|
444 | object. |
|
|
445 | |
|
|
446 | The "TO_JSON" method may safely call die if it wants. If "TO_JSON" |
|
|
447 | returns other blessed objects, those will be handled in the same |
|
|
448 | way. "TO_JSON" must take care of not causing an endless recursion |
|
|
449 | cycle (== crash) in this case. The name of "TO_JSON" was chosen |
|
|
450 | because other methods called by the Perl core (== not by the user of |
|
|
451 | the object) are usually in upper case letters and to avoid |
|
|
452 | collisions with any "to_json" function or method. |
|
|
453 | |
|
|
454 | If $enable is false (the default), then "encode" will not consider |
|
|
455 | this type of conversion. |
|
|
456 | |
|
|
457 | This setting has no effect on "decode". |
|
|
458 | |
|
|
459 | $json = $json->allow_tags ([$enable]) |
|
|
460 | $enabled = $json->allow_tags |
|
|
461 | See "OBJECT SERIALISATION" for details. |
|
|
462 | |
|
|
463 | If $enable is true (or missing), then "encode", upon encountering a |
|
|
464 | blessed object, will check for the availability of the "FREEZE" |
|
|
465 | method on the object's class. If found, it will be used to serialise |
|
|
466 | the object into a nonstandard tagged JSON value (that JSON decoders |
|
|
467 | cannot decode). |
|
|
468 | |
|
|
469 | It also causes "decode" to parse such tagged JSON values and |
|
|
470 | deserialise them via a call to the "THAW" method. |
|
|
471 | |
|
|
472 | If $enable is false (the default), then "encode" will not consider |
|
|
473 | this type of conversion, and tagged JSON values will cause a parse |
|
|
474 | error in "decode", as if tags were not part of the grammar. |
|
|
475 | |
|
|
476 | $json = $json->filter_json_object ([$coderef->($hashref)]) |
|
|
477 | When $coderef is specified, it will be called from "decode" each |
|
|
478 | time it decodes a JSON object. The only argument is a reference to |
|
|
479 | the newly-created hash. If the code references returns a single |
|
|
480 | scalar (which need not be a reference), this value (i.e. a copy of |
|
|
481 | that scalar to avoid aliasing) is inserted into the deserialised |
|
|
482 | data structure. If it returns an empty list (NOTE: *not* "undef", |
|
|
483 | which is a valid scalar), the original deserialised hash will be |
|
|
484 | inserted. This setting can slow down decoding considerably. |
|
|
485 | |
|
|
486 | When $coderef is omitted or undefined, any existing callback will be |
|
|
487 | removed and "decode" will not change the deserialised hash in any |
|
|
488 | way. |
|
|
489 | |
|
|
490 | Example, convert all JSON objects into the integer 5: |
|
|
491 | |
|
|
492 | my $js = JSON::XS->new->filter_json_object (sub { 5 }); |
|
|
493 | # returns [5] |
|
|
494 | $js->decode ('[{}]') |
|
|
495 | # throw an exception because allow_nonref is not enabled |
|
|
496 | # so a lone 5 is not allowed. |
|
|
497 | $js->decode ('{"a":1, "b":2}'); |
|
|
498 | |
|
|
499 | $json = $json->filter_json_single_key_object ($key [=> |
|
|
500 | $coderef->($value)]) |
|
|
501 | Works remotely similar to "filter_json_object", but is only called |
|
|
502 | for JSON objects having a single key named $key. |
|
|
503 | |
|
|
504 | This $coderef is called before the one specified via |
|
|
505 | "filter_json_object", if any. It gets passed the single value in the |
|
|
506 | JSON object. If it returns a single value, it will be inserted into |
|
|
507 | the data structure. If it returns nothing (not even "undef" but the |
|
|
508 | empty list), the callback from "filter_json_object" will be called |
|
|
509 | next, as if no single-key callback were specified. |
|
|
510 | |
|
|
511 | If $coderef is omitted or undefined, the corresponding callback will |
|
|
512 | be disabled. There can only ever be one callback for a given key. |
|
|
513 | |
|
|
514 | As this callback gets called less often then the |
|
|
515 | "filter_json_object" one, decoding speed will not usually suffer as |
|
|
516 | much. Therefore, single-key objects make excellent targets to |
|
|
517 | serialise Perl objects into, especially as single-key JSON objects |
|
|
518 | are as close to the type-tagged value concept as JSON gets (it's |
|
|
519 | basically an ID/VALUE tuple). Of course, JSON does not support this |
|
|
520 | in any way, so you need to make sure your data never looks like a |
|
|
521 | serialised Perl hash. |
|
|
522 | |
|
|
523 | Typical names for the single object key are "__class_whatever__", or |
|
|
524 | "$__dollars_are_rarely_used__$" or "}ugly_brace_placement", or even |
|
|
525 | things like "__class_md5sum(classname)__", to reduce the risk of |
|
|
526 | clashing with real hashes. |
|
|
527 | |
|
|
528 | Example, decode JSON objects of the form "{ "__widget__" => <id> }" |
|
|
529 | into the corresponding $WIDGET{<id>} object: |
|
|
530 | |
|
|
531 | # return whatever is in $WIDGET{5}: |
|
|
532 | JSON::XS |
|
|
533 | ->new |
|
|
534 | ->filter_json_single_key_object (__widget__ => sub { |
|
|
535 | $WIDGET{ $_[0] } |
|
|
536 | }) |
|
|
537 | ->decode ('{"__widget__": 5') |
|
|
538 | |
|
|
539 | # this can be used with a TO_JSON method in some "widget" class |
|
|
540 | # for serialisation to json: |
|
|
541 | sub WidgetBase::TO_JSON { |
|
|
542 | my ($self) = @_; |
|
|
543 | |
|
|
544 | unless ($self->{id}) { |
|
|
545 | $self->{id} = ..get..some..id..; |
|
|
546 | $WIDGET{$self->{id}} = $self; |
|
|
547 | } |
|
|
548 | |
|
|
549 | { __widget__ => $self->{id} } |
|
|
550 | } |
|
|
551 | |
| 274 | $json = $json->shrink ([$enable]) |
552 | $json = $json->shrink ([$enable]) |
|
|
553 | $enabled = $json->get_shrink |
| 275 | Perl usually over-allocates memory a bit when allocating space for |
554 | Perl usually over-allocates memory a bit when allocating space for |
| 276 | strings. This flag optionally resizes strings generated by either |
555 | strings. This flag optionally resizes strings generated by either |
| 277 | "encode" or "decode" to their minimum size possible. This can save |
556 | "encode" or "decode" to their minimum size possible. This can save |
| 278 | memory when your JSON texts are either very very long or you have |
557 | memory when your JSON texts are either very very long or you have |
| 279 | many short strings. It will also try to downgrade any strings to |
558 | many short strings. It will also try to downgrade any strings to |
| … | |
… | |
| 297 | converting strings that look like integers or floats into integers |
576 | converting strings that look like integers or floats into integers |
| 298 | or floats internally (there is no difference on the Perl level), |
577 | or floats internally (there is no difference on the Perl level), |
| 299 | saving space. |
578 | saving space. |
| 300 | |
579 | |
| 301 | $json = $json->max_depth ([$maximum_nesting_depth]) |
580 | $json = $json->max_depth ([$maximum_nesting_depth]) |
|
|
581 | $max_depth = $json->get_max_depth |
| 302 | Sets the maximum nesting level (default 512) accepted while encoding |
582 | Sets the maximum nesting level (default 512) accepted while encoding |
| 303 | or decoding. If the JSON text or Perl data structure has an equal or |
583 | or decoding. If a higher nesting level is detected in JSON text or a |
| 304 | higher nesting level then this limit, then the encoder and decoder |
584 | Perl data structure, then the encoder and decoder will stop and |
| 305 | will stop and croak at that point. |
585 | croak at that point. |
| 306 | |
586 | |
| 307 | Nesting level is defined by number of hash- or arrayrefs that the |
587 | Nesting level is defined by number of hash- or arrayrefs that the |
| 308 | encoder needs to traverse to reach a given point or the number of |
588 | encoder needs to traverse to reach a given point or the number of |
| 309 | "{" or "[" characters without their matching closing parenthesis |
589 | "{" or "[" characters without their matching closing parenthesis |
| 310 | crossed to reach a given character in a string. |
590 | crossed to reach a given character in a string. |
| 311 | |
591 | |
| 312 | Setting the maximum depth to one disallows any nesting, so that |
592 | Setting the maximum depth to one disallows any nesting, so that |
| 313 | ensures that the object is only a single hash/object or array. |
593 | ensures that the object is only a single hash/object or array. |
| 314 | |
594 | |
| 315 | The argument to "max_depth" will be rounded up to the next nearest |
595 | If no argument is given, the highest possible setting will be used, |
| 316 | power of two. |
596 | which is rarely useful. |
|
|
597 | |
|
|
598 | Note that nesting is implemented by recursion in C. The default |
|
|
599 | value has been chosen to be as large as typical operating systems |
|
|
600 | allow without crashing. |
| 317 | |
601 | |
| 318 | See SECURITY CONSIDERATIONS, below, for more info on why this is |
602 | See SECURITY CONSIDERATIONS, below, for more info on why this is |
| 319 | useful. |
603 | useful. |
| 320 | |
604 | |
|
|
605 | $json = $json->max_size ([$maximum_string_size]) |
|
|
606 | $max_size = $json->get_max_size |
|
|
607 | Set the maximum length a JSON text may have (in bytes) where |
|
|
608 | decoding is being attempted. The default is 0, meaning no limit. |
|
|
609 | When "decode" is called on a string that is longer then this many |
|
|
610 | bytes, it will not attempt to decode the string but throw an |
|
|
611 | exception. This setting has no effect on "encode" (yet). |
|
|
612 | |
|
|
613 | If no argument is given, the limit check will be deactivated (same |
|
|
614 | as when 0 is specified). |
|
|
615 | |
|
|
616 | See SECURITY CONSIDERATIONS, below, for more info on why this is |
|
|
617 | useful. |
|
|
618 | |
| 321 | $json_text = $json->encode ($perl_scalar) |
619 | $json_text = $json->encode ($perl_scalar) |
| 322 | Converts the given Perl data structure (a simple scalar or a |
620 | Converts the given Perl value or data structure to its JSON |
| 323 | reference to a hash or array) to its JSON representation. Simple |
621 | representation. Croaks on error. |
| 324 | scalars will be converted into JSON string or number sequences, |
|
|
| 325 | while references to arrays become JSON arrays and references to |
|
|
| 326 | hashes become JSON objects. Undefined Perl values (e.g. "undef") |
|
|
| 327 | become JSON "null" values. Neither "true" nor "false" values will be |
|
|
| 328 | generated. |
|
|
| 329 | |
622 | |
| 330 | $perl_scalar = $json->decode ($json_text) |
623 | $perl_scalar = $json->decode ($json_text) |
| 331 | The opposite of "encode": expects a JSON text and tries to parse it, |
624 | The opposite of "encode": expects a JSON text and tries to parse it, |
| 332 | returning the resulting simple scalar or reference. Croaks on error. |
625 | returning the resulting simple scalar or reference. Croaks on error. |
| 333 | |
|
|
| 334 | JSON numbers and strings become simple Perl scalars. JSON arrays |
|
|
| 335 | become Perl arrayrefs and JSON objects become Perl hashrefs. "true" |
|
|
| 336 | becomes 1, "false" becomes 0 and "null" becomes "undef". |
|
|
| 337 | |
626 | |
| 338 | ($perl_scalar, $characters) = $json->decode_prefix ($json_text) |
627 | ($perl_scalar, $characters) = $json->decode_prefix ($json_text) |
| 339 | This works like the "decode" method, but instead of raising an |
628 | This works like the "decode" method, but instead of raising an |
| 340 | exception when there is trailing garbage after the first JSON |
629 | exception when there is trailing garbage after the first JSON |
| 341 | object, it will silently stop parsing there and return the number of |
630 | object, it will silently stop parsing there and return the number of |
| 342 | characters consumed so far. |
631 | characters consumed so far. |
| 343 | |
632 | |
| 344 | This is useful if your JSON texts are not delimited by an outer |
633 | This is useful if your JSON texts are not delimited by an outer |
| 345 | protocol (which is not the brightest thing to do in the first place) |
|
|
| 346 | and you need to know where the JSON text ends. |
634 | protocol and you need to know where the JSON text ends. |
| 347 | |
635 | |
| 348 | JSON::XS->new->decode_prefix ("[1] the tail") |
636 | JSON::XS->new->decode_prefix ("[1] the tail") |
| 349 | => ([], 3) |
637 | => ([1], 3) |
|
|
638 | |
|
|
639 | INCREMENTAL PARSING |
|
|
640 | In some cases, there is the need for incremental parsing of JSON texts. |
|
|
641 | While this module always has to keep both JSON text and resulting Perl |
|
|
642 | data structure in memory at one time, it does allow you to parse a JSON |
|
|
643 | stream incrementally. It does so by accumulating text until it has a |
|
|
644 | full JSON object, which it then can decode. This process is similar to |
|
|
645 | using "decode_prefix" to see if a full JSON object is available, but is |
|
|
646 | much more efficient (and can be implemented with a minimum of method |
|
|
647 | calls). |
|
|
648 | |
|
|
649 | JSON::XS will only attempt to parse the JSON text once it is sure it has |
|
|
650 | enough text to get a decisive result, using a very simple but truly |
|
|
651 | incremental parser. This means that it sometimes won't stop as early as |
|
|
652 | the full parser, for example, it doesn't detect mismatched parentheses. |
|
|
653 | The only thing it guarantees is that it starts decoding as soon as a |
|
|
654 | syntactically valid JSON text has been seen. This means you need to set |
|
|
655 | resource limits (e.g. "max_size") to ensure the parser will stop parsing |
|
|
656 | in the presence if syntax errors. |
|
|
657 | |
|
|
658 | The following methods implement this incremental parser. |
|
|
659 | |
|
|
660 | [void, scalar or list context] = $json->incr_parse ([$string]) |
|
|
661 | This is the central parsing function. It can both append new text |
|
|
662 | and extract objects from the stream accumulated so far (both of |
|
|
663 | these functions are optional). |
|
|
664 | |
|
|
665 | If $string is given, then this string is appended to the already |
|
|
666 | existing JSON fragment stored in the $json object. |
|
|
667 | |
|
|
668 | After that, if the function is called in void context, it will |
|
|
669 | simply return without doing anything further. This can be used to |
|
|
670 | add more text in as many chunks as you want. |
|
|
671 | |
|
|
672 | If the method is called in scalar context, then it will try to |
|
|
673 | extract exactly *one* JSON object. If that is successful, it will |
|
|
674 | return this object, otherwise it will return "undef". If there is a |
|
|
675 | parse error, this method will croak just as "decode" would do (one |
|
|
676 | can then use "incr_skip" to skip the erroneous part). This is the |
|
|
677 | most common way of using the method. |
|
|
678 | |
|
|
679 | And finally, in list context, it will try to extract as many objects |
|
|
680 | from the stream as it can find and return them, or the empty list |
|
|
681 | otherwise. For this to work, there must be no separators (other than |
|
|
682 | whitespace) between the JSON objects or arrays, instead they must be |
|
|
683 | concatenated back-to-back. If an error occurs, an exception will be |
|
|
684 | raised as in the scalar context case. Note that in this case, any |
|
|
685 | previously-parsed JSON texts will be lost. |
|
|
686 | |
|
|
687 | Example: Parse some JSON arrays/objects in a given string and return |
|
|
688 | them. |
|
|
689 | |
|
|
690 | my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]"); |
|
|
691 | |
|
|
692 | $lvalue_string = $json->incr_text |
|
|
693 | This method returns the currently stored JSON fragment as an lvalue, |
|
|
694 | that is, you can manipulate it. This *only* works when a preceding |
|
|
695 | call to "incr_parse" in *scalar context* successfully returned an |
|
|
696 | object. Under all other circumstances you must not call this |
|
|
697 | function (I mean it. although in simple tests it might actually |
|
|
698 | work, it *will* fail under real world conditions). As a special |
|
|
699 | exception, you can also call this method before having parsed |
|
|
700 | anything. |
|
|
701 | |
|
|
702 | That means you can only use this function to look at or manipulate |
|
|
703 | text before or after complete JSON objects, not while the parser is |
|
|
704 | in the middle of parsing a JSON object. |
|
|
705 | |
|
|
706 | This function is useful in two cases: a) finding the trailing text |
|
|
707 | after a JSON object or b) parsing multiple JSON objects separated by |
|
|
708 | non-JSON text (such as commas). |
|
|
709 | |
|
|
710 | $json->incr_skip |
|
|
711 | This will reset the state of the incremental parser and will remove |
|
|
712 | the parsed text from the input buffer so far. This is useful after |
|
|
713 | "incr_parse" died, in which case the input buffer and incremental |
|
|
714 | parser state is left unchanged, to skip the text parsed so far and |
|
|
715 | to reset the parse state. |
|
|
716 | |
|
|
717 | The difference to "incr_reset" is that only text until the parse |
|
|
718 | error occurred is removed. |
|
|
719 | |
|
|
720 | $json->incr_reset |
|
|
721 | This completely resets the incremental parser, that is, after this |
|
|
722 | call, it will be as if the parser had never parsed anything. |
|
|
723 | |
|
|
724 | This is useful if you want to repeatedly parse JSON objects and want |
|
|
725 | to ignore any trailing data, which means you have to reset the |
|
|
726 | parser after each successful decode. |
|
|
727 | |
|
|
728 | LIMITATIONS |
|
|
729 | All options that affect decoding are supported, except "allow_nonref". |
|
|
730 | The reason for this is that it cannot be made to work sensibly: JSON |
|
|
731 | objects and arrays are self-delimited, i.e. you can concatenate them |
|
|
732 | back to back and still decode them perfectly. This does not hold true |
|
|
733 | for JSON numbers, however. |
|
|
734 | |
|
|
735 | For example, is the string 1 a single JSON number, or is it simply the |
|
|
736 | start of 12? Or is 12 a single JSON number, or the concatenation of 1 |
|
|
737 | and 2? In neither case you can tell, and this is why JSON::XS takes the |
|
|
738 | conservative route and disallows this case. |
|
|
739 | |
|
|
740 | EXAMPLES |
|
|
741 | Some examples will make all this clearer. First, a simple example that |
|
|
742 | works similarly to "decode_prefix": We want to decode the JSON object at |
|
|
743 | the start of a string and identify the portion after the JSON object: |
|
|
744 | |
|
|
745 | my $text = "[1,2,3] hello"; |
|
|
746 | |
|
|
747 | my $json = new JSON::XS; |
|
|
748 | |
|
|
749 | my $obj = $json->incr_parse ($text) |
|
|
750 | or die "expected JSON object or array at beginning of string"; |
|
|
751 | |
|
|
752 | my $tail = $json->incr_text; |
|
|
753 | # $tail now contains " hello" |
|
|
754 | |
|
|
755 | Easy, isn't it? |
|
|
756 | |
|
|
757 | Now for a more complicated example: Imagine a hypothetical protocol |
|
|
758 | where you read some requests from a TCP stream, and each request is a |
|
|
759 | JSON array, without any separation between them (in fact, it is often |
|
|
760 | useful to use newlines as "separators", as these get interpreted as |
|
|
761 | whitespace at the start of the JSON text, which makes it possible to |
|
|
762 | test said protocol with "telnet"...). |
|
|
763 | |
|
|
764 | Here is how you'd do it (it is trivial to write this in an event-based |
|
|
765 | manner): |
|
|
766 | |
|
|
767 | my $json = new JSON::XS; |
|
|
768 | |
|
|
769 | # read some data from the socket |
|
|
770 | while (sysread $socket, my $buf, 4096) { |
|
|
771 | |
|
|
772 | # split and decode as many requests as possible |
|
|
773 | for my $request ($json->incr_parse ($buf)) { |
|
|
774 | # act on the $request |
|
|
775 | } |
|
|
776 | } |
|
|
777 | |
|
|
778 | Another complicated example: Assume you have a string with JSON objects |
|
|
779 | or arrays, all separated by (optional) comma characters (e.g. "[1],[2], |
|
|
780 | [3]"). To parse them, we have to skip the commas between the JSON texts, |
|
|
781 | and here is where the lvalue-ness of "incr_text" comes in useful: |
|
|
782 | |
|
|
783 | my $text = "[1],[2], [3]"; |
|
|
784 | my $json = new JSON::XS; |
|
|
785 | |
|
|
786 | # void context, so no parsing done |
|
|
787 | $json->incr_parse ($text); |
|
|
788 | |
|
|
789 | # now extract as many objects as possible. note the |
|
|
790 | # use of scalar context so incr_text can be called. |
|
|
791 | while (my $obj = $json->incr_parse) { |
|
|
792 | # do something with $obj |
|
|
793 | |
|
|
794 | # now skip the optional comma |
|
|
795 | $json->incr_text =~ s/^ \s* , //x; |
|
|
796 | } |
|
|
797 | |
|
|
798 | Now lets go for a very complex example: Assume that you have a gigantic |
|
|
799 | JSON array-of-objects, many gigabytes in size, and you want to parse it, |
|
|
800 | but you cannot load it into memory fully (this has actually happened in |
|
|
801 | the real world :). |
|
|
802 | |
|
|
803 | Well, you lost, you have to implement your own JSON parser. But JSON::XS |
|
|
804 | can still help you: You implement a (very simple) array parser and let |
|
|
805 | JSON decode the array elements, which are all full JSON objects on their |
|
|
806 | own (this wouldn't work if the array elements could be JSON numbers, for |
|
|
807 | example): |
|
|
808 | |
|
|
809 | my $json = new JSON::XS; |
|
|
810 | |
|
|
811 | # open the monster |
|
|
812 | open my $fh, "<bigfile.json" |
|
|
813 | or die "bigfile: $!"; |
|
|
814 | |
|
|
815 | # first parse the initial "[" |
|
|
816 | for (;;) { |
|
|
817 | sysread $fh, my $buf, 65536 |
|
|
818 | or die "read error: $!"; |
|
|
819 | $json->incr_parse ($buf); # void context, so no parsing |
|
|
820 | |
|
|
821 | # Exit the loop once we found and removed(!) the initial "[". |
|
|
822 | # In essence, we are (ab-)using the $json object as a simple scalar |
|
|
823 | # we append data to. |
|
|
824 | last if $json->incr_text =~ s/^ \s* \[ //x; |
|
|
825 | } |
|
|
826 | |
|
|
827 | # now we have the skipped the initial "[", so continue |
|
|
828 | # parsing all the elements. |
|
|
829 | for (;;) { |
|
|
830 | # in this loop we read data until we got a single JSON object |
|
|
831 | for (;;) { |
|
|
832 | if (my $obj = $json->incr_parse) { |
|
|
833 | # do something with $obj |
|
|
834 | last; |
|
|
835 | } |
|
|
836 | |
|
|
837 | # add more data |
|
|
838 | sysread $fh, my $buf, 65536 |
|
|
839 | or die "read error: $!"; |
|
|
840 | $json->incr_parse ($buf); # void context, so no parsing |
|
|
841 | } |
|
|
842 | |
|
|
843 | # in this loop we read data until we either found and parsed the |
|
|
844 | # separating "," between elements, or the final "]" |
|
|
845 | for (;;) { |
|
|
846 | # first skip whitespace |
|
|
847 | $json->incr_text =~ s/^\s*//; |
|
|
848 | |
|
|
849 | # if we find "]", we are done |
|
|
850 | if ($json->incr_text =~ s/^\]//) { |
|
|
851 | print "finished.\n"; |
|
|
852 | exit; |
|
|
853 | } |
|
|
854 | |
|
|
855 | # if we find ",", we can continue with the next element |
|
|
856 | if ($json->incr_text =~ s/^,//) { |
|
|
857 | last; |
|
|
858 | } |
|
|
859 | |
|
|
860 | # if we find anything else, we have a parse error! |
|
|
861 | if (length $json->incr_text) { |
|
|
862 | die "parse error near ", $json->incr_text; |
|
|
863 | } |
|
|
864 | |
|
|
865 | # else add more data |
|
|
866 | sysread $fh, my $buf, 65536 |
|
|
867 | or die "read error: $!"; |
|
|
868 | $json->incr_parse ($buf); # void context, so no parsing |
|
|
869 | } |
|
|
870 | |
|
|
871 | This is a complex example, but most of the complexity comes from the |
|
|
872 | fact that we are trying to be correct (bear with me if I am wrong, I |
|
|
873 | never ran the above example :). |
| 350 | |
874 | |
| 351 | MAPPING |
875 | MAPPING |
| 352 | This section describes how JSON::XS maps Perl values to JSON values and |
876 | This section describes how JSON::XS maps Perl values to JSON values and |
| 353 | vice versa. These mappings are designed to "do the right thing" in most |
877 | vice versa. These mappings are designed to "do the right thing" in most |
| 354 | circumstances automatically, preserving round-tripping characteristics |
878 | circumstances automatically, preserving round-tripping characteristics |
| 355 | (what you put in comes out as something equivalent). |
879 | (what you put in comes out as something equivalent). |
| 356 | |
880 | |
| 357 | For the more enlightened: note that in the following descriptions, |
881 | For the more enlightened: note that in the following descriptions, |
| 358 | lowercase *perl* refers to the Perl interpreter, while uppcercase *Perl* |
882 | lowercase *perl* refers to the Perl interpreter, while uppercase *Perl* |
| 359 | refers to the abstract Perl language itself. |
883 | refers to the abstract Perl language itself. |
| 360 | |
884 | |
| 361 | JSON -> PERL |
885 | JSON -> PERL |
| 362 | object |
886 | object |
| 363 | A JSON object becomes a reference to a hash in Perl. No ordering of |
887 | A JSON object becomes a reference to a hash in Perl. No ordering of |
| 364 | object keys is preserved (JSON does not preserver object key |
888 | object keys is preserved (JSON does not preserve object key ordering |
| 365 | ordering itself). |
889 | itself). |
| 366 | |
890 | |
| 367 | array |
891 | array |
| 368 | A JSON array becomes a reference to an array in Perl. |
892 | A JSON array becomes a reference to an array in Perl. |
| 369 | |
893 | |
| 370 | string |
894 | string |
| 371 | A JSON string becomes a string scalar in Perl - Unicode codepoints |
895 | A JSON string becomes a string scalar in Perl - Unicode codepoints |
| 372 | in JSON are represented by the same codepoints in the Perl string, |
896 | in JSON are represented by the same codepoints in the Perl string, |
| 373 | so no manual decoding is necessary. |
897 | so no manual decoding is necessary. |
| 374 | |
898 | |
| 375 | number |
899 | number |
| 376 | A JSON number becomes either an integer or numeric (floating point) |
900 | A JSON number becomes either an integer, numeric (floating point) or |
| 377 | scalar in perl, depending on its range and any fractional parts. On |
901 | string scalar in perl, depending on its range and any fractional |
| 378 | the Perl level, there is no difference between those as Perl handles |
902 | parts. On the Perl level, there is no difference between those as |
| 379 | all the conversion details, but an integer may take slightly less |
903 | Perl handles all the conversion details, but an integer may take |
| 380 | memory and might represent more values exactly than (floating point) |
904 | slightly less memory and might represent more values exactly than |
|
|
905 | floating point numbers. |
|
|
906 | |
|
|
907 | If the number consists of digits only, JSON::XS will try to |
|
|
908 | represent it as an integer value. If that fails, it will try to |
|
|
909 | represent it as a numeric (floating point) value if that is possible |
|
|
910 | without loss of precision. Otherwise it will preserve the number as |
|
|
911 | a string value (in which case you lose roundtripping ability, as the |
|
|
912 | JSON number will be re-encoded to a JSON string). |
|
|
913 | |
|
|
914 | Numbers containing a fractional or exponential part will always be |
|
|
915 | represented as numeric (floating point) values, possibly at a loss |
|
|
916 | of precision (in which case you might lose perfect roundtripping |
|
|
917 | ability, but the JSON number will still be re-encoded as a JSON |
| 381 | numbers. |
918 | number). |
|
|
919 | |
|
|
920 | Note that precision is not accuracy - binary floating point values |
|
|
921 | cannot represent most decimal fractions exactly, and when converting |
|
|
922 | from and to floating point, JSON::XS only guarantees precision up to |
|
|
923 | but not including the least significant bit. |
| 382 | |
924 | |
| 383 | true, false |
925 | true, false |
| 384 | These JSON atoms become 0, 1, respectively. Information is lost in |
926 | These JSON atoms become "Types::Serialiser::true" and |
| 385 | this process. Future versions might represent those values |
927 | "Types::Serialiser::false", respectively. They are overloaded to act |
| 386 | differently, but they will be guarenteed to act like these integers |
928 | almost exactly like the numbers 1 and 0. You can check whether a |
| 387 | would normally in Perl. |
929 | scalar is a JSON boolean by using the "Types::Serialiser::is_bool" |
|
|
930 | function (after "use Types::Serialier", of course). |
| 388 | |
931 | |
| 389 | null |
932 | null |
| 390 | A JSON null atom becomes "undef" in Perl. |
933 | A JSON null atom becomes "undef" in Perl. |
|
|
934 | |
|
|
935 | shell-style comments ("# *text*") |
|
|
936 | As a nonstandard extension to the JSON syntax that is enabled by the |
|
|
937 | "relaxed" setting, shell-style comments are allowed. They can start |
|
|
938 | anywhere outside strings and go till the end of the line. |
|
|
939 | |
|
|
940 | tagged values ("(*tag*)*value*"). |
|
|
941 | Another nonstandard extension to the JSON syntax, enabled with the |
|
|
942 | "allow_tags" setting, are tagged values. In this implementation, the |
|
|
943 | *tag* must be a perl package/class name encoded as a JSON string, |
|
|
944 | and the *value* must be a JSON array encoding optional constructor |
|
|
945 | arguments. |
|
|
946 | |
|
|
947 | See "OBJECT SERIALISATION", below, for details. |
| 391 | |
948 | |
| 392 | PERL -> JSON |
949 | PERL -> JSON |
| 393 | The mapping from Perl to JSON is slightly more difficult, as Perl is a |
950 | The mapping from Perl to JSON is slightly more difficult, as Perl is a |
| 394 | truly typeless language, so we can only guess which JSON type is meant |
951 | truly typeless language, so we can only guess which JSON type is meant |
| 395 | by a Perl value. |
952 | by a Perl value. |
| 396 | |
953 | |
| 397 | hash references |
954 | hash references |
| 398 | Perl hash references become JSON objects. As there is no inherent |
955 | Perl hash references become JSON objects. As there is no inherent |
| 399 | ordering in hash keys (or JSON objects), they will usually be |
956 | ordering in hash keys (or JSON objects), they will usually be |
| 400 | encoded in a pseudo-random order that can change between runs of the |
957 | encoded in a pseudo-random order. JSON::XS can optionally sort the |
| 401 | same program but stays generally the same within a single run of a |
958 | hash keys (determined by the *canonical* flag), so the same |
| 402 | program. JSON::XS can optionally sort the hash keys (determined by |
959 | datastructure will serialise to the same JSON text (given same |
| 403 | the *canonical* flag), so the same datastructure will serialise to |
960 | settings and version of JSON::XS), but this incurs a runtime |
| 404 | the same JSON text (given same settings and version of JSON::XS), |
961 | overhead and is only rarely useful, e.g. when you want to compare |
| 405 | but this incurs a runtime overhead and is only rarely useful, e.g. |
962 | some JSON text against another for equality. |
| 406 | when you want to compare some JSON text against another for |
|
|
| 407 | equality. |
|
|
| 408 | |
963 | |
| 409 | array references |
964 | array references |
| 410 | Perl array references become JSON arrays. |
965 | Perl array references become JSON arrays. |
| 411 | |
966 | |
| 412 | other references |
967 | other references |
| 413 | Other unblessed references are generally not allowed and will cause |
968 | Other unblessed references are generally not allowed and will cause |
| 414 | an exception to be thrown, except for references to the integers 0 |
969 | an exception to be thrown, except for references to the integers 0 |
| 415 | and 1, which get turned into "false" and "true" atoms in JSON. You |
970 | and 1, which get turned into "false" and "true" atoms in JSON. |
| 416 | can also use "JSON::XS::false" and "JSON::XS::true" to improve |
971 | |
|
|
972 | Since "JSON::XS" uses the boolean model from Types::Serialiser, you |
|
|
973 | can also "use Types::Serialiser" and then use |
|
|
974 | "Types::Serialiser::false" and "Types::Serialiser::true" to improve |
| 417 | readability. |
975 | readability. |
| 418 | |
976 | |
|
|
977 | use Types::Serialiser; |
| 419 | to_json [\0,JSON::XS::true] # yields [false,true] |
978 | encode_json [\0, Types::Serialiser::true] # yields [false,true] |
|
|
979 | |
|
|
980 | Types::Serialiser::true, Types::Serialiser::false |
|
|
981 | These special values from the Types::Serialiser module become JSON |
|
|
982 | true and JSON false values, respectively. You can also use "\1" and |
|
|
983 | "\0" directly if you want. |
| 420 | |
984 | |
| 421 | blessed objects |
985 | blessed objects |
| 422 | Blessed objects are not allowed. JSON::XS currently tries to encode |
986 | Blessed objects are not directly representable in JSON, but |
| 423 | their underlying representation (hash- or arrayref), but this |
987 | "JSON::XS" allows various ways of handling objects. See "OBJECT |
| 424 | behaviour might change in future versions. |
988 | SERIALISATION", below, for details. |
| 425 | |
989 | |
| 426 | simple scalars |
990 | simple scalars |
| 427 | Simple Perl scalars (any scalar that is not a reference) are the |
991 | Simple Perl scalars (any scalar that is not a reference) are the |
| 428 | most difficult objects to encode: JSON::XS will encode undefined |
992 | most difficult objects to encode: JSON::XS will encode undefined |
| 429 | scalars as JSON null value, scalars that have last been used in a |
993 | scalars as JSON "null" values, scalars that have last been used in a |
| 430 | string context before encoding as JSON strings and anything else as |
994 | string context before encoding as JSON strings, and anything else as |
| 431 | number value: |
995 | number value: |
| 432 | |
996 | |
| 433 | # dump as number |
997 | # dump as number |
| 434 | to_json [2] # yields [2] |
998 | encode_json [2] # yields [2] |
| 435 | to_json [-3.0e17] # yields [-3e+17] |
999 | encode_json [-3.0e17] # yields [-3e+17] |
| 436 | my $value = 5; to_json [$value] # yields [5] |
1000 | my $value = 5; encode_json [$value] # yields [5] |
| 437 | |
1001 | |
| 438 | # used as string, so dump as string |
1002 | # used as string, so dump as string |
| 439 | print $value; |
1003 | print $value; |
| 440 | to_json [$value] # yields ["5"] |
1004 | encode_json [$value] # yields ["5"] |
| 441 | |
1005 | |
| 442 | # undef becomes null |
1006 | # undef becomes null |
| 443 | to_json [undef] # yields [null] |
1007 | encode_json [undef] # yields [null] |
| 444 | |
1008 | |
| 445 | You can force the type to be a string by stringifying it: |
1009 | You can force the type to be a JSON string by stringifying it: |
| 446 | |
1010 | |
| 447 | my $x = 3.1; # some variable containing a number |
1011 | my $x = 3.1; # some variable containing a number |
| 448 | "$x"; # stringified |
1012 | "$x"; # stringified |
| 449 | $x .= ""; # another, more awkward way to stringify |
1013 | $x .= ""; # another, more awkward way to stringify |
| 450 | print $x; # perl does it for you, too, quite often |
1014 | print $x; # perl does it for you, too, quite often |
| 451 | |
1015 | |
| 452 | You can force the type to be a number by numifying it: |
1016 | You can force the type to be a JSON number by numifying it: |
| 453 | |
1017 | |
| 454 | my $x = "3"; # some variable containing a string |
1018 | my $x = "3"; # some variable containing a string |
| 455 | $x += 0; # numify it, ensuring it will be dumped as a number |
1019 | $x += 0; # numify it, ensuring it will be dumped as a number |
| 456 | $x *= 1; # same thing, the choise is yours. |
1020 | $x *= 1; # same thing, the choice is yours. |
| 457 | |
1021 | |
| 458 | You can not currently output JSON booleans or force the type in |
1022 | You can not currently force the type in other, less obscure, ways. |
| 459 | other, less obscure, ways. Tell me if you need this capability. |
1023 | Tell me if you need this capability (but don't forget to explain why |
|
|
1024 | it's needed :). |
| 460 | |
1025 | |
| 461 | COMPARISON |
1026 | Note that numerical precision has the same meaning as under Perl (so |
| 462 | As already mentioned, this module was created because none of the |
1027 | binary to decimal conversion follows the same rules as in Perl, |
| 463 | existing JSON modules could be made to work correctly. First I will |
1028 | which can differ to other languages). Also, your perl interpreter |
| 464 | describe the problems (or pleasures) I encountered with various existing |
1029 | might expose extensions to the floating point numbers of your |
| 465 | JSON modules, followed by some benchmark values. JSON::XS was designed |
1030 | platform, such as infinities or NaN's - these cannot be represented |
| 466 | not to suffer from any of these problems or limitations. |
1031 | in JSON, and it is an error to pass those in. |
| 467 | |
1032 | |
| 468 | JSON 1.07 |
1033 | OBJECT SERIALISATION |
| 469 | Slow (but very portable, as it is written in pure Perl). |
1034 | As JSON cannot directly represent Perl objects, you have to choose |
|
|
1035 | between a pure JSON representation (without the ability to deserialise |
|
|
1036 | the object automatically again), and a nonstandard extension to the JSON |
|
|
1037 | syntax, tagged values. |
| 470 | |
1038 | |
| 471 | Undocumented/buggy Unicode handling (how JSON handles unicode values |
1039 | SERIALISATION |
| 472 | is undocumented. One can get far by feeding it unicode strings and |
1040 | What happens when "JSON::XS" encounters a Perl object depends on the |
| 473 | doing en-/decoding oneself, but unicode escapes are not working |
1041 | "allow_blessed", "convert_blessed" and "allow_tags" settings, which are |
|
|
1042 | used in this order: |
|
|
1043 | |
|
|
1044 | 1. "allow_tags" is enabled and the object has a "FREEZE" method. |
|
|
1045 | In this case, "JSON::XS" uses the Types::Serialiser object |
|
|
1046 | serialisation protocol to create a tagged JSON value, using a |
|
|
1047 | nonstandard extension to the JSON syntax. |
|
|
1048 | |
|
|
1049 | This works by invoking the "FREEZE" method on the object, with the |
|
|
1050 | first argument being the object to serialise, and the second |
|
|
1051 | argument being the constant string "JSON" to distinguish it from |
|
|
1052 | other serialisers. |
|
|
1053 | |
|
|
1054 | The "FREEZE" method can return any number of values (i.e. zero or |
|
|
1055 | more). These values and the paclkage/classname of the object will |
|
|
1056 | then be encoded as a tagged JSON value in the following format: |
|
|
1057 | |
|
|
1058 | ("classname")[FREEZE return values...] |
|
|
1059 | |
|
|
1060 | e.g.: |
|
|
1061 | |
|
|
1062 | ("URI")["http://www.google.com/"] |
|
|
1063 | ("MyDate")[2013,10,29] |
|
|
1064 | ("ImageData::JPEG")["Z3...VlCg=="] |
|
|
1065 | |
|
|
1066 | For example, the hypothetical "My::Object" "FREEZE" method might use |
|
|
1067 | the objects "type" and "id" members to encode the object: |
|
|
1068 | |
|
|
1069 | sub My::Object::FREEZE { |
|
|
1070 | my ($self, $serialiser) = @_; |
|
|
1071 | |
|
|
1072 | ($self->{type}, $self->{id}) |
|
|
1073 | } |
|
|
1074 | |
|
|
1075 | 2. "convert_blessed" is enabled and the object has a "TO_JSON" method. |
|
|
1076 | In this case, the "TO_JSON" method of the object is invoked in |
|
|
1077 | scalar context. It must return a single scalar that can be directly |
|
|
1078 | encoded into JSON. This scalar replaces the object in the JSON text. |
|
|
1079 | |
|
|
1080 | For example, the following "TO_JSON" method will convert all URI |
|
|
1081 | objects to JSON strings when serialised. The fatc that these values |
|
|
1082 | originally were URI objects is lost. |
|
|
1083 | |
|
|
1084 | sub URI::TO_JSON { |
|
|
1085 | my ($uri) = @_; |
|
|
1086 | $uri->as_string |
|
|
1087 | } |
|
|
1088 | |
|
|
1089 | 3. "allow_blessed" is enabled. |
|
|
1090 | The object will be serialised as a JSON null value. |
|
|
1091 | |
|
|
1092 | 4. none of the above |
|
|
1093 | If none of the settings are enabled or the respective methods are |
|
|
1094 | missing, "JSON::XS" throws an exception. |
|
|
1095 | |
|
|
1096 | DESERIALISATION |
|
|
1097 | For deserialisation there are only two cases to consider: either |
|
|
1098 | nonstandard tagging was used, in which case "allow_tags" decides, or |
|
|
1099 | objects cannot be automatically be deserialised, in which case you can |
|
|
1100 | use postprocessing or the "filter_json_object" or |
|
|
1101 | "filter_json_single_key_object" callbacks to get some real objects our |
|
|
1102 | of your JSON. |
|
|
1103 | |
|
|
1104 | This section only considers the tagged value case: I a tagged JSON |
|
|
1105 | object is encountered during decoding and "allow_tags" is disabled, a |
|
|
1106 | parse error will result (as if tagged values were not part of the |
|
|
1107 | grammar). |
|
|
1108 | |
|
|
1109 | If "allow_tags" is enabled, "JSON::XS" will look up the "THAW" method of |
|
|
1110 | the package/classname used during serialisation (it will not attempt to |
|
|
1111 | load the package as a Perl module). If there is no such method, the |
|
|
1112 | decoding will fail with an error. |
|
|
1113 | |
|
|
1114 | Otherwise, the "THAW" method is invoked with the classname as first |
|
|
1115 | argument, the constant string "JSON" as second argument, and all the |
|
|
1116 | values from the JSON array (the values originally returned by the |
|
|
1117 | "FREEZE" method) as remaining arguments. |
|
|
1118 | |
|
|
1119 | The method must then return the object. While technically you can return |
|
|
1120 | any Perl scalar, you might have to enable the "enable_nonref" setting to |
|
|
1121 | make that work in all cases, so better return an actual blessed |
|
|
1122 | reference. |
|
|
1123 | |
|
|
1124 | As an example, let's implement a "THAW" function that regenerates the |
|
|
1125 | "My::Object" from the "FREEZE" example earlier: |
|
|
1126 | |
|
|
1127 | sub My::Object::THAW { |
|
|
1128 | my ($class, $serialiser, $type, $id) = @_; |
|
|
1129 | |
|
|
1130 | $class->new (type => $type, id => $id) |
|
|
1131 | } |
|
|
1132 | |
|
|
1133 | ENCODING/CODESET FLAG NOTES |
|
|
1134 | The interested reader might have seen a number of flags that signify |
|
|
1135 | encodings or codesets - "utf8", "latin1" and "ascii". There seems to be |
|
|
1136 | some confusion on what these do, so here is a short comparison: |
|
|
1137 | |
|
|
1138 | "utf8" controls whether the JSON text created by "encode" (and expected |
|
|
1139 | by "decode") is UTF-8 encoded or not, while "latin1" and "ascii" only |
|
|
1140 | control whether "encode" escapes character values outside their |
|
|
1141 | respective codeset range. Neither of these flags conflict with each |
|
|
1142 | other, although some combinations make less sense than others. |
|
|
1143 | |
|
|
1144 | Care has been taken to make all flags symmetrical with respect to |
|
|
1145 | "encode" and "decode", that is, texts encoded with any combination of |
|
|
1146 | these flag values will be correctly decoded when the same flags are used |
|
|
1147 | - in general, if you use different flag settings while encoding vs. when |
|
|
1148 | decoding you likely have a bug somewhere. |
|
|
1149 | |
|
|
1150 | Below comes a verbose discussion of these flags. Note that a "codeset" |
|
|
1151 | is simply an abstract set of character-codepoint pairs, while an |
|
|
1152 | encoding takes those codepoint numbers and *encodes* them, in our case |
|
|
1153 | into octets. Unicode is (among other things) a codeset, UTF-8 is an |
|
|
1154 | encoding, and ISO-8859-1 (= latin 1) and ASCII are both codesets *and* |
|
|
1155 | encodings at the same time, which can be confusing. |
|
|
1156 | |
|
|
1157 | "utf8" flag disabled |
|
|
1158 | When "utf8" is disabled (the default), then "encode"/"decode" |
|
|
1159 | generate and expect Unicode strings, that is, characters with high |
|
|
1160 | ordinal Unicode values (> 255) will be encoded as such characters, |
|
|
1161 | and likewise such characters are decoded as-is, no changes to them |
|
|
1162 | will be done, except "(re-)interpreting" them as Unicode codepoints |
|
|
1163 | or Unicode characters, respectively (to Perl, these are the same |
|
|
1164 | thing in strings unless you do funny/weird/dumb stuff). |
|
|
1165 | |
|
|
1166 | This is useful when you want to do the encoding yourself (e.g. when |
|
|
1167 | you want to have UTF-16 encoded JSON texts) or when some other layer |
|
|
1168 | does the encoding for you (for example, when printing to a terminal |
|
|
1169 | using a filehandle that transparently encodes to UTF-8 you certainly |
|
|
1170 | do NOT want to UTF-8 encode your data first and have Perl encode it |
|
|
1171 | another time). |
|
|
1172 | |
|
|
1173 | "utf8" flag enabled |
|
|
1174 | If the "utf8"-flag is enabled, "encode"/"decode" will encode all |
|
|
1175 | characters using the corresponding UTF-8 multi-byte sequence, and |
|
|
1176 | will expect your input strings to be encoded as UTF-8, that is, no |
|
|
1177 | "character" of the input string must have any value > 255, as UTF-8 |
|
|
1178 | does not allow that. |
|
|
1179 | |
|
|
1180 | The "utf8" flag therefore switches between two modes: disabled means |
|
|
1181 | you will get a Unicode string in Perl, enabled means you get an |
|
|
1182 | UTF-8 encoded octet/binary string in Perl. |
|
|
1183 | |
|
|
1184 | "latin1" or "ascii" flags enabled |
|
|
1185 | With "latin1" (or "ascii") enabled, "encode" will escape characters |
|
|
1186 | with ordinal values > 255 (> 127 with "ascii") and encode the |
|
|
1187 | remaining characters as specified by the "utf8" flag. |
|
|
1188 | |
|
|
1189 | If "utf8" is disabled, then the result is also correctly encoded in |
|
|
1190 | those character sets (as both are proper subsets of Unicode, meaning |
|
|
1191 | that a Unicode string with all character values < 256 is the same |
|
|
1192 | thing as a ISO-8859-1 string, and a Unicode string with all |
|
|
1193 | character values < 128 is the same thing as an ASCII string in |
| 474 | properly). |
1194 | Perl). |
| 475 | |
1195 | |
| 476 | No roundtripping (strings get clobbered if they look like numbers, |
1196 | If "utf8" is enabled, you still get a correct UTF-8-encoded string, |
| 477 | e.g. the string 2.0 will encode to 2.0 instead of "2.0", and that |
1197 | regardless of these flags, just some more characters will be escaped |
| 478 | will decode into the number 2. |
1198 | using "\uXXXX" then before. |
| 479 | |
1199 | |
| 480 | JSON::PC 0.01 |
1200 | Note that ISO-8859-1-*encoded* strings are not compatible with UTF-8 |
| 481 | Very fast. |
1201 | encoding, while ASCII-encoded strings are. That is because the |
|
|
1202 | ISO-8859-1 encoding is NOT a subset of UTF-8 (despite the ISO-8859-1 |
|
|
1203 | *codeset* being a subset of Unicode), while ASCII is. |
| 482 | |
1204 | |
| 483 | Undocumented/buggy Unicode handling. |
1205 | Surprisingly, "decode" will ignore these flags and so treat all |
|
|
1206 | input values as governed by the "utf8" flag. If it is disabled, this |
|
|
1207 | allows you to decode ISO-8859-1- and ASCII-encoded strings, as both |
|
|
1208 | strict subsets of Unicode. If it is enabled, you can correctly |
|
|
1209 | decode UTF-8 encoded strings. |
| 484 | |
1210 | |
| 485 | No roundtripping. |
1211 | So neither "latin1" nor "ascii" are incompatible with the "utf8" |
|
|
1212 | flag - they only govern when the JSON output engine escapes a |
|
|
1213 | character or not. |
| 486 | |
1214 | |
| 487 | Has problems handling many Perl values (e.g. regex results and other |
1215 | The main use for "latin1" is to relatively efficiently store binary |
| 488 | magic values will make it croak). |
1216 | data as JSON, at the expense of breaking compatibility with most |
|
|
1217 | JSON decoders. |
| 489 | |
1218 | |
| 490 | Does not even generate valid JSON ("{1,2}" gets converted to "{1:2}" |
1219 | The main use for "ascii" is to force the output to not contain |
| 491 | which is not a valid JSON text. |
1220 | characters with values > 127, which means you can interpret the |
|
|
1221 | resulting string as UTF-8, ISO-8859-1, ASCII, KOI8-R or most about |
|
|
1222 | any character set and 8-bit-encoding, and still get the same data |
|
|
1223 | structure back. This is useful when your channel for JSON transfer |
|
|
1224 | is not 8-bit clean or the encoding might be mangled in between (e.g. |
|
|
1225 | in mail), and works because ASCII is a proper subset of most 8-bit |
|
|
1226 | and multibyte encodings in use in the world. |
| 492 | |
1227 | |
| 493 | Unmaintained (maintainer unresponsive for many months, bugs are not |
1228 | JSON and ECMAscript |
| 494 | getting fixed). |
1229 | JSON syntax is based on how literals are represented in javascript (the |
|
|
1230 | not-standardised predecessor of ECMAscript) which is presumably why it |
|
|
1231 | is called "JavaScript Object Notation". |
| 495 | |
1232 | |
| 496 | JSON::Syck 0.21 |
1233 | However, JSON is not a subset (and also not a superset of course) of |
| 497 | Very buggy (often crashes). |
1234 | ECMAscript (the standard) or javascript (whatever browsers actually |
|
|
1235 | implement). |
| 498 | |
1236 | |
| 499 | Very inflexible (no human-readable format supported, format pretty |
1237 | If you want to use javascript's "eval" function to "parse" JSON, you |
| 500 | much undocumented. I need at least a format for easy reading by |
1238 | might run into parse errors for valid JSON texts, or the resulting data |
| 501 | humans and a single-line compact format for use in a protocol, and |
1239 | structure might not be queryable: |
| 502 | preferably a way to generate ASCII-only JSON texts). |
|
|
| 503 | |
1240 | |
| 504 | Completely broken (and confusingly documented) Unicode handling |
1241 | One of the problems is that U+2028 and U+2029 are valid characters |
| 505 | (unicode escapes are not working properly, you need to set |
1242 | inside JSON strings, but are not allowed in ECMAscript string literals, |
| 506 | ImplicitUnicode to *different* values on en- and decoding to get |
1243 | so the following Perl fragment will not output something that can be |
| 507 | symmetric behaviour). |
1244 | guaranteed to be parsable by javascript's "eval": |
| 508 | |
1245 | |
| 509 | No roundtripping (simple cases work, but this depends on wether the |
1246 | use JSON::XS; |
| 510 | scalar value was used in a numeric context or not). |
|
|
| 511 | |
1247 | |
| 512 | Dumping hashes may skip hash values depending on iterator state. |
1248 | print encode_json [chr 0x2028]; |
| 513 | |
1249 | |
| 514 | Unmaintained (maintainer unresponsive for many months, bugs are not |
1250 | The right fix for this is to use a proper JSON parser in your javascript |
| 515 | getting fixed). |
1251 | programs, and not rely on "eval" (see for example Douglas Crockford's |
|
|
1252 | json2.js parser). |
| 516 | |
1253 | |
| 517 | Does not check input for validity (i.e. will accept non-JSON input |
1254 | If this is not an option, you can, as a stop-gap measure, simply encode |
| 518 | and return "something" instead of raising an exception. This is a |
1255 | to ASCII-only JSON: |
| 519 | security issue: imagine two banks transfering money between each |
|
|
| 520 | other using JSON. One bank might parse a given non-JSON request and |
|
|
| 521 | deduct money, while the other might reject the transaction with a |
|
|
| 522 | syntax error. While a good protocol will at least recover, that is |
|
|
| 523 | extra unnecessary work and the transaction will still not succeed). |
|
|
| 524 | |
1256 | |
| 525 | JSON::DWIW 0.04 |
1257 | use JSON::XS; |
| 526 | Very fast. Very natural. Very nice. |
|
|
| 527 | |
1258 | |
| 528 | Undocumented unicode handling (but the best of the pack. Unicode |
1259 | print JSON::XS->new->ascii->encode ([chr 0x2028]); |
| 529 | escapes still don't get parsed properly). |
|
|
| 530 | |
1260 | |
| 531 | Very inflexible. |
1261 | Note that this will enlarge the resulting JSON text quite a bit if you |
|
|
1262 | have many non-ASCII characters. You might be tempted to run some regexes |
|
|
1263 | to only escape U+2028 and U+2029, e.g.: |
| 532 | |
1264 | |
| 533 | No roundtripping. |
1265 | # DO NOT USE THIS! |
|
|
1266 | my $json = JSON::XS->new->utf8->encode ([chr 0x2028]); |
|
|
1267 | $json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028 |
|
|
1268 | $json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029 |
|
|
1269 | print $json; |
| 534 | |
1270 | |
| 535 | Does not generate valid JSON texts (key strings are often unquoted, |
1271 | Note that *this is a bad idea*: the above only works for U+2028 and |
| 536 | empty keys result in nothing being output) |
1272 | U+2029 and thus only for fully ECMAscript-compliant parsers. Many |
|
|
1273 | existing javascript implementations, however, have issues with other |
|
|
1274 | characters as well - using "eval" naively simply *will* cause problems. |
| 537 | |
1275 | |
| 538 | Does not check input for validity. |
1276 | Another problem is that some javascript implementations reserve some |
|
|
1277 | property names for their own purposes (which probably makes them |
|
|
1278 | non-ECMAscript-compliant). For example, Iceweasel reserves the |
|
|
1279 | "__proto__" property name for its own purposes. |
|
|
1280 | |
|
|
1281 | If that is a problem, you could parse try to filter the resulting JSON |
|
|
1282 | output for these property strings, e.g.: |
|
|
1283 | |
|
|
1284 | $json =~ s/"__proto__"\s*:/"__proto__renamed":/g; |
|
|
1285 | |
|
|
1286 | This works because "__proto__" is not valid outside of strings, so every |
|
|
1287 | occurrence of ""__proto__"\s*:" must be a string used as property name. |
|
|
1288 | |
|
|
1289 | If you know of other incompatibilities, please let me know. |
|
|
1290 | |
|
|
1291 | JSON and YAML |
|
|
1292 | You often hear that JSON is a subset of YAML. This is, however, a mass |
|
|
1293 | hysteria(*) and very far from the truth (as of the time of this |
|
|
1294 | writing), so let me state it clearly: *in general, there is no way to |
|
|
1295 | configure JSON::XS to output a data structure as valid YAML* that works |
|
|
1296 | in all cases. |
|
|
1297 | |
|
|
1298 | If you really must use JSON::XS to generate YAML, you should use this |
|
|
1299 | algorithm (subject to change in future versions): |
|
|
1300 | |
|
|
1301 | my $to_yaml = JSON::XS->new->utf8->space_after (1); |
|
|
1302 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
|
|
1303 | |
|
|
1304 | This will *usually* generate JSON texts that also parse as valid YAML. |
|
|
1305 | Please note that YAML has hardcoded limits on (simple) object key |
|
|
1306 | lengths that JSON doesn't have and also has different and incompatible |
|
|
1307 | unicode character escape syntax, so you should make sure that your hash |
|
|
1308 | keys are noticeably shorter than the 1024 "stream characters" YAML |
|
|
1309 | allows and that you do not have characters with codepoint values outside |
|
|
1310 | the Unicode BMP (basic multilingual page). YAML also does not allow "\/" |
|
|
1311 | sequences in strings (which JSON::XS does not *currently* generate, but |
|
|
1312 | other JSON generators might). |
|
|
1313 | |
|
|
1314 | There might be other incompatibilities that I am not aware of (or the |
|
|
1315 | YAML specification has been changed yet again - it does so quite often). |
|
|
1316 | In general you should not try to generate YAML with a JSON generator or |
|
|
1317 | vice versa, or try to parse JSON with a YAML parser or vice versa: |
|
|
1318 | chances are high that you will run into severe interoperability problems |
|
|
1319 | when you least expect it. |
|
|
1320 | |
|
|
1321 | (*) I have been pressured multiple times by Brian Ingerson (one of the |
|
|
1322 | authors of the YAML specification) to remove this paragraph, despite |
|
|
1323 | him acknowledging that the actual incompatibilities exist. As I was |
|
|
1324 | personally bitten by this "JSON is YAML" lie, I refused and said I |
|
|
1325 | will continue to educate people about these issues, so others do not |
|
|
1326 | run into the same problem again and again. After this, Brian called |
|
|
1327 | me a (quote)*complete and worthless idiot*(unquote). |
|
|
1328 | |
|
|
1329 | In my opinion, instead of pressuring and insulting people who |
|
|
1330 | actually clarify issues with YAML and the wrong statements of some |
|
|
1331 | of its proponents, I would kindly suggest reading the JSON spec |
|
|
1332 | (which is not that difficult or long) and finally make YAML |
|
|
1333 | compatible to it, and educating users about the changes, instead of |
|
|
1334 | spreading lies about the real compatibility for many *years* and |
|
|
1335 | trying to silence people who point out that it isn't true. |
|
|
1336 | |
|
|
1337 | Addendum/2009: the YAML 1.2 spec is still incompatible with JSON, |
|
|
1338 | even though the incompatibilities have been documented (and are |
|
|
1339 | known to Brian) for many years and the spec makes explicit claims |
|
|
1340 | that YAML is a superset of JSON. It would be so easy to fix, but |
|
|
1341 | apparently, bullying people and corrupting userdata is so much |
|
|
1342 | easier. |
| 539 | |
1343 | |
| 540 | SPEED |
1344 | SPEED |
| 541 | It seems that JSON::XS is surprisingly fast, as shown in the following |
1345 | It seems that JSON::XS is surprisingly fast, as shown in the following |
| 542 | tables. They have been generated with the help of the "eg/bench" program |
1346 | tables. They have been generated with the help of the "eg/bench" program |
| 543 | in the JSON::XS distribution, to make it easy to compare on your own |
1347 | in the JSON::XS distribution, to make it easy to compare on your own |
| 544 | system. |
1348 | system. |
| 545 | |
1349 | |
| 546 | First comes a comparison between various modules using a very short |
1350 | First comes a comparison between various modules using a very short |
| 547 | single-line JSON string: |
1351 | single-line JSON string (also available at |
|
|
1352 | <http://dist.schmorp.de/misc/json/short.json>). |
| 548 | |
1353 | |
| 549 | {"method": "handleMessage", "params": ["user1", "we were just talking"], \ |
1354 | {"method": "handleMessage", "params": ["user1", |
| 550 | "id": null, "array":[1,11,234,-5,1e5,1e7, true, false]} |
1355 | "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7, |
|
|
1356 | 1, 0]} |
| 551 | |
1357 | |
| 552 | It shows the number of encodes/decodes per second (JSON::XS uses the |
1358 | It shows the number of encodes/decodes per second (JSON::XS uses the |
| 553 | functional interface, while JSON::XS/2 uses the OO interface with |
1359 | functional interface, while JSON::XS/2 uses the OO interface with |
| 554 | pretty-printing and hashkey sorting enabled). Higher is better: |
1360 | pretty-printing and hashkey sorting enabled, JSON::XS/3 enables shrink. |
|
|
1361 | JSON::DWIW/DS uses the deserialise function, while JSON::DWIW::FJ uses |
|
|
1362 | the from_json method). Higher is better: |
| 555 | |
1363 | |
| 556 | module | encode | decode | |
1364 | module | encode | decode | |
| 557 | -----------|------------|------------| |
1365 | --------------|------------|------------| |
| 558 | JSON | 7645.468 | 4208.613 | |
1366 | JSON::DWIW/DS | 86302.551 | 102300.098 | |
| 559 | JSON::DWIW | 68534.379 | 79437.576 | |
1367 | JSON::DWIW/FJ | 86302.551 | 75983.768 | |
| 560 | JSON::PC | 65948.176 | 78251.940 | |
1368 | JSON::PP | 15827.562 | 6638.658 | |
| 561 | JSON::Syck | 23379.621 | 28416.694 | |
1369 | JSON::Syck | 63358.066 | 47662.545 | |
| 562 | JSON::XS | 388361.481 | 199728.762 | |
1370 | JSON::XS | 511500.488 | 511500.488 | |
| 563 | JSON::XS/2 | 218453.333 | 192399.266 | |
1371 | JSON::XS/2 | 291271.111 | 388361.481 | |
| 564 | JSON::XS/3 | 338250.323 | 192399.266 | |
1372 | JSON::XS/3 | 361577.931 | 361577.931 | |
| 565 | Storable | 15732.573 | 28571.553 | |
1373 | Storable | 66788.280 | 265462.278 | |
| 566 | -----------+------------+------------+ |
1374 | --------------+------------+------------+ |
| 567 | |
1375 | |
| 568 | That is, JSON::XS is about five times faster than JSON::DWIW on |
1376 | That is, JSON::XS is almost six times faster than JSON::DWIW on |
| 569 | encoding, about three times faster on decoding, and over fourty times |
1377 | encoding, about five times faster on decoding, and over thirty to |
| 570 | faster than JSON, even with pretty-printing and key sorting. It also |
1378 | seventy times faster than JSON's pure perl implementation. It also |
| 571 | compares favourably to Storable for small amounts of data. |
1379 | compares favourably to Storable for small amounts of data. |
| 572 | |
1380 | |
| 573 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
1381 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
| 574 | search API (http://nanoref.com/yahooapis/mgPdGg): |
1382 | search API (<http://dist.schmorp.de/misc/json/long.json>). |
| 575 | |
1383 | |
| 576 | module | encode | decode | |
1384 | module | encode | decode | |
| 577 | -----------|------------|------------| |
1385 | --------------|------------|------------| |
| 578 | JSON | 254.685 | 37.665 | |
1386 | JSON::DWIW/DS | 1647.927 | 2673.916 | |
| 579 | JSON::DWIW | 1014.244 | 1087.678 | |
1387 | JSON::DWIW/FJ | 1630.249 | 2596.128 | |
| 580 | JSON::PC | 3602.116 | 2307.352 | |
1388 | JSON::PP | 400.640 | 62.311 | |
| 581 | JSON::Syck | 558.035 | 776.263 | |
1389 | JSON::Syck | 1481.040 | 1524.869 | |
| 582 | JSON::XS | 5747.196 | 3543.684 | |
1390 | JSON::XS | 20661.596 | 9541.183 | |
| 583 | JSON::XS/2 | 3968.121 | 3589.170 | |
1391 | JSON::XS/2 | 10683.403 | 9416.938 | |
| 584 | JSON::XS/3 | 6105.246 | 3561.134 | |
1392 | JSON::XS/3 | 20661.596 | 9400.054 | |
| 585 | Storable | 4456.337 | 5320.020 | |
1393 | Storable | 19765.806 | 10000.725 | |
| 586 | -----------+------------+------------+ |
1394 | --------------+------------+------------+ |
| 587 | |
1395 | |
| 588 | Again, JSON::XS leads by far. |
1396 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
|
|
1397 | decodes a bit faster). |
| 589 | |
1398 | |
| 590 | On large strings containing lots of high unicode characters, some |
1399 | On large strings containing lots of high Unicode characters, some |
| 591 | modules (such as JSON::PC) seem to decode faster than JSON::XS, but the |
1400 | modules (such as JSON::PC) seem to decode faster than JSON::XS, but the |
| 592 | result will be broken due to missing (or wrong) unicode handling. Others |
1401 | result will be broken due to missing (or wrong) Unicode handling. Others |
| 593 | refuse to decode or encode properly, so it was impossible to prepare a |
1402 | refuse to decode or encode properly, so it was impossible to prepare a |
| 594 | fair comparison table for that case. |
1403 | fair comparison table for that case. |
| 595 | |
1404 | |
| 596 | SECURITY CONSIDERATIONS |
1405 | SECURITY CONSIDERATIONS |
| 597 | When you are using JSON in a protocol, talking to untrusted potentially |
1406 | When you are using JSON in a protocol, talking to untrusted potentially |
| … | |
… | |
| 601 | have any buffer overflows. Obviously, this module should ensure that and |
1410 | have any buffer overflows. Obviously, this module should ensure that and |
| 602 | I am trying hard on making that true, but you never know. |
1411 | I am trying hard on making that true, but you never know. |
| 603 | |
1412 | |
| 604 | Second, you need to avoid resource-starving attacks. That means you |
1413 | Second, you need to avoid resource-starving attacks. That means you |
| 605 | should limit the size of JSON texts you accept, or make sure then when |
1414 | should limit the size of JSON texts you accept, or make sure then when |
| 606 | your resources run out, thats just fine (e.g. by using a separate |
1415 | your resources run out, that's just fine (e.g. by using a separate |
| 607 | process that can crash safely). The size of a JSON text in octets or |
1416 | process that can crash safely). The size of a JSON text in octets or |
| 608 | characters is usually a good indication of the size of the resources |
1417 | characters is usually a good indication of the size of the resources |
| 609 | required to decode it into a Perl structure. |
1418 | required to decode it into a Perl structure. While JSON::XS can check |
|
|
1419 | the size of the JSON text, it might be too late when you already have it |
|
|
1420 | in memory, so you might want to check the size before you accept the |
|
|
1421 | string. |
| 610 | |
1422 | |
| 611 | Third, JSON::XS recurses using the C stack when decoding objects and |
1423 | Third, JSON::XS recurses using the C stack when decoding objects and |
| 612 | arrays. The C stack is a limited resource: for instance, on my amd64 |
1424 | arrays. The C stack is a limited resource: for instance, on my amd64 |
| 613 | machine with 8MB of stack size I can decode around 180k nested arrays |
1425 | machine with 8MB of stack size I can decode around 180k nested arrays |
| 614 | but only 14k nested JSON objects (due to perl itself recursing deeply on |
1426 | but only 14k nested JSON objects (due to perl itself recursing deeply on |
| 615 | croak to free the temporary). If that is exceeded, the program crashes. |
1427 | croak to free the temporary). If that is exceeded, the program crashes. |
| 616 | to be conservative, the default nesting limit is set to 512. If your |
1428 | To be conservative, the default nesting limit is set to 512. If your |
| 617 | process has a smaller stack, you should adjust this setting accordingly |
1429 | process has a smaller stack, you should adjust this setting accordingly |
| 618 | with the "max_depth" method. |
1430 | with the "max_depth" method. |
| 619 | |
1431 | |
| 620 | And last but least, something else could bomb you that I forgot to think |
1432 | Something else could bomb you, too, that I forgot to think of. In that |
| 621 | of. In that case, you get to keep the pieces. I am always open for |
1433 | case, you get to keep the pieces. I am always open for hints, though... |
| 622 | hints, though... |
1434 | |
|
|
1435 | Also keep in mind that JSON::XS might leak contents of your Perl data |
|
|
1436 | structures in its error messages, so when you serialise sensitive |
|
|
1437 | information you might want to make sure that exceptions thrown by |
|
|
1438 | JSON::XS will not end up in front of untrusted eyes. |
|
|
1439 | |
|
|
1440 | If you are using JSON::XS to return packets to consumption by JavaScript |
|
|
1441 | scripts in a browser you should have a look at |
|
|
1442 | <http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> |
|
|
1443 | to see whether you are vulnerable to some common attack vectors (which |
|
|
1444 | really are browser design bugs, but it is still you who will have to |
|
|
1445 | deal with it, as major browser developers care only for features, not |
|
|
1446 | about getting security right). |
|
|
1447 | |
|
|
1448 | "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159) |
|
|
1449 | TL;DR: Due to security concerns, JSON::XS will not allow scalar data in |
|
|
1450 | JSON texts by default - you need to create your own JSON::XS object and |
|
|
1451 | enable "allow_nonref": |
|
|
1452 | |
|
|
1453 | my $json = JSON::XS->new->allow_nonref; |
|
|
1454 | |
|
|
1455 | $text = $json->encode ($data); |
|
|
1456 | $data = $json->decode ($text); |
|
|
1457 | |
|
|
1458 | The long version: JSON being an important and supposedly stable format, |
|
|
1459 | the IETF standardised it as RFC 4627 in 2006. Unfortunately, the |
|
|
1460 | inventor of JSON, Dougles Crockford, unilaterally changed the definition |
|
|
1461 | of JSON in javascript. Rather than create a fork, the IETF decided to |
|
|
1462 | standardise the new syntax (apparently, so Iw as told, without finding |
|
|
1463 | it very amusing). |
|
|
1464 | |
|
|
1465 | The biggest difference between thed original JSON and the new JSON is |
|
|
1466 | that the new JSON supports scalars (anything other than arrays and |
|
|
1467 | objects) at the toplevel of a JSON text. While this is strictly |
|
|
1468 | backwards compatible to older versions, it breaks a number of protocols |
|
|
1469 | that relied on sending JSON back-to-back, and is a minor security |
|
|
1470 | concern. |
|
|
1471 | |
|
|
1472 | For example, imagine you have two banks communicating, and on one side, |
|
|
1473 | trhe JSON coder gets upgraded. Two messages, such as 10 and 1000 might |
|
|
1474 | then be confused to mean 101000, something that couldn't happen in the |
|
|
1475 | original JSON, because niether of these messages would be valid JSON. |
|
|
1476 | |
|
|
1477 | If one side accepts these messages, then an upgrade in the coder on |
|
|
1478 | either side could result in this becoming exploitable. |
|
|
1479 | |
|
|
1480 | This module has always allowed these messages as an optional extension, |
|
|
1481 | by default disabled. The security concerns are the reason why the |
|
|
1482 | default is still disabled, but future versions might/will likely upgrade |
|
|
1483 | to the newer RFC as default format, so you are advised to check your |
|
|
1484 | implementation and/or override the default with "->allow_nonref (0)" to |
|
|
1485 | ensure that future versions are safe. |
|
|
1486 | |
|
|
1487 | INTEROPERABILITY WITH OTHER MODULES |
|
|
1488 | "JSON::XS" uses the Types::Serialiser module to provide boolean |
|
|
1489 | constants. That means that the JSON true and false values will be |
|
|
1490 | comaptible to true and false values of other modules that do the same, |
|
|
1491 | such as JSON::PP and CBOR::XS. |
|
|
1492 | |
|
|
1493 | INTEROPERABILITY WITH OTHER JSON DECODERS |
|
|
1494 | As long as you only serialise data that can be directly expressed in |
|
|
1495 | JSON, "JSON::XS" is incapable of generating invalid JSON output (modulo |
|
|
1496 | bugs, but "JSON::XS" has found more bugs in the official JSON testsuite |
|
|
1497 | (1) than the official JSON testsuite has found in "JSON::XS" (0)). |
|
|
1498 | |
|
|
1499 | When you have trouble decoding JSON generated by this module using other |
|
|
1500 | decoders, then it is very likely that you have an encoding mismatch or |
|
|
1501 | the other decoder is broken. |
|
|
1502 | |
|
|
1503 | When decoding, "JSON::XS" is strict by default and will likely catch all |
|
|
1504 | errors. There are currently two settings that change this: "relaxed" |
|
|
1505 | makes "JSON::XS" accept (but not generate) some non-standard extensions, |
|
|
1506 | and "allow_tags" will allow you to encode and decode Perl objects, at |
|
|
1507 | the cost of not outputting valid JSON anymore. |
|
|
1508 | |
|
|
1509 | TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS |
|
|
1510 | When you use "allow_tags" to use the extended (and also nonstandard and |
|
|
1511 | invalid) JSON syntax for serialised objects, and you still want to |
|
|
1512 | decode the generated When you want to serialise objects, you can run a |
|
|
1513 | regex to replace the tagged syntax by standard JSON arrays (it only |
|
|
1514 | works for "normal" package names without comma, newlines or single |
|
|
1515 | colons). First, the readable Perl version: |
|
|
1516 | |
|
|
1517 | # if your FREEZE methods return no values, you need this replace first: |
|
|
1518 | $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx; |
|
|
1519 | |
|
|
1520 | # this works for non-empty constructor arg lists: |
|
|
1521 | $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx; |
|
|
1522 | |
|
|
1523 | And here is a less readable version that is easy to adapt to other |
|
|
1524 | languages: |
|
|
1525 | |
|
|
1526 | $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g; |
|
|
1527 | |
|
|
1528 | Here is an ECMAScript version (same regex): |
|
|
1529 | |
|
|
1530 | json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,"); |
|
|
1531 | |
|
|
1532 | Since this syntax converts to standard JSON arrays, it might be hard to |
|
|
1533 | distinguish serialised objects from normal arrays. You can prepend a |
|
|
1534 | "magic number" as first array element to reduce chances of a collision: |
|
|
1535 | |
|
|
1536 | $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g; |
|
|
1537 | |
|
|
1538 | And after decoding the JSON text, you could walk the data structure |
|
|
1539 | looking for arrays with a first element of |
|
|
1540 | "XU1peReLzT4ggEllLanBYq4G9VzliwKF". |
|
|
1541 | |
|
|
1542 | The same approach can be used to create the tagged format with another |
|
|
1543 | encoder. First, you create an array with the magic string as first |
|
|
1544 | member, the classname as second, and constructor arguments last, encode |
|
|
1545 | it as part of your JSON structure, and then: |
|
|
1546 | |
|
|
1547 | $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g; |
|
|
1548 | |
|
|
1549 | Again, this has some limitations - the magic string must not be encoded |
|
|
1550 | with character escapes, and the constructor arguments must be non-empty. |
|
|
1551 | |
|
|
1552 | RFC7159 |
|
|
1553 | Since this module was written, Google has written a new JSON RFC, RFC |
|
|
1554 | 7159 (and RFC7158). Unfortunately, this RFC breaks compatibility with |
|
|
1555 | both the original JSON specification on www.json.org and RFC4627. |
|
|
1556 | |
|
|
1557 | As far as I can see, you can get partial compatibility when parsing by |
|
|
1558 | using "->allow_nonref". However, consider the security implications of |
|
|
1559 | doing so. |
|
|
1560 | |
|
|
1561 | I haven't decided yet when to break compatibility with RFC4627 by |
|
|
1562 | default (and potentially leave applications insecure) and change the |
|
|
1563 | default to follow RFC7159, but application authors are well advised to |
|
|
1564 | call "->allow_nonref(0)" even if this is the current default, if they |
|
|
1565 | cannot handle non-reference values, in preparation for the day when the |
|
|
1566 | default will change. |
|
|
1567 | |
|
|
1568 | THREADS |
|
|
1569 | This module is *not* guaranteed to be thread safe and there are no plans |
|
|
1570 | to change this until Perl gets thread support (as opposed to the |
|
|
1571 | horribly slow so-called "threads" which are simply slow and bloated |
|
|
1572 | process simulations - use fork, it's *much* faster, cheaper, better). |
|
|
1573 | |
|
|
1574 | (It might actually work, but you have been warned). |
|
|
1575 | |
|
|
1576 | THE PERILS OF SETLOCALE |
|
|
1577 | Sometimes people avoid the Perl locale support and directly call the |
|
|
1578 | system's setlocale function with "LC_ALL". |
|
|
1579 | |
|
|
1580 | This breaks both perl and modules such as JSON::XS, as stringification |
|
|
1581 | of numbers no longer works correctly (e.g. "$x = 0.1; print "$x"+1" |
|
|
1582 | might print 1, and JSON::XS might output illegal JSON as JSON::XS relies |
|
|
1583 | on perl to stringify numbers). |
|
|
1584 | |
|
|
1585 | The solution is simple: don't call "setlocale", or use it for only those |
|
|
1586 | categories you need, such as "LC_MESSAGES" or "LC_CTYPE". |
|
|
1587 | |
|
|
1588 | If you need "LC_NUMERIC", you should enable it only around the code that |
|
|
1589 | actually needs it (avoiding stringification of numbers), and restore it |
|
|
1590 | afterwards. |
| 623 | |
1591 | |
| 624 | BUGS |
1592 | BUGS |
| 625 | While the goal of this module is to be correct, that unfortunately does |
1593 | While the goal of this module is to be correct, that unfortunately does |
| 626 | not mean its bug-free, only that I think its design is bug-free. It is |
1594 | not mean it's bug-free, only that I think its design is bug-free. If you |
| 627 | still relatively early in its development. If you keep reporting bugs |
|
|
| 628 | they will be fixed swiftly, though. |
1595 | keep reporting bugs they will be fixed swiftly, though. |
|
|
1596 | |
|
|
1597 | Please refrain from using rt.cpan.org or any other bug reporting |
|
|
1598 | service. I put the contact address into my modules for a reason. |
|
|
1599 | |
|
|
1600 | SEE ALSO |
|
|
1601 | The json_xs command line utility for quick experiments. |
| 629 | |
1602 | |
| 630 | AUTHOR |
1603 | AUTHOR |
| 631 | Marc Lehmann <schmorp@schmorp.de> |
1604 | Marc Lehmann <schmorp@schmorp.de> |
| 632 | http://home.schmorp.de/ |
1605 | http://home.schmorp.de/ |
| 633 | |
1606 | |
