ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/JSON-XS/README
(Generate patch)

Comparing JSON-XS/README (file contents):
Revision 1.24 by root, Thu Mar 27 06:37:35 2008 UTC vs.
Revision 1.41 by root, Wed Nov 16 19:21:53 2016 UTC

20 $perl_scalar = $coder->decode ($unicode_json_text); 20 $perl_scalar = $coder->decode ($unicode_json_text);
21 21
22 # Note that JSON version 2.0 and above will automatically use JSON::XS 22 # Note that JSON version 2.0 and above will automatically use JSON::XS
23 # if available, at virtually no speed overhead either, so you should 23 # if available, at virtually no speed overhead either, so you should
24 # be able to just: 24 # be able to just:
25 25
26 use JSON; 26 use JSON;
27 27
28 # and do the same things, except that you have a pure-perl fallback now. 28 # and do the same things, except that you have a pure-perl fallback now.
29 29
30DESCRIPTION 30DESCRIPTION
31 This module converts Perl data structures to JSON and vice versa. Its 31 This module converts Perl data structures to JSON and vice versa. Its
32 primary goal is to be *correct* and its secondary goal is to be *fast*. 32 primary goal is to be *correct* and its secondary goal is to be *fast*.
33 To reach the latter goal it was written in C. 33 To reach the latter goal it was written in C.
34 34
35 Beginning with version 2.0 of the JSON module, when both JSON and 35 Beginning with version 2.0 of the JSON module, when both JSON and
36 JSON::XS are installed, then JSON will fall back on JSON::XS (this can 36 JSON::XS are installed, then JSON will fall back on JSON::XS (this can
37 be overriden) with no overhead due to emulation (by inheritign 37 be overridden) with no overhead due to emulation (by inheriting
38 constructor and methods). If JSON::XS is not available, it will fall 38 constructor and methods). If JSON::XS is not available, it will fall
39 back to the compatible JSON::PP module as backend, so using JSON instead 39 back to the compatible JSON::PP module as backend, so using JSON instead
40 of JSON::XS gives you a portable JSON API that can be fast when you need 40 of JSON::XS gives you a portable JSON API that can be fast when you need
41 and doesn't require a C compiler when that is a problem. 41 and doesn't require a C compiler when that is a problem.
42 42
44 to write yet another JSON module? While it seems there are many JSON 44 to write yet another JSON module? While it seems there are many JSON
45 modules, none of them correctly handle all corner cases, and in most 45 modules, none of them correctly handle all corner cases, and in most
46 cases their maintainers are unresponsive, gone missing, or not listening 46 cases their maintainers are unresponsive, gone missing, or not listening
47 to bug reports for other reasons. 47 to bug reports for other reasons.
48 48
49 See COMPARISON, below, for a comparison to some other JSON modules.
50
51 See MAPPING, below, on how JSON::XS maps perl values to JSON values and 49 See MAPPING, below, on how JSON::XS maps perl values to JSON values and
52 vice versa. 50 vice versa.
53 51
54 FEATURES 52 FEATURES
55 * correct Unicode handling 53 * correct Unicode handling
57 This module knows how to handle Unicode, documents how and when it 55 This module knows how to handle Unicode, documents how and when it
58 does so, and even documents what "correct" means. 56 does so, and even documents what "correct" means.
59 57
60 * round-trip integrity 58 * round-trip integrity
61 59
62 When you serialise a perl data structure using only datatypes 60 When you serialise a perl data structure using only data types
63 supported by JSON, the deserialised data structure is identical on 61 supported by JSON and Perl, the deserialised data structure is
64 the Perl level. (e.g. the string "2.0" doesn't suddenly become "2" 62 identical on the Perl level. (e.g. the string "2.0" doesn't suddenly
65 just because it looks like a number). There minor *are* exceptions 63 become "2" just because it looks like a number). There *are* minor
66 to this, read the MAPPING section below to learn about those. 64 exceptions to this, read the MAPPING section below to learn about
65 those.
67 66
68 * strict checking of JSON correctness 67 * strict checking of JSON correctness
69 68
70 There is no guessing, no generating of illegal JSON texts by 69 There is no guessing, no generating of illegal JSON texts by
71 default, and only JSON is accepted as input by default (the latter 70 default, and only JSON is accepted as input by default (the latter
78 too. 77 too.
79 78
80 * simple to use 79 * simple to use
81 80
82 This module has both a simple functional interface as well as an 81 This module has both a simple functional interface as well as an
83 objetc oriented interface interface. 82 object oriented interface.
84 83
85 * reasonably versatile output formats 84 * reasonably versatile output formats
86 85
87 You can choose between the most compact guaranteed-single-line 86 You can choose between the most compact guaranteed-single-line
88 format possible (nice for simple line-based protocols), a pure-ascii 87 format possible (nice for simple line-based protocols), a pure-ASCII
89 format (for when your transport is not 8-bit clean, still supports 88 format (for when your transport is not 8-bit clean, still supports
90 the whole Unicode range), or a pretty-printed format (for when you 89 the whole Unicode range), or a pretty-printed format (for when you
91 want to read that stuff). Or you can combine those features in 90 want to read that stuff). Or you can combine those features in
92 whatever way you like. 91 whatever way you like.
93 92
101 100
102 This function call is functionally identical to: 101 This function call is functionally identical to:
103 102
104 $json_text = JSON::XS->new->utf8->encode ($perl_scalar) 103 $json_text = JSON::XS->new->utf8->encode ($perl_scalar)
105 104
106 except being faster. 105 Except being faster.
107 106
108 $perl_scalar = decode_json $json_text 107 $perl_scalar = decode_json $json_text
109 The opposite of "encode_json": expects an UTF-8 (binary) string and 108 The opposite of "encode_json": expects an UTF-8 (binary) string and
110 tries to parse that as an UTF-8 encoded JSON text, returning the 109 tries to parse that as an UTF-8 encoded JSON text, returning the
111 resulting reference. Croaks on error. 110 resulting reference. Croaks on error.
112 111
113 This function call is functionally identical to: 112 This function call is functionally identical to:
114 113
115 $perl_scalar = JSON::XS->new->utf8->decode ($json_text) 114 $perl_scalar = JSON::XS->new->utf8->decode ($json_text)
116 115
117 except being faster. 116 Except being faster.
118
119 $is_boolean = JSON::XS::is_bool $scalar
120 Returns true if the passed scalar represents either JSON::XS::true
121 or JSON::XS::false, two constants that act like 1 and 0,
122 respectively and are used to represent JSON "true" and "false"
123 values in Perl.
124
125 See MAPPING, below, for more information on how JSON values are
126 mapped to Perl.
127 117
128A FEW NOTES ON UNICODE AND PERL 118A FEW NOTES ON UNICODE AND PERL
129 Since this often leads to confusion, here are a few very clear words on 119 Since this often leads to confusion, here are a few very clear words on
130 how Unicode works in Perl, modulo bugs. 120 how Unicode works in Perl, modulo bugs.
131 121
152 142
153 If you didn't know about that flag, just the better, pretend it 143 If you didn't know about that flag, just the better, pretend it
154 doesn't exist. 144 doesn't exist.
155 145
156 4. A "Unicode String" is simply a string where each character can be 146 4. A "Unicode String" is simply a string where each character can be
157 validly interpreted as a Unicode codepoint. 147 validly interpreted as a Unicode code point.
158 If you have UTF-8 encoded data, it is no longer a Unicode string, 148 If you have UTF-8 encoded data, it is no longer a Unicode string,
159 but a Unicode string encoded in UTF-8, giving you a binary string. 149 but a Unicode string encoded in UTF-8, giving you a binary string.
160 150
161 5. A string containing "high" (> 255) character values is *not* a UTF-8 151 5. A string containing "high" (> 255) character values is *not* a UTF-8
162 string. 152 string.
362 [ 352 [
363 1, # this comment not allowed in JSON 353 1, # this comment not allowed in JSON
364 # neither this one... 354 # neither this one...
365 ] 355 ]
366 356
357 * literal ASCII TAB characters in strings
358
359 Literal ASCII TAB characters are now allowed in strings (and
360 treated as "\t").
361
362 [
363 "Hello\tWorld",
364 "Hello<TAB>World", # literal <TAB> would not normally be allowed
365 ]
366
367 $json = $json->canonical ([$enable]) 367 $json = $json->canonical ([$enable])
368 $enabled = $json->get_canonical 368 $enabled = $json->get_canonical
369 If $enable is true (or missing), then the "encode" method will 369 If $enable is true (or missing), then the "encode" method will
370 output JSON objects by sorting their keys. This is adding a 370 output JSON objects by sorting their keys. This is adding a
371 comparatively high overhead. 371 comparatively high overhead.
372 372
373 If $enable is false, then the "encode" method will output key-value 373 If $enable is false, then the "encode" method will output key-value
374 pairs in the order Perl stores them (which will likely change 374 pairs in the order Perl stores them (which will likely change
375 between runs of the same script). 375 between runs of the same script, and can change even within the same
376 run from 5.18 onwards).
376 377
377 This option is useful if you want the same data structure to be 378 This option is useful if you want the same data structure to be
378 encoded as the same JSON text (given the same overall settings). If 379 encoded as the same JSON text (given the same overall settings). If
379 it is disabled, the same hash might be encoded differently even if 380 it is disabled, the same hash might be encoded differently even if
380 contains the same data, as key-value pairs have no inherent ordering 381 contains the same data, as key-value pairs have no inherent ordering
381 in Perl. 382 in Perl.
382 383
383 This setting has no effect when decoding JSON texts. 384 This setting has no effect when decoding JSON texts.
385
386 This setting has currently no effect on tied hashes.
384 387
385 $json = $json->allow_nonref ([$enable]) 388 $json = $json->allow_nonref ([$enable])
386 $enabled = $json->get_allow_nonref 389 $enabled = $json->get_allow_nonref
387 If $enable is true (or missing), then the "encode" method can 390 If $enable is true (or missing), then the "encode" method can
388 convert a non-reference into its corresponding string, number or 391 convert a non-reference into its corresponding string, number or
398 "allow_nonref", resulting in an invalid JSON text: 401 "allow_nonref", resulting in an invalid JSON text:
399 402
400 JSON::XS->new->allow_nonref->encode ("Hello, World!") 403 JSON::XS->new->allow_nonref->encode ("Hello, World!")
401 => "Hello, World!" 404 => "Hello, World!"
402 405
406 $json = $json->allow_unknown ([$enable])
407 $enabled = $json->get_allow_unknown
408 If $enable is true (or missing), then "encode" will *not* throw an
409 exception when it encounters values it cannot represent in JSON (for
410 example, filehandles) but instead will encode a JSON "null" value.
411 Note that blessed objects are not included here and are handled
412 separately by c<allow_nonref>.
413
414 If $enable is false (the default), then "encode" will throw an
415 exception when it encounters anything it cannot encode as JSON.
416
417 This option does not affect "decode" in any way, and it is
418 recommended to leave it off unless you know your communications
419 partner.
420
403 $json = $json->allow_blessed ([$enable]) 421 $json = $json->allow_blessed ([$enable])
404 $enabled = $json->get_allow_blessed 422 $enabled = $json->get_allow_blessed
423 See "OBJECT SERIALISATION" for details.
424
405 If $enable is true (or missing), then the "encode" method will not 425 If $enable is true (or missing), then the "encode" method will not
406 barf when it encounters a blessed reference. Instead, the value of 426 barf when it encounters a blessed reference that it cannot convert
407 the convert_blessed option will decide whether "null" 427 otherwise. Instead, a JSON "null" value is encoded instead of the
408 ("convert_blessed" disabled or no "TO_JSON" method found) or a 428 object.
409 representation of the object ("convert_blessed" enabled and
410 "TO_JSON" method found) is being encoded. Has no effect on "decode".
411 429
412 If $enable is false (the default), then "encode" will throw an 430 If $enable is false (the default), then "encode" will throw an
413 exception when it encounters a blessed object. 431 exception when it encounters a blessed object that it cannot convert
432 otherwise.
433
434 This setting has no effect on "decode".
414 435
415 $json = $json->convert_blessed ([$enable]) 436 $json = $json->convert_blessed ([$enable])
416 $enabled = $json->get_convert_blessed 437 $enabled = $json->get_convert_blessed
438 See "OBJECT SERIALISATION" for details.
439
417 If $enable is true (or missing), then "encode", upon encountering a 440 If $enable is true (or missing), then "encode", upon encountering a
418 blessed object, will check for the availability of the "TO_JSON" 441 blessed object, will check for the availability of the "TO_JSON"
419 method on the object's class. If found, it will be called in scalar 442 method on the object's class. If found, it will be called in scalar
420 context and the resulting scalar will be encoded instead of the 443 context and the resulting scalar will be encoded instead of the
421 object. If no "TO_JSON" method is found, the value of 444 object.
422 "allow_blessed" will decide what to do.
423 445
424 The "TO_JSON" method may safely call die if it wants. If "TO_JSON" 446 The "TO_JSON" method may safely call die if it wants. If "TO_JSON"
425 returns other blessed objects, those will be handled in the same 447 returns other blessed objects, those will be handled in the same
426 way. "TO_JSON" must take care of not causing an endless recursion 448 way. "TO_JSON" must take care of not causing an endless recursion
427 cycle (== crash) in this case. The name of "TO_JSON" was chosen 449 cycle (== crash) in this case. The name of "TO_JSON" was chosen
428 because other methods called by the Perl core (== not by the user of 450 because other methods called by the Perl core (== not by the user of
429 the object) are usually in upper case letters and to avoid 451 the object) are usually in upper case letters and to avoid
430 collisions with any "to_json" function or method. 452 collisions with any "to_json" function or method.
431 453
432 This setting does not yet influence "decode" in any way, but in the 454 If $enable is false (the default), then "encode" will not consider
433 future, global hooks might get installed that influence "decode" and 455 this type of conversion.
434 are enabled by this setting.
435 456
436 If $enable is false, then the "allow_blessed" setting will decide 457 This setting has no effect on "decode".
437 what to do when a blessed object is found. 458
459 $json = $json->allow_tags ([$enable])
460 $enabled = $json->allow_tags
461 See "OBJECT SERIALISATION" for details.
462
463 If $enable is true (or missing), then "encode", upon encountering a
464 blessed object, will check for the availability of the "FREEZE"
465 method on the object's class. If found, it will be used to serialise
466 the object into a nonstandard tagged JSON value (that JSON decoders
467 cannot decode).
468
469 It also causes "decode" to parse such tagged JSON values and
470 deserialise them via a call to the "THAW" method.
471
472 If $enable is false (the default), then "encode" will not consider
473 this type of conversion, and tagged JSON values will cause a parse
474 error in "decode", as if tags were not part of the grammar.
438 475
439 $json = $json->filter_json_object ([$coderef->($hashref)]) 476 $json = $json->filter_json_object ([$coderef->($hashref)])
440 When $coderef is specified, it will be called from "decode" each 477 When $coderef is specified, it will be called from "decode" each
441 time it decodes a JSON object. The only argument is a reference to 478 time it decodes a JSON object. The only argument is a reference to
442 the newly-created hash. If the code references returns a single 479 the newly-created hash. If the code references returns a single
541 saving space. 578 saving space.
542 579
543 $json = $json->max_depth ([$maximum_nesting_depth]) 580 $json = $json->max_depth ([$maximum_nesting_depth])
544 $max_depth = $json->get_max_depth 581 $max_depth = $json->get_max_depth
545 Sets the maximum nesting level (default 512) accepted while encoding 582 Sets the maximum nesting level (default 512) accepted while encoding
546 or decoding. If the JSON text or Perl data structure has an equal or 583 or decoding. If a higher nesting level is detected in JSON text or a
547 higher nesting level then this limit, then the encoder and decoder 584 Perl data structure, then the encoder and decoder will stop and
548 will stop and croak at that point. 585 croak at that point.
549 586
550 Nesting level is defined by number of hash- or arrayrefs that the 587 Nesting level is defined by number of hash- or arrayrefs that the
551 encoder needs to traverse to reach a given point or the number of 588 encoder needs to traverse to reach a given point or the number of
552 "{" or "[" characters without their matching closing parenthesis 589 "{" or "[" characters without their matching closing parenthesis
553 crossed to reach a given character in a string. 590 crossed to reach a given character in a string.
554 591
555 Setting the maximum depth to one disallows any nesting, so that 592 Setting the maximum depth to one disallows any nesting, so that
556 ensures that the object is only a single hash/object or array. 593 ensures that the object is only a single hash/object or array.
557 594
558 The argument to "max_depth" will be rounded up to the next highest
559 power of two. If no argument is given, the highest possible setting 595 If no argument is given, the highest possible setting will be used,
560 will be used, which is rarely useful. 596 which is rarely useful.
597
598 Note that nesting is implemented by recursion in C. The default
599 value has been chosen to be as large as typical operating systems
600 allow without crashing.
561 601
562 See SECURITY CONSIDERATIONS, below, for more info on why this is 602 See SECURITY CONSIDERATIONS, below, for more info on why this is
563 useful. 603 useful.
564 604
565 $json = $json->max_size ([$maximum_string_size]) 605 $json = $json->max_size ([$maximum_string_size])
566 $max_size = $json->get_max_size 606 $max_size = $json->get_max_size
567 Set the maximum length a JSON text may have (in bytes) where 607 Set the maximum length a JSON text may have (in bytes) where
568 decoding is being attempted. The default is 0, meaning no limit. 608 decoding is being attempted. The default is 0, meaning no limit.
569 When "decode" is called on a string longer then this number of 609 When "decode" is called on a string that is longer then this many
570 characters it will not attempt to decode the string but throw an 610 bytes, it will not attempt to decode the string but throw an
571 exception. This setting has no effect on "encode" (yet). 611 exception. This setting has no effect on "encode" (yet).
572 612
573 The argument to "max_size" will be rounded up to the next highest
574 power of two (so may be more than requested). If no argument is
575 given, the limit check will be deactivated (same as when 0 is 613 If no argument is given, the limit check will be deactivated (same
576 specified). 614 as when 0 is specified).
577 615
578 See SECURITY CONSIDERATIONS, below, for more info on why this is 616 See SECURITY CONSIDERATIONS, below, for more info on why this is
579 useful. 617 useful.
580 618
581 $json_text = $json->encode ($perl_scalar) 619 $json_text = $json->encode ($perl_scalar)
582 Converts the given Perl data structure (a simple scalar or a 620 Converts the given Perl value or data structure to its JSON
583 reference to a hash or array) to its JSON representation. Simple 621 representation. Croaks on error.
584 scalars will be converted into JSON string or number sequences,
585 while references to arrays become JSON arrays and references to
586 hashes become JSON objects. Undefined Perl values (e.g. "undef")
587 become JSON "null" values. Neither "true" nor "false" values will be
588 generated.
589 622
590 $perl_scalar = $json->decode ($json_text) 623 $perl_scalar = $json->decode ($json_text)
591 The opposite of "encode": expects a JSON text and tries to parse it, 624 The opposite of "encode": expects a JSON text and tries to parse it,
592 returning the resulting simple scalar or reference. Croaks on error. 625 returning the resulting simple scalar or reference. Croaks on error.
593
594 JSON numbers and strings become simple Perl scalars. JSON arrays
595 become Perl arrayrefs and JSON objects become Perl hashrefs. "true"
596 becomes 1, "false" becomes 0 and "null" becomes "undef".
597 626
598 ($perl_scalar, $characters) = $json->decode_prefix ($json_text) 627 ($perl_scalar, $characters) = $json->decode_prefix ($json_text)
599 This works like the "decode" method, but instead of raising an 628 This works like the "decode" method, but instead of raising an
600 exception when there is trailing garbage after the first JSON 629 exception when there is trailing garbage after the first JSON
601 object, it will silently stop parsing there and return the number of 630 object, it will silently stop parsing there and return the number of
602 characters consumed so far. 631 characters consumed so far.
603 632
604 This is useful if your JSON texts are not delimited by an outer 633 This is useful if your JSON texts are not delimited by an outer
605 protocol (which is not the brightest thing to do in the first place)
606 and you need to know where the JSON text ends. 634 protocol and you need to know where the JSON text ends.
607 635
608 JSON::XS->new->decode_prefix ("[1] the tail") 636 JSON::XS->new->decode_prefix ("[1] the tail")
609 => ([], 3) 637 => ([1], 3)
610 638
611INCREMENTAL PARSING 639INCREMENTAL PARSING
612 [This section and the API it details is still EXPERIMENTAL]
613
614 In some cases, there is the need for incremental parsing of JSON texts. 640 In some cases, there is the need for incremental parsing of JSON texts.
615 While this module always has to keep both JSON text and resulting Perl 641 While this module always has to keep both JSON text and resulting Perl
616 data structure in memory at one time, it does allow you to parse a JSON 642 data structure in memory at one time, it does allow you to parse a JSON
617 stream incrementally. It does so by accumulating text until it has a 643 stream incrementally. It does so by accumulating text until it has a
618 full JSON object, which it then can decode. This process is similar to 644 full JSON object, which it then can decode. This process is similar to
619 using "decode_prefix" to see if a full JSON object is available, but is 645 using "decode_prefix" to see if a full JSON object is available, but is
620 much more efficient (JSON::XS will only attempt to parse the JSON text 646 much more efficient (and can be implemented with a minimum of method
621 once it is sure it has enough text to get a decisive result, using a 647 calls).
622 very simple but truly incremental parser).
623 648
624 The following two methods deal with this. 649 JSON::XS will only attempt to parse the JSON text once it is sure it has
650 enough text to get a decisive result, using a very simple but truly
651 incremental parser. This means that it sometimes won't stop as early as
652 the full parser, for example, it doesn't detect mismatched parentheses.
653 The only thing it guarantees is that it starts decoding as soon as a
654 syntactically valid JSON text has been seen. This means you need to set
655 resource limits (e.g. "max_size") to ensure the parser will stop parsing
656 in the presence if syntax errors.
657
658 The following methods implement this incremental parser.
625 659
626 [void, scalar or list context] = $json->incr_parse ([$string]) 660 [void, scalar or list context] = $json->incr_parse ([$string])
627 This is the central parsing function. It can both append new text 661 This is the central parsing function. It can both append new text
628 and extract objects from the stream accumulated so far (both of 662 and extract objects from the stream accumulated so far (both of
629 these functions are optional). 663 these functions are optional).
637 671
638 If the method is called in scalar context, then it will try to 672 If the method is called in scalar context, then it will try to
639 extract exactly *one* JSON object. If that is successful, it will 673 extract exactly *one* JSON object. If that is successful, it will
640 return this object, otherwise it will return "undef". If there is a 674 return this object, otherwise it will return "undef". If there is a
641 parse error, this method will croak just as "decode" would do (one 675 parse error, this method will croak just as "decode" would do (one
642 can then use "incr_skip" to skip the errornous part). This is the 676 can then use "incr_skip" to skip the erroneous part). This is the
643 most common way of using the method. 677 most common way of using the method.
644 678
645 And finally, in list context, it will try to extract as many objects 679 And finally, in list context, it will try to extract as many objects
646 from the stream as it can find and return them, or the empty list 680 from the stream as it can find and return them, or the empty list
647 otherwise. For this to work, there must be no separators between the 681 otherwise. For this to work, there must be no separators (other than
648 JSON objects or arrays, instead they must be concatenated 682 whitespace) between the JSON objects or arrays, instead they must be
649 back-to-back. If an error occurs, an exception will be raised as in 683 concatenated back-to-back. If an error occurs, an exception will be
650 the scalar context case. Note that in this case, any 684 raised as in the scalar context case. Note that in this case, any
651 previously-parsed JSON texts will be lost. 685 previously-parsed JSON texts will be lost.
686
687 Example: Parse some JSON arrays/objects in a given string and return
688 them.
689
690 my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]");
652 691
653 $lvalue_string = $json->incr_text 692 $lvalue_string = $json->incr_text
654 This method returns the currently stored JSON fragment as an lvalue, 693 This method returns the currently stored JSON fragment as an lvalue,
655 that is, you can manipulate it. This *only* works when a preceding 694 that is, you can manipulate it. This *only* works when a preceding
656 call to "incr_parse" in *scalar context* successfully returned an 695 call to "incr_parse" in *scalar context* successfully returned an
658 function (I mean it. although in simple tests it might actually 697 function (I mean it. although in simple tests it might actually
659 work, it *will* fail under real world conditions). As a special 698 work, it *will* fail under real world conditions). As a special
660 exception, you can also call this method before having parsed 699 exception, you can also call this method before having parsed
661 anything. 700 anything.
662 701
702 That means you can only use this function to look at or manipulate
703 text before or after complete JSON objects, not while the parser is
704 in the middle of parsing a JSON object.
705
663 This function is useful in two cases: a) finding the trailing text 706 This function is useful in two cases: a) finding the trailing text
664 after a JSON object or b) parsing multiple JSON objects separated by 707 after a JSON object or b) parsing multiple JSON objects separated by
665 non-JSON text (such as commas). 708 non-JSON text (such as commas).
666 709
667 $json->incr_skip 710 $json->incr_skip
668 This will reset the state of the incremental parser and will remove 711 This will reset the state of the incremental parser and will remove
669 the parsed text from the input buffer. This is useful after 712 the parsed text from the input buffer so far. This is useful after
670 "incr_parse" died, in which case the input buffer and incremental 713 "incr_parse" died, in which case the input buffer and incremental
671 parser state is left unchanged, to skip the text parsed so far and 714 parser state is left unchanged, to skip the text parsed so far and
672 to reset the parse state. 715 to reset the parse state.
716
717 The difference to "incr_reset" is that only text until the parse
718 error occurred is removed.
719
720 $json->incr_reset
721 This completely resets the incremental parser, that is, after this
722 call, it will be as if the parser had never parsed anything.
723
724 This is useful if you want to repeatedly parse JSON objects and want
725 to ignore any trailing data, which means you have to reset the
726 parser after each successful decode.
673 727
674 LIMITATIONS 728 LIMITATIONS
675 All options that affect decoding are supported, except "allow_nonref". 729 All options that affect decoding are supported, except "allow_nonref".
676 The reason for this is that it cannot be made to work sensibly: JSON 730 The reason for this is that it cannot be made to work sensibly: JSON
677 objects and arrays are self-delimited, i.e. you can concatenate them 731 objects and arrays are self-delimited, i.e. you can concatenate them
853 If the number consists of digits only, JSON::XS will try to 907 If the number consists of digits only, JSON::XS will try to
854 represent it as an integer value. If that fails, it will try to 908 represent it as an integer value. If that fails, it will try to
855 represent it as a numeric (floating point) value if that is possible 909 represent it as a numeric (floating point) value if that is possible
856 without loss of precision. Otherwise it will preserve the number as 910 without loss of precision. Otherwise it will preserve the number as
857 a string value (in which case you lose roundtripping ability, as the 911 a string value (in which case you lose roundtripping ability, as the
858 JSON number will be re-encoded toa JSON string). 912 JSON number will be re-encoded to a JSON string).
859 913
860 Numbers containing a fractional or exponential part will always be 914 Numbers containing a fractional or exponential part will always be
861 represented as numeric (floating point) values, possibly at a loss 915 represented as numeric (floating point) values, possibly at a loss
862 of precision (in which case you might lose perfect roundtripping 916 of precision (in which case you might lose perfect roundtripping
863 ability, but the JSON number will still be re-encoded as a JSON 917 ability, but the JSON number will still be re-encoded as a JSON
864 number). 918 number).
865 919
920 Note that precision is not accuracy - binary floating point values
921 cannot represent most decimal fractions exactly, and when converting
922 from and to floating point, JSON::XS only guarantees precision up to
923 but not including the least significant bit.
924
866 true, false 925 true, false
867 These JSON atoms become "JSON::XS::true" and "JSON::XS::false", 926 These JSON atoms become "Types::Serialiser::true" and
868 respectively. They are overloaded to act almost exactly like the 927 "Types::Serialiser::false", respectively. They are overloaded to act
869 numbers 1 and 0. You can check whether a scalar is a JSON boolean by 928 almost exactly like the numbers 1 and 0. You can check whether a
870 using the "JSON::XS::is_bool" function. 929 scalar is a JSON boolean by using the "Types::Serialiser::is_bool"
930 function (after "use Types::Serialier", of course).
871 931
872 null 932 null
873 A JSON null atom becomes "undef" in Perl. 933 A JSON null atom becomes "undef" in Perl.
934
935 shell-style comments ("# *text*")
936 As a nonstandard extension to the JSON syntax that is enabled by the
937 "relaxed" setting, shell-style comments are allowed. They can start
938 anywhere outside strings and go till the end of the line.
939
940 tagged values ("(*tag*)*value*").
941 Another nonstandard extension to the JSON syntax, enabled with the
942 "allow_tags" setting, are tagged values. In this implementation, the
943 *tag* must be a perl package/class name encoded as a JSON string,
944 and the *value* must be a JSON array encoding optional constructor
945 arguments.
946
947 See "OBJECT SERIALISATION", below, for details.
874 948
875 PERL -> JSON 949 PERL -> JSON
876 The mapping from Perl to JSON is slightly more difficult, as Perl is a 950 The mapping from Perl to JSON is slightly more difficult, as Perl is a
877 truly typeless language, so we can only guess which JSON type is meant 951 truly typeless language, so we can only guess which JSON type is meant
878 by a Perl value. 952 by a Perl value.
879 953
880 hash references 954 hash references
881 Perl hash references become JSON objects. As there is no inherent 955 Perl hash references become JSON objects. As there is no inherent
882 ordering in hash keys (or JSON objects), they will usually be 956 ordering in hash keys (or JSON objects), they will usually be
883 encoded in a pseudo-random order that can change between runs of the 957 encoded in a pseudo-random order. JSON::XS can optionally sort the
884 same program but stays generally the same within a single run of a 958 hash keys (determined by the *canonical* flag), so the same
885 program. JSON::XS can optionally sort the hash keys (determined by 959 datastructure will serialise to the same JSON text (given same
886 the *canonical* flag), so the same datastructure will serialise to 960 settings and version of JSON::XS), but this incurs a runtime
887 the same JSON text (given same settings and version of JSON::XS), 961 overhead and is only rarely useful, e.g. when you want to compare
888 but this incurs a runtime overhead and is only rarely useful, e.g. 962 some JSON text against another for equality.
889 when you want to compare some JSON text against another for
890 equality.
891 963
892 array references 964 array references
893 Perl array references become JSON arrays. 965 Perl array references become JSON arrays.
894 966
895 other references 967 other references
896 Other unblessed references are generally not allowed and will cause 968 Other unblessed references are generally not allowed and will cause
897 an exception to be thrown, except for references to the integers 0 969 an exception to be thrown, except for references to the integers 0
898 and 1, which get turned into "false" and "true" atoms in JSON. You 970 and 1, which get turned into "false" and "true" atoms in JSON.
899 can also use "JSON::XS::false" and "JSON::XS::true" to improve 971
972 Since "JSON::XS" uses the boolean model from Types::Serialiser, you
973 can also "use Types::Serialiser" and then use
974 "Types::Serialiser::false" and "Types::Serialiser::true" to improve
900 readability. 975 readability.
901 976
977 use Types::Serialiser;
902 encode_json [\0,JSON::XS::true] # yields [false,true] 978 encode_json [\0, Types::Serialiser::true] # yields [false,true]
903 979
904 JSON::XS::true, JSON::XS::false 980 Types::Serialiser::true, Types::Serialiser::false
905 These special values become JSON true and JSON false values, 981 These special values from the Types::Serialiser module become JSON
906 respectively. You can also use "\1" and "\0" directly if you want. 982 true and JSON false values, respectively. You can also use "\1" and
983 "\0" directly if you want.
907 984
908 blessed objects 985 blessed objects
909 Blessed objects are not directly representable in JSON. See the 986 Blessed objects are not directly representable in JSON, but
910 "allow_blessed" and "convert_blessed" methods on various options on 987 "JSON::XS" allows various ways of handling objects. See "OBJECT
911 how to deal with this: basically, you can choose between throwing an 988 SERIALISATION", below, for details.
912 exception, encoding the reference as if it weren't blessed, or
913 provide your own serialiser method.
914 989
915 simple scalars 990 simple scalars
916 Simple Perl scalars (any scalar that is not a reference) are the 991 Simple Perl scalars (any scalar that is not a reference) are the
917 most difficult objects to encode: JSON::XS will encode undefined 992 most difficult objects to encode: JSON::XS will encode undefined
918 scalars as JSON "null" values, scalars that have last been used in a 993 scalars as JSON "null" values, scalars that have last been used in a
946 1021
947 You can not currently force the type in other, less obscure, ways. 1022 You can not currently force the type in other, less obscure, ways.
948 Tell me if you need this capability (but don't forget to explain why 1023 Tell me if you need this capability (but don't forget to explain why
949 it's needed :). 1024 it's needed :).
950 1025
1026 Note that numerical precision has the same meaning as under Perl (so
1027 binary to decimal conversion follows the same rules as in Perl,
1028 which can differ to other languages). Also, your perl interpreter
1029 might expose extensions to the floating point numbers of your
1030 platform, such as infinities or NaN's - these cannot be represented
1031 in JSON, and it is an error to pass those in.
1032
1033 OBJECT SERIALISATION
1034 As JSON cannot directly represent Perl objects, you have to choose
1035 between a pure JSON representation (without the ability to deserialise
1036 the object automatically again), and a nonstandard extension to the JSON
1037 syntax, tagged values.
1038
1039 SERIALISATION
1040 What happens when "JSON::XS" encounters a Perl object depends on the
1041 "allow_blessed", "convert_blessed" and "allow_tags" settings, which are
1042 used in this order:
1043
1044 1. "allow_tags" is enabled and the object has a "FREEZE" method.
1045 In this case, "JSON::XS" uses the Types::Serialiser object
1046 serialisation protocol to create a tagged JSON value, using a
1047 nonstandard extension to the JSON syntax.
1048
1049 This works by invoking the "FREEZE" method on the object, with the
1050 first argument being the object to serialise, and the second
1051 argument being the constant string "JSON" to distinguish it from
1052 other serialisers.
1053
1054 The "FREEZE" method can return any number of values (i.e. zero or
1055 more). These values and the paclkage/classname of the object will
1056 then be encoded as a tagged JSON value in the following format:
1057
1058 ("classname")[FREEZE return values...]
1059
1060 e.g.:
1061
1062 ("URI")["http://www.google.com/"]
1063 ("MyDate")[2013,10,29]
1064 ("ImageData::JPEG")["Z3...VlCg=="]
1065
1066 For example, the hypothetical "My::Object" "FREEZE" method might use
1067 the objects "type" and "id" members to encode the object:
1068
1069 sub My::Object::FREEZE {
1070 my ($self, $serialiser) = @_;
1071
1072 ($self->{type}, $self->{id})
1073 }
1074
1075 2. "convert_blessed" is enabled and the object has a "TO_JSON" method.
1076 In this case, the "TO_JSON" method of the object is invoked in
1077 scalar context. It must return a single scalar that can be directly
1078 encoded into JSON. This scalar replaces the object in the JSON text.
1079
1080 For example, the following "TO_JSON" method will convert all URI
1081 objects to JSON strings when serialised. The fatc that these values
1082 originally were URI objects is lost.
1083
1084 sub URI::TO_JSON {
1085 my ($uri) = @_;
1086 $uri->as_string
1087 }
1088
1089 3. "allow_blessed" is enabled.
1090 The object will be serialised as a JSON null value.
1091
1092 4. none of the above
1093 If none of the settings are enabled or the respective methods are
1094 missing, "JSON::XS" throws an exception.
1095
1096 DESERIALISATION
1097 For deserialisation there are only two cases to consider: either
1098 nonstandard tagging was used, in which case "allow_tags" decides, or
1099 objects cannot be automatically be deserialised, in which case you can
1100 use postprocessing or the "filter_json_object" or
1101 "filter_json_single_key_object" callbacks to get some real objects our
1102 of your JSON.
1103
1104 This section only considers the tagged value case: I a tagged JSON
1105 object is encountered during decoding and "allow_tags" is disabled, a
1106 parse error will result (as if tagged values were not part of the
1107 grammar).
1108
1109 If "allow_tags" is enabled, "JSON::XS" will look up the "THAW" method of
1110 the package/classname used during serialisation (it will not attempt to
1111 load the package as a Perl module). If there is no such method, the
1112 decoding will fail with an error.
1113
1114 Otherwise, the "THAW" method is invoked with the classname as first
1115 argument, the constant string "JSON" as second argument, and all the
1116 values from the JSON array (the values originally returned by the
1117 "FREEZE" method) as remaining arguments.
1118
1119 The method must then return the object. While technically you can return
1120 any Perl scalar, you might have to enable the "enable_nonref" setting to
1121 make that work in all cases, so better return an actual blessed
1122 reference.
1123
1124 As an example, let's implement a "THAW" function that regenerates the
1125 "My::Object" from the "FREEZE" example earlier:
1126
1127 sub My::Object::THAW {
1128 my ($class, $serialiser, $type, $id) = @_;
1129
1130 $class->new (type => $type, id => $id)
1131 }
1132
951ENCODING/CODESET FLAG NOTES 1133ENCODING/CODESET FLAG NOTES
952 The interested reader might have seen a number of flags that signify 1134 The interested reader might have seen a number of flags that signify
953 encodings or codesets - "utf8", "latin1" and "ascii". There seems to be 1135 encodings or codesets - "utf8", "latin1" and "ascii". There seems to be
954 some confusion on what these do, so here is a short comparison: 1136 some confusion on what these do, so here is a short comparison:
955 1137
974 1156
975 "utf8" flag disabled 1157 "utf8" flag disabled
976 When "utf8" is disabled (the default), then "encode"/"decode" 1158 When "utf8" is disabled (the default), then "encode"/"decode"
977 generate and expect Unicode strings, that is, characters with high 1159 generate and expect Unicode strings, that is, characters with high
978 ordinal Unicode values (> 255) will be encoded as such characters, 1160 ordinal Unicode values (> 255) will be encoded as such characters,
979 and likewise such characters are decoded as-is, no canges to them 1161 and likewise such characters are decoded as-is, no changes to them
980 will be done, except "(re-)interpreting" them as Unicode codepoints 1162 will be done, except "(re-)interpreting" them as Unicode codepoints
981 or Unicode characters, respectively (to Perl, these are the same 1163 or Unicode characters, respectively (to Perl, these are the same
982 thing in strings unless you do funny/weird/dumb stuff). 1164 thing in strings unless you do funny/weird/dumb stuff).
983 1165
984 This is useful when you want to do the encoding yourself (e.g. when 1166 This is useful when you want to do the encoding yourself (e.g. when
1041 structure back. This is useful when your channel for JSON transfer 1223 structure back. This is useful when your channel for JSON transfer
1042 is not 8-bit clean or the encoding might be mangled in between (e.g. 1224 is not 8-bit clean or the encoding might be mangled in between (e.g.
1043 in mail), and works because ASCII is a proper subset of most 8-bit 1225 in mail), and works because ASCII is a proper subset of most 8-bit
1044 and multibyte encodings in use in the world. 1226 and multibyte encodings in use in the world.
1045 1227
1228 JSON and ECMAscript
1229 JSON syntax is based on how literals are represented in javascript (the
1230 not-standardised predecessor of ECMAscript) which is presumably why it
1231 is called "JavaScript Object Notation".
1232
1233 However, JSON is not a subset (and also not a superset of course) of
1234 ECMAscript (the standard) or javascript (whatever browsers actually
1235 implement).
1236
1237 If you want to use javascript's "eval" function to "parse" JSON, you
1238 might run into parse errors for valid JSON texts, or the resulting data
1239 structure might not be queryable:
1240
1241 One of the problems is that U+2028 and U+2029 are valid characters
1242 inside JSON strings, but are not allowed in ECMAscript string literals,
1243 so the following Perl fragment will not output something that can be
1244 guaranteed to be parsable by javascript's "eval":
1245
1246 use JSON::XS;
1247
1248 print encode_json [chr 0x2028];
1249
1250 The right fix for this is to use a proper JSON parser in your javascript
1251 programs, and not rely on "eval" (see for example Douglas Crockford's
1252 json2.js parser).
1253
1254 If this is not an option, you can, as a stop-gap measure, simply encode
1255 to ASCII-only JSON:
1256
1257 use JSON::XS;
1258
1259 print JSON::XS->new->ascii->encode ([chr 0x2028]);
1260
1261 Note that this will enlarge the resulting JSON text quite a bit if you
1262 have many non-ASCII characters. You might be tempted to run some regexes
1263 to only escape U+2028 and U+2029, e.g.:
1264
1265 # DO NOT USE THIS!
1266 my $json = JSON::XS->new->utf8->encode ([chr 0x2028]);
1267 $json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028
1268 $json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029
1269 print $json;
1270
1271 Note that *this is a bad idea*: the above only works for U+2028 and
1272 U+2029 and thus only for fully ECMAscript-compliant parsers. Many
1273 existing javascript implementations, however, have issues with other
1274 characters as well - using "eval" naively simply *will* cause problems.
1275
1276 Another problem is that some javascript implementations reserve some
1277 property names for their own purposes (which probably makes them
1278 non-ECMAscript-compliant). For example, Iceweasel reserves the
1279 "__proto__" property name for its own purposes.
1280
1281 If that is a problem, you could parse try to filter the resulting JSON
1282 output for these property strings, e.g.:
1283
1284 $json =~ s/"__proto__"\s*:/"__proto__renamed":/g;
1285
1286 This works because "__proto__" is not valid outside of strings, so every
1287 occurrence of ""__proto__"\s*:" must be a string used as property name.
1288
1289 If you know of other incompatibilities, please let me know.
1290
1046 JSON and YAML 1291 JSON and YAML
1047 You often hear that JSON is a subset of YAML. This is, however, a mass 1292 You often hear that JSON is a subset of YAML. This is, however, a mass
1048 hysteria(*) and very far from the truth (as of the time of this 1293 hysteria(*) and very far from the truth (as of the time of this
1049 writing), so let me state it clearly: *in general, there is no way to 1294 writing), so let me state it clearly: *in general, there is no way to
1050 configure JSON::XS to output a data structure as valid YAML* that works 1295 configure JSON::XS to output a data structure as valid YAML* that works
1057 my $yaml = $to_yaml->encode ($ref) . "\n"; 1302 my $yaml = $to_yaml->encode ($ref) . "\n";
1058 1303
1059 This will *usually* generate JSON texts that also parse as valid YAML. 1304 This will *usually* generate JSON texts that also parse as valid YAML.
1060 Please note that YAML has hardcoded limits on (simple) object key 1305 Please note that YAML has hardcoded limits on (simple) object key
1061 lengths that JSON doesn't have and also has different and incompatible 1306 lengths that JSON doesn't have and also has different and incompatible
1062 unicode handling, so you should make sure that your hash keys are 1307 unicode character escape syntax, so you should make sure that your hash
1063 noticeably shorter than the 1024 "stream characters" YAML allows and 1308 keys are noticeably shorter than the 1024 "stream characters" YAML
1064 that you do not have characters with codepoint values outside the 1309 allows and that you do not have characters with codepoint values outside
1065 Unicode BMP (basic multilingual page). YAML also does not allow "\/" 1310 the Unicode BMP (basic multilingual page). YAML also does not allow "\/"
1066 sequences in strings (which JSON::XS does not *currently* generate, but 1311 sequences in strings (which JSON::XS does not *currently* generate, but
1067 other JSON generators might). 1312 other JSON generators might).
1068 1313
1069 There might be other incompatibilities that I am not aware of (or the 1314 There might be other incompatibilities that I am not aware of (or the
1070 YAML specification has been changed yet again - it does so quite often). 1315 YAML specification has been changed yet again - it does so quite often).
1087 (which is not that difficult or long) and finally make YAML 1332 (which is not that difficult or long) and finally make YAML
1088 compatible to it, and educating users about the changes, instead of 1333 compatible to it, and educating users about the changes, instead of
1089 spreading lies about the real compatibility for many *years* and 1334 spreading lies about the real compatibility for many *years* and
1090 trying to silence people who point out that it isn't true. 1335 trying to silence people who point out that it isn't true.
1091 1336
1337 Addendum/2009: the YAML 1.2 spec is still incompatible with JSON,
1338 even though the incompatibilities have been documented (and are
1339 known to Brian) for many years and the spec makes explicit claims
1340 that YAML is a superset of JSON. It would be so easy to fix, but
1341 apparently, bullying people and corrupting userdata is so much
1342 easier.
1343
1092 SPEED 1344 SPEED
1093 It seems that JSON::XS is surprisingly fast, as shown in the following 1345 It seems that JSON::XS is surprisingly fast, as shown in the following
1094 tables. They have been generated with the help of the "eg/bench" program 1346 tables. They have been generated with the help of the "eg/bench" program
1095 in the JSON::XS distribution, to make it easy to compare on your own 1347 in the JSON::XS distribution, to make it easy to compare on your own
1096 system. 1348 system.
1097 1349
1098 First comes a comparison between various modules using a very short 1350 First comes a comparison between various modules using a very short
1099 single-line JSON string (also available at 1351 single-line JSON string (also available at
1100 <http://dist.schmorp.de/misc/json/short.json>). 1352 <http://dist.schmorp.de/misc/json/short.json>).
1101 1353
1102 {"method": "handleMessage", "params": ["user1", "we were just talking"], \ 1354 {"method": "handleMessage", "params": ["user1",
1103 "id": null, "array":[1,11,234,-5,1e5,1e7, true, false]} 1355 "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7,
1356 1, 0]}
1104 1357
1105 It shows the number of encodes/decodes per second (JSON::XS uses the 1358 It shows the number of encodes/decodes per second (JSON::XS uses the
1106 functional interface, while JSON::XS/2 uses the OO interface with 1359 functional interface, while JSON::XS/2 uses the OO interface with
1107 pretty-printing and hashkey sorting enabled, JSON::XS/3 enables shrink). 1360 pretty-printing and hashkey sorting enabled, JSON::XS/3 enables shrink.
1108 Higher is better: 1361 JSON::DWIW/DS uses the deserialise function, while JSON::DWIW::FJ uses
1362 the from_json method). Higher is better:
1109 1363
1110 module | encode | decode | 1364 module | encode | decode |
1111 -----------|------------|------------| 1365 --------------|------------|------------|
1112 JSON 1.x | 4990.842 | 4088.813 | 1366 JSON::DWIW/DS | 86302.551 | 102300.098 |
1113 JSON::DWIW | 51653.990 | 71575.154 | 1367 JSON::DWIW/FJ | 86302.551 | 75983.768 |
1114 JSON::PC | 65948.176 | 74631.744 | 1368 JSON::PP | 15827.562 | 6638.658 |
1115 JSON::PP | 8931.652 | 3817.168 | 1369 JSON::Syck | 63358.066 | 47662.545 |
1116 JSON::Syck | 24877.248 | 27776.848 | 1370 JSON::XS | 511500.488 | 511500.488 |
1117 JSON::XS | 388361.481 | 227951.304 | 1371 JSON::XS/2 | 291271.111 | 388361.481 |
1118 JSON::XS/2 | 227951.304 | 218453.333 | 1372 JSON::XS/3 | 361577.931 | 361577.931 |
1119 JSON::XS/3 | 338250.323 | 218453.333 | 1373 Storable | 66788.280 | 265462.278 |
1120 Storable | 16500.016 | 135300.129 |
1121 -----------+------------+------------+ 1374 --------------+------------+------------+
1122 1375
1123 That is, JSON::XS is about five times faster than JSON::DWIW on 1376 That is, JSON::XS is almost six times faster than JSON::DWIW on
1124 encoding, about three times faster on decoding, and over forty times 1377 encoding, about five times faster on decoding, and over thirty to
1125 faster than JSON, even with pretty-printing and key sorting. It also 1378 seventy times faster than JSON's pure perl implementation. It also
1126 compares favourably to Storable for small amounts of data. 1379 compares favourably to Storable for small amounts of data.
1127 1380
1128 Using a longer test string (roughly 18KB, generated from Yahoo! Locals 1381 Using a longer test string (roughly 18KB, generated from Yahoo! Locals
1129 search API (<http://dist.schmorp.de/misc/json/long.json>). 1382 search API (<http://dist.schmorp.de/misc/json/long.json>).
1130 1383
1131 module | encode | decode | 1384 module | encode | decode |
1132 -----------|------------|------------| 1385 --------------|------------|------------|
1133 JSON 1.x | 55.260 | 34.971 | 1386 JSON::DWIW/DS | 1647.927 | 2673.916 |
1134 JSON::DWIW | 825.228 | 1082.513 | 1387 JSON::DWIW/FJ | 1630.249 | 2596.128 |
1135 JSON::PC | 3571.444 | 2394.829 |
1136 JSON::PP | 210.987 | 32.574 | 1388 JSON::PP | 400.640 | 62.311 |
1137 JSON::Syck | 552.551 | 787.544 | 1389 JSON::Syck | 1481.040 | 1524.869 |
1138 JSON::XS | 5780.463 | 4854.519 | 1390 JSON::XS | 20661.596 | 9541.183 |
1139 JSON::XS/2 | 3869.998 | 4798.975 | 1391 JSON::XS/2 | 10683.403 | 9416.938 |
1140 JSON::XS/3 | 5862.880 | 4798.975 | 1392 JSON::XS/3 | 20661.596 | 9400.054 |
1141 Storable | 4445.002 | 5235.027 | 1393 Storable | 19765.806 | 10000.725 |
1142 -----------+------------+------------+ 1394 --------------+------------+------------+
1143 1395
1144 Again, JSON::XS leads by far (except for Storable which non-surprisingly 1396 Again, JSON::XS leads by far (except for Storable which non-surprisingly
1145 decodes faster). 1397 decodes a bit faster).
1146 1398
1147 On large strings containing lots of high Unicode characters, some 1399 On large strings containing lots of high Unicode characters, some
1148 modules (such as JSON::PC) seem to decode faster than JSON::XS, but the 1400 modules (such as JSON::PC) seem to decode faster than JSON::XS, but the
1149 result will be broken due to missing (or wrong) Unicode handling. Others 1401 result will be broken due to missing (or wrong) Unicode handling. Others
1150 refuse to decode or encode properly, so it was impossible to prepare a 1402 refuse to decode or encode properly, so it was impossible to prepare a
1185 information you might want to make sure that exceptions thrown by 1437 information you might want to make sure that exceptions thrown by
1186 JSON::XS will not end up in front of untrusted eyes. 1438 JSON::XS will not end up in front of untrusted eyes.
1187 1439
1188 If you are using JSON::XS to return packets to consumption by JavaScript 1440 If you are using JSON::XS to return packets to consumption by JavaScript
1189 scripts in a browser you should have a look at 1441 scripts in a browser you should have a look at
1190 <http://jpsykes.com/47/practical-csrf-and-json-security> to see whether 1442 <http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/>
1191 you are vulnerable to some common attack vectors (which really are 1443 to see whether you are vulnerable to some common attack vectors (which
1192 browser design bugs, but it is still you who will have to deal with it, 1444 really are browser design bugs, but it is still you who will have to
1193 as major browser developers care only for features, not about getting 1445 deal with it, as major browser developers care only for features, not
1194 security right). 1446 about getting security right).
1447
1448"OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159)
1449 TL;DR: Due to security concerns, JSON::XS will not allow scalar data in
1450 JSON texts by default - you need to create your own JSON::XS object and
1451 enable "allow_nonref":
1452
1453 my $json = JSON::XS->new->allow_nonref;
1454
1455 $text = $json->encode ($data);
1456 $data = $json->decode ($text);
1457
1458 The long version: JSON being an important and supposedly stable format,
1459 the IETF standardised it as RFC 4627 in 2006. Unfortunately, the
1460 inventor of JSON, Dougles Crockford, unilaterally changed the definition
1461 of JSON in javascript. Rather than create a fork, the IETF decided to
1462 standardise the new syntax (apparently, so Iw as told, without finding
1463 it very amusing).
1464
1465 The biggest difference between thed original JSON and the new JSON is
1466 that the new JSON supports scalars (anything other than arrays and
1467 objects) at the toplevel of a JSON text. While this is strictly
1468 backwards compatible to older versions, it breaks a number of protocols
1469 that relied on sending JSON back-to-back, and is a minor security
1470 concern.
1471
1472 For example, imagine you have two banks communicating, and on one side,
1473 trhe JSON coder gets upgraded. Two messages, such as 10 and 1000 might
1474 then be confused to mean 101000, something that couldn't happen in the
1475 original JSON, because niether of these messages would be valid JSON.
1476
1477 If one side accepts these messages, then an upgrade in the coder on
1478 either side could result in this becoming exploitable.
1479
1480 This module has always allowed these messages as an optional extension,
1481 by default disabled. The security concerns are the reason why the
1482 default is still disabled, but future versions might/will likely upgrade
1483 to the newer RFC as default format, so you are advised to check your
1484 implementation and/or override the default with "->allow_nonref (0)" to
1485 ensure that future versions are safe.
1486
1487INTEROPERABILITY WITH OTHER MODULES
1488 "JSON::XS" uses the Types::Serialiser module to provide boolean
1489 constants. That means that the JSON true and false values will be
1490 comaptible to true and false values of other modules that do the same,
1491 such as JSON::PP and CBOR::XS.
1492
1493INTEROPERABILITY WITH OTHER JSON DECODERS
1494 As long as you only serialise data that can be directly expressed in
1495 JSON, "JSON::XS" is incapable of generating invalid JSON output (modulo
1496 bugs, but "JSON::XS" has found more bugs in the official JSON testsuite
1497 (1) than the official JSON testsuite has found in "JSON::XS" (0)).
1498
1499 When you have trouble decoding JSON generated by this module using other
1500 decoders, then it is very likely that you have an encoding mismatch or
1501 the other decoder is broken.
1502
1503 When decoding, "JSON::XS" is strict by default and will likely catch all
1504 errors. There are currently two settings that change this: "relaxed"
1505 makes "JSON::XS" accept (but not generate) some non-standard extensions,
1506 and "allow_tags" will allow you to encode and decode Perl objects, at
1507 the cost of not outputting valid JSON anymore.
1508
1509 TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS
1510 When you use "allow_tags" to use the extended (and also nonstandard and
1511 invalid) JSON syntax for serialised objects, and you still want to
1512 decode the generated When you want to serialise objects, you can run a
1513 regex to replace the tagged syntax by standard JSON arrays (it only
1514 works for "normal" package names without comma, newlines or single
1515 colons). First, the readable Perl version:
1516
1517 # if your FREEZE methods return no values, you need this replace first:
1518 $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx;
1519
1520 # this works for non-empty constructor arg lists:
1521 $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx;
1522
1523 And here is a less readable version that is easy to adapt to other
1524 languages:
1525
1526 $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g;
1527
1528 Here is an ECMAScript version (same regex):
1529
1530 json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,");
1531
1532 Since this syntax converts to standard JSON arrays, it might be hard to
1533 distinguish serialised objects from normal arrays. You can prepend a
1534 "magic number" as first array element to reduce chances of a collision:
1535
1536 $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g;
1537
1538 And after decoding the JSON text, you could walk the data structure
1539 looking for arrays with a first element of
1540 "XU1peReLzT4ggEllLanBYq4G9VzliwKF".
1541
1542 The same approach can be used to create the tagged format with another
1543 encoder. First, you create an array with the magic string as first
1544 member, the classname as second, and constructor arguments last, encode
1545 it as part of your JSON structure, and then:
1546
1547 $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g;
1548
1549 Again, this has some limitations - the magic string must not be encoded
1550 with character escapes, and the constructor arguments must be non-empty.
1551
1552RFC7159
1553 Since this module was written, Google has written a new JSON RFC, RFC
1554 7159 (and RFC7158). Unfortunately, this RFC breaks compatibility with
1555 both the original JSON specification on www.json.org and RFC4627.
1556
1557 As far as I can see, you can get partial compatibility when parsing by
1558 using "->allow_nonref". However, consider the security implications of
1559 doing so.
1560
1561 I haven't decided yet when to break compatibility with RFC4627 by
1562 default (and potentially leave applications insecure) and change the
1563 default to follow RFC7159, but application authors are well advised to
1564 call "->allow_nonref(0)" even if this is the current default, if they
1565 cannot handle non-reference values, in preparation for the day when the
1566 default will change.
1195 1567
1196THREADS 1568THREADS
1197 This module is *not* guaranteed to be thread safe and there are no plans 1569 This module is *not* guaranteed to be thread safe and there are no plans
1198 to change this until Perl gets thread support (as opposed to the 1570 to change this until Perl gets thread support (as opposed to the
1199 horribly slow so-called "threads" which are simply slow and bloated 1571 horribly slow so-called "threads" which are simply slow and bloated
1200 process simulations - use fork, it's *much* faster, cheaper, better). 1572 process simulations - use fork, it's *much* faster, cheaper, better).
1201 1573
1202 (It might actually work, but you have been warned). 1574 (It might actually work, but you have been warned).
1203 1575
1576THE PERILS OF SETLOCALE
1577 Sometimes people avoid the Perl locale support and directly call the
1578 system's setlocale function with "LC_ALL".
1579
1580 This breaks both perl and modules such as JSON::XS, as stringification
1581 of numbers no longer works correctly (e.g. "$x = 0.1; print "$x"+1"
1582 might print 1, and JSON::XS might output illegal JSON as JSON::XS relies
1583 on perl to stringify numbers).
1584
1585 The solution is simple: don't call "setlocale", or use it for only those
1586 categories you need, such as "LC_MESSAGES" or "LC_CTYPE".
1587
1588 If you need "LC_NUMERIC", you should enable it only around the code that
1589 actually needs it (avoiding stringification of numbers), and restore it
1590 afterwards.
1591
1204BUGS 1592BUGS
1205 While the goal of this module is to be correct, that unfortunately does 1593 While the goal of this module is to be correct, that unfortunately does
1206 not mean it's bug-free, only that I think its design is bug-free. It is 1594 not mean it's bug-free, only that I think its design is bug-free. If you
1207 still relatively early in its development. If you keep reporting bugs
1208 they will be fixed swiftly, though. 1595 keep reporting bugs they will be fixed swiftly, though.
1209 1596
1210 Please refrain from using rt.cpan.org or any other bug reporting 1597 Please refrain from using rt.cpan.org or any other bug reporting
1211 service. I put the contact address into my modules for a reason. 1598 service. I put the contact address into my modules for a reason.
1212 1599
1213SEE ALSO 1600SEE ALSO

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines