… | |
… | |
36 | JSON::XS are installed, then JSON will fall back on JSON::XS (this can |
36 | JSON::XS are installed, then JSON will fall back on JSON::XS (this can |
37 | be overridden) with no overhead due to emulation (by inheriting |
37 | be overridden) with no overhead due to emulation (by inheriting |
38 | constructor and methods). If JSON::XS is not available, it will fall |
38 | constructor and methods). If JSON::XS is not available, it will fall |
39 | back to the compatible JSON::PP module as backend, so using JSON instead |
39 | back to the compatible JSON::PP module as backend, so using JSON instead |
40 | of JSON::XS gives you a portable JSON API that can be fast when you need |
40 | of JSON::XS gives you a portable JSON API that can be fast when you need |
41 | and doesn't require a C compiler when that is a problem. |
41 | it and doesn't require a C compiler when that is a problem. |
42 | |
42 | |
43 | As this is the n-th-something JSON module on CPAN, what was the reason |
43 | As this is the n-th-something JSON module on CPAN, what was the reason |
44 | to write yet another JSON module? While it seems there are many JSON |
44 | to write yet another JSON module? While it seems there are many JSON |
45 | modules, none of them correctly handle all corner cases, and in most |
45 | modules, none of them correctly handle all corner cases, and in most |
46 | cases their maintainers are unresponsive, gone missing, or not listening |
46 | cases their maintainers are unresponsive, gone missing, or not listening |
… | |
… | |
56 | does so, and even documents what "correct" means. |
56 | does so, and even documents what "correct" means. |
57 | |
57 | |
58 | * round-trip integrity |
58 | * round-trip integrity |
59 | |
59 | |
60 | When you serialise a perl data structure using only data types |
60 | When you serialise a perl data structure using only data types |
61 | supported by JSON, the deserialised data structure is identical on |
61 | supported by JSON and Perl, the deserialised data structure is |
62 | the Perl level. (e.g. the string "2.0" doesn't suddenly become "2" |
62 | identical on the Perl level. (e.g. the string "2.0" doesn't suddenly |
63 | just because it looks like a number). There minor *are* exceptions |
63 | become "2" just because it looks like a number). There *are* minor |
64 | to this, read the MAPPING section below to learn about those. |
64 | exceptions to this, read the MAPPING section below to learn about |
|
|
65 | those. |
65 | |
66 | |
66 | * strict checking of JSON correctness |
67 | * strict checking of JSON correctness |
67 | |
68 | |
68 | There is no guessing, no generating of illegal JSON texts by |
69 | There is no guessing, no generating of illegal JSON texts by |
69 | default, and only JSON is accepted as input by default (the latter |
70 | default, and only JSON is accepted as input by default (the latter |
… | |
… | |
76 | too. |
77 | too. |
77 | |
78 | |
78 | * simple to use |
79 | * simple to use |
79 | |
80 | |
80 | This module has both a simple functional interface as well as an |
81 | This module has both a simple functional interface as well as an |
81 | object oriented interface interface. |
82 | object oriented interface. |
82 | |
83 | |
83 | * reasonably versatile output formats |
84 | * reasonably versatile output formats |
84 | |
85 | |
85 | You can choose between the most compact guaranteed-single-line |
86 | You can choose between the most compact guaranteed-single-line |
86 | format possible (nice for simple line-based protocols), a pure-ASCII |
87 | format possible (nice for simple line-based protocols), a pure-ASCII |
… | |
… | |
111 | This function call is functionally identical to: |
112 | This function call is functionally identical to: |
112 | |
113 | |
113 | $perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
114 | $perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
114 | |
115 | |
115 | Except being faster. |
116 | Except being faster. |
116 | |
|
|
117 | $is_boolean = JSON::XS::is_bool $scalar |
|
|
118 | Returns true if the passed scalar represents either JSON::XS::true |
|
|
119 | or JSON::XS::false, two constants that act like 1 and 0, |
|
|
120 | respectively and are used to represent JSON "true" and "false" |
|
|
121 | values in Perl. |
|
|
122 | |
|
|
123 | See MAPPING, below, for more information on how JSON values are |
|
|
124 | mapped to Perl. |
|
|
125 | |
117 | |
126 | A FEW NOTES ON UNICODE AND PERL |
118 | A FEW NOTES ON UNICODE AND PERL |
127 | Since this often leads to confusion, here are a few very clear words on |
119 | Since this often leads to confusion, here are a few very clear words on |
128 | how Unicode works in Perl, modulo bugs. |
120 | how Unicode works in Perl, modulo bugs. |
129 | |
121 | |
… | |
… | |
360 | [ |
352 | [ |
361 | 1, # this comment not allowed in JSON |
353 | 1, # this comment not allowed in JSON |
362 | # neither this one... |
354 | # neither this one... |
363 | ] |
355 | ] |
364 | |
356 | |
|
|
357 | * literal ASCII TAB characters in strings |
|
|
358 | |
|
|
359 | Literal ASCII TAB characters are now allowed in strings (and |
|
|
360 | treated as "\t"). |
|
|
361 | |
|
|
362 | [ |
|
|
363 | "Hello\tWorld", |
|
|
364 | "Hello<TAB>World", # literal <TAB> would not normally be allowed |
|
|
365 | ] |
|
|
366 | |
365 | $json = $json->canonical ([$enable]) |
367 | $json = $json->canonical ([$enable]) |
366 | $enabled = $json->get_canonical |
368 | $enabled = $json->get_canonical |
367 | If $enable is true (or missing), then the "encode" method will |
369 | If $enable is true (or missing), then the "encode" method will |
368 | output JSON objects by sorting their keys. This is adding a |
370 | output JSON objects by sorting their keys. This is adding a |
369 | comparatively high overhead. |
371 | comparatively high overhead. |
370 | |
372 | |
371 | If $enable is false, then the "encode" method will output key-value |
373 | If $enable is false, then the "encode" method will output key-value |
372 | pairs in the order Perl stores them (which will likely change |
374 | pairs in the order Perl stores them (which will likely change |
373 | between runs of the same script). |
375 | between runs of the same script, and can change even within the same |
|
|
376 | run from 5.18 onwards). |
374 | |
377 | |
375 | This option is useful if you want the same data structure to be |
378 | This option is useful if you want the same data structure to be |
376 | encoded as the same JSON text (given the same overall settings). If |
379 | encoded as the same JSON text (given the same overall settings). If |
377 | it is disabled, the same hash might be encoded differently even if |
380 | it is disabled, the same hash might be encoded differently even if |
378 | contains the same data, as key-value pairs have no inherent ordering |
381 | contains the same data, as key-value pairs have no inherent ordering |
… | |
… | |
415 | recommended to leave it off unless you know your communications |
418 | recommended to leave it off unless you know your communications |
416 | partner. |
419 | partner. |
417 | |
420 | |
418 | $json = $json->allow_blessed ([$enable]) |
421 | $json = $json->allow_blessed ([$enable]) |
419 | $enabled = $json->get_allow_blessed |
422 | $enabled = $json->get_allow_blessed |
|
|
423 | See "OBJECT SERIALISATION" for details. |
|
|
424 | |
420 | If $enable is true (or missing), then the "encode" method will not |
425 | If $enable is true (or missing), then the "encode" method will not |
421 | barf when it encounters a blessed reference. Instead, the value of |
426 | barf when it encounters a blessed reference that it cannot convert |
422 | the convert_blessed option will decide whether "null" |
427 | otherwise. Instead, a JSON "null" value is encoded instead of the |
423 | ("convert_blessed" disabled or no "TO_JSON" method found) or a |
428 | object. |
424 | representation of the object ("convert_blessed" enabled and |
|
|
425 | "TO_JSON" method found) is being encoded. Has no effect on "decode". |
|
|
426 | |
429 | |
427 | If $enable is false (the default), then "encode" will throw an |
430 | If $enable is false (the default), then "encode" will throw an |
428 | exception when it encounters a blessed object. |
431 | exception when it encounters a blessed object that it cannot convert |
|
|
432 | otherwise. |
|
|
433 | |
|
|
434 | This setting has no effect on "decode". |
429 | |
435 | |
430 | $json = $json->convert_blessed ([$enable]) |
436 | $json = $json->convert_blessed ([$enable]) |
431 | $enabled = $json->get_convert_blessed |
437 | $enabled = $json->get_convert_blessed |
|
|
438 | See "OBJECT SERIALISATION" for details. |
|
|
439 | |
432 | If $enable is true (or missing), then "encode", upon encountering a |
440 | If $enable is true (or missing), then "encode", upon encountering a |
433 | blessed object, will check for the availability of the "TO_JSON" |
441 | blessed object, will check for the availability of the "TO_JSON" |
434 | method on the object's class. If found, it will be called in scalar |
442 | method on the object's class. If found, it will be called in scalar |
435 | context and the resulting scalar will be encoded instead of the |
443 | context and the resulting scalar will be encoded instead of the |
436 | object. If no "TO_JSON" method is found, the value of |
444 | object. |
437 | "allow_blessed" will decide what to do. |
|
|
438 | |
445 | |
439 | The "TO_JSON" method may safely call die if it wants. If "TO_JSON" |
446 | The "TO_JSON" method may safely call die if it wants. If "TO_JSON" |
440 | returns other blessed objects, those will be handled in the same |
447 | returns other blessed objects, those will be handled in the same |
441 | way. "TO_JSON" must take care of not causing an endless recursion |
448 | way. "TO_JSON" must take care of not causing an endless recursion |
442 | cycle (== crash) in this case. The name of "TO_JSON" was chosen |
449 | cycle (== crash) in this case. The name of "TO_JSON" was chosen |
443 | because other methods called by the Perl core (== not by the user of |
450 | because other methods called by the Perl core (== not by the user of |
444 | the object) are usually in upper case letters and to avoid |
451 | the object) are usually in upper case letters and to avoid |
445 | collisions with any "to_json" function or method. |
452 | collisions with any "to_json" function or method. |
446 | |
453 | |
447 | This setting does not yet influence "decode" in any way, but in the |
454 | If $enable is false (the default), then "encode" will not consider |
448 | future, global hooks might get installed that influence "decode" and |
455 | this type of conversion. |
449 | are enabled by this setting. |
|
|
450 | |
456 | |
451 | If $enable is false, then the "allow_blessed" setting will decide |
457 | This setting has no effect on "decode". |
452 | what to do when a blessed object is found. |
458 | |
|
|
459 | $json = $json->allow_tags ([$enable]) |
|
|
460 | $enabled = $json->allow_tags |
|
|
461 | See "OBJECT SERIALISATION" for details. |
|
|
462 | |
|
|
463 | If $enable is true (or missing), then "encode", upon encountering a |
|
|
464 | blessed object, will check for the availability of the "FREEZE" |
|
|
465 | method on the object's class. If found, it will be used to serialise |
|
|
466 | the object into a nonstandard tagged JSON value (that JSON decoders |
|
|
467 | cannot decode). |
|
|
468 | |
|
|
469 | It also causes "decode" to parse such tagged JSON values and |
|
|
470 | deserialise them via a call to the "THAW" method. |
|
|
471 | |
|
|
472 | If $enable is false (the default), then "encode" will not consider |
|
|
473 | this type of conversion, and tagged JSON values will cause a parse |
|
|
474 | error in "decode", as if tags were not part of the grammar. |
453 | |
475 | |
454 | $json = $json->filter_json_object ([$coderef->($hashref)]) |
476 | $json = $json->filter_json_object ([$coderef->($hashref)]) |
455 | When $coderef is specified, it will be called from "decode" each |
477 | When $coderef is specified, it will be called from "decode" each |
456 | time it decodes a JSON object. The only argument is a reference to |
478 | time it decodes a JSON object. The only argument is a reference to |
457 | the newly-created hash. If the code references returns a single |
479 | the newly-created hash. If the code references returns a single |
… | |
… | |
593 | |
615 | |
594 | See SECURITY CONSIDERATIONS, below, for more info on why this is |
616 | See SECURITY CONSIDERATIONS, below, for more info on why this is |
595 | useful. |
617 | useful. |
596 | |
618 | |
597 | $json_text = $json->encode ($perl_scalar) |
619 | $json_text = $json->encode ($perl_scalar) |
598 | Converts the given Perl data structure (a simple scalar or a |
620 | Converts the given Perl value or data structure to its JSON |
599 | reference to a hash or array) to its JSON representation. Simple |
621 | representation. Croaks on error. |
600 | scalars will be converted into JSON string or number sequences, |
|
|
601 | while references to arrays become JSON arrays and references to |
|
|
602 | hashes become JSON objects. Undefined Perl values (e.g. "undef") |
|
|
603 | become JSON "null" values. Neither "true" nor "false" values will be |
|
|
604 | generated. |
|
|
605 | |
622 | |
606 | $perl_scalar = $json->decode ($json_text) |
623 | $perl_scalar = $json->decode ($json_text) |
607 | The opposite of "encode": expects a JSON text and tries to parse it, |
624 | The opposite of "encode": expects a JSON text and tries to parse it, |
608 | returning the resulting simple scalar or reference. Croaks on error. |
625 | returning the resulting simple scalar or reference. Croaks on error. |
609 | |
|
|
610 | JSON numbers and strings become simple Perl scalars. JSON arrays |
|
|
611 | become Perl arrayrefs and JSON objects become Perl hashrefs. "true" |
|
|
612 | becomes 1, "false" becomes 0 and "null" becomes "undef". |
|
|
613 | |
626 | |
614 | ($perl_scalar, $characters) = $json->decode_prefix ($json_text) |
627 | ($perl_scalar, $characters) = $json->decode_prefix ($json_text) |
615 | This works like the "decode" method, but instead of raising an |
628 | This works like the "decode" method, but instead of raising an |
616 | exception when there is trailing garbage after the first JSON |
629 | exception when there is trailing garbage after the first JSON |
617 | object, it will silently stop parsing there and return the number of |
630 | object, it will silently stop parsing there and return the number of |
618 | characters consumed so far. |
631 | characters consumed so far. |
619 | |
632 | |
620 | This is useful if your JSON texts are not delimited by an outer |
633 | This is useful if your JSON texts are not delimited by an outer |
621 | protocol (which is not the brightest thing to do in the first place) |
|
|
622 | and you need to know where the JSON text ends. |
634 | protocol and you need to know where the JSON text ends. |
623 | |
635 | |
624 | JSON::XS->new->decode_prefix ("[1] the tail") |
636 | JSON::XS->new->decode_prefix ("[1] the tail") |
625 | => ([], 3) |
637 | => ([1], 3) |
626 | |
638 | |
627 | INCREMENTAL PARSING |
639 | INCREMENTAL PARSING |
628 | In some cases, there is the need for incremental parsing of JSON texts. |
640 | In some cases, there is the need for incremental parsing of JSON texts. |
629 | While this module always has to keep both JSON text and resulting Perl |
641 | While this module always has to keep both JSON text and resulting Perl |
630 | data structure in memory at one time, it does allow you to parse a JSON |
642 | data structure in memory at one time, it does allow you to parse a JSON |
… | |
… | |
635 | calls). |
647 | calls). |
636 | |
648 | |
637 | JSON::XS will only attempt to parse the JSON text once it is sure it has |
649 | JSON::XS will only attempt to parse the JSON text once it is sure it has |
638 | enough text to get a decisive result, using a very simple but truly |
650 | enough text to get a decisive result, using a very simple but truly |
639 | incremental parser. This means that it sometimes won't stop as early as |
651 | incremental parser. This means that it sometimes won't stop as early as |
640 | the full parser, for example, it doesn't detect parenthese mismatches. |
652 | the full parser, for example, it doesn't detect mismatched parentheses. |
641 | The only thing it guarantees is that it starts decoding as soon as a |
653 | The only thing it guarantees is that it starts decoding as soon as a |
642 | syntactically valid JSON text has been seen. This means you need to set |
654 | syntactically valid JSON text has been seen. This means you need to set |
643 | resource limits (e.g. "max_size") to ensure the parser will stop parsing |
655 | resource limits (e.g. "max_size") to ensure the parser will stop parsing |
644 | in the presence if syntax errors. |
656 | in the presence if syntax errors. |
645 | |
657 | |
… | |
… | |
659 | |
671 | |
660 | If the method is called in scalar context, then it will try to |
672 | If the method is called in scalar context, then it will try to |
661 | extract exactly *one* JSON object. If that is successful, it will |
673 | extract exactly *one* JSON object. If that is successful, it will |
662 | return this object, otherwise it will return "undef". If there is a |
674 | return this object, otherwise it will return "undef". If there is a |
663 | parse error, this method will croak just as "decode" would do (one |
675 | parse error, this method will croak just as "decode" would do (one |
664 | can then use "incr_skip" to skip the errornous part). This is the |
676 | can then use "incr_skip" to skip the erroneous part). This is the |
665 | most common way of using the method. |
677 | most common way of using the method. |
666 | |
678 | |
667 | And finally, in list context, it will try to extract as many objects |
679 | And finally, in list context, it will try to extract as many objects |
668 | from the stream as it can find and return them, or the empty list |
680 | from the stream as it can find and return them, or the empty list |
669 | otherwise. For this to work, there must be no separators between the |
681 | otherwise. For this to work, there must be no separators (other than |
670 | JSON objects or arrays, instead they must be concatenated |
682 | whitespace) between the JSON objects or arrays, instead they must be |
671 | back-to-back. If an error occurs, an exception will be raised as in |
683 | concatenated back-to-back. If an error occurs, an exception will be |
672 | the scalar context case. Note that in this case, any |
684 | raised as in the scalar context case. Note that in this case, any |
673 | previously-parsed JSON texts will be lost. |
685 | previously-parsed JSON texts will be lost. |
|
|
686 | |
|
|
687 | Example: Parse some JSON arrays/objects in a given string and return |
|
|
688 | them. |
|
|
689 | |
|
|
690 | my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]"); |
674 | |
691 | |
675 | $lvalue_string = $json->incr_text |
692 | $lvalue_string = $json->incr_text |
676 | This method returns the currently stored JSON fragment as an lvalue, |
693 | This method returns the currently stored JSON fragment as an lvalue, |
677 | that is, you can manipulate it. This *only* works when a preceding |
694 | that is, you can manipulate it. This *only* works when a preceding |
678 | call to "incr_parse" in *scalar context* successfully returned an |
695 | call to "incr_parse" in *scalar context* successfully returned an |
… | |
… | |
680 | function (I mean it. although in simple tests it might actually |
697 | function (I mean it. although in simple tests it might actually |
681 | work, it *will* fail under real world conditions). As a special |
698 | work, it *will* fail under real world conditions). As a special |
682 | exception, you can also call this method before having parsed |
699 | exception, you can also call this method before having parsed |
683 | anything. |
700 | anything. |
684 | |
701 | |
|
|
702 | That means you can only use this function to look at or manipulate |
|
|
703 | text before or after complete JSON objects, not while the parser is |
|
|
704 | in the middle of parsing a JSON object. |
|
|
705 | |
685 | This function is useful in two cases: a) finding the trailing text |
706 | This function is useful in two cases: a) finding the trailing text |
686 | after a JSON object or b) parsing multiple JSON objects separated by |
707 | after a JSON object or b) parsing multiple JSON objects separated by |
687 | non-JSON text (such as commas). |
708 | non-JSON text (such as commas). |
688 | |
709 | |
689 | $json->incr_skip |
710 | $json->incr_skip |
… | |
… | |
692 | "incr_parse" died, in which case the input buffer and incremental |
713 | "incr_parse" died, in which case the input buffer and incremental |
693 | parser state is left unchanged, to skip the text parsed so far and |
714 | parser state is left unchanged, to skip the text parsed so far and |
694 | to reset the parse state. |
715 | to reset the parse state. |
695 | |
716 | |
696 | The difference to "incr_reset" is that only text until the parse |
717 | The difference to "incr_reset" is that only text until the parse |
697 | error occured is removed. |
718 | error occurred is removed. |
698 | |
719 | |
699 | $json->incr_reset |
720 | $json->incr_reset |
700 | This completely resets the incremental parser, that is, after this |
721 | This completely resets the incremental parser, that is, after this |
701 | call, it will be as if the parser had never parsed anything. |
722 | call, it will be as if the parser had never parsed anything. |
702 | |
723 | |
… | |
… | |
886 | If the number consists of digits only, JSON::XS will try to |
907 | If the number consists of digits only, JSON::XS will try to |
887 | represent it as an integer value. If that fails, it will try to |
908 | represent it as an integer value. If that fails, it will try to |
888 | represent it as a numeric (floating point) value if that is possible |
909 | represent it as a numeric (floating point) value if that is possible |
889 | without loss of precision. Otherwise it will preserve the number as |
910 | without loss of precision. Otherwise it will preserve the number as |
890 | a string value (in which case you lose roundtripping ability, as the |
911 | a string value (in which case you lose roundtripping ability, as the |
891 | JSON number will be re-encoded toa JSON string). |
912 | JSON number will be re-encoded to a JSON string). |
892 | |
913 | |
893 | Numbers containing a fractional or exponential part will always be |
914 | Numbers containing a fractional or exponential part will always be |
894 | represented as numeric (floating point) values, possibly at a loss |
915 | represented as numeric (floating point) values, possibly at a loss |
895 | of precision (in which case you might lose perfect roundtripping |
916 | of precision (in which case you might lose perfect roundtripping |
896 | ability, but the JSON number will still be re-encoded as a JSON |
917 | ability, but the JSON number will still be re-encoded as a JSON |
897 | number). |
918 | number). |
898 | |
919 | |
|
|
920 | Note that precision is not accuracy - binary floating point values |
|
|
921 | cannot represent most decimal fractions exactly, and when converting |
|
|
922 | from and to floating point, JSON::XS only guarantees precision up to |
|
|
923 | but not including the least significant bit. |
|
|
924 | |
899 | true, false |
925 | true, false |
900 | These JSON atoms become "JSON::XS::true" and "JSON::XS::false", |
926 | These JSON atoms become "Types::Serialiser::true" and |
901 | respectively. They are overloaded to act almost exactly like the |
927 | "Types::Serialiser::false", respectively. They are overloaded to act |
902 | numbers 1 and 0. You can check whether a scalar is a JSON boolean by |
928 | almost exactly like the numbers 1 and 0. You can check whether a |
903 | using the "JSON::XS::is_bool" function. |
929 | scalar is a JSON boolean by using the "Types::Serialiser::is_bool" |
|
|
930 | function (after "use Types::Serialier", of course). |
904 | |
931 | |
905 | null |
932 | null |
906 | A JSON null atom becomes "undef" in Perl. |
933 | A JSON null atom becomes "undef" in Perl. |
|
|
934 | |
|
|
935 | shell-style comments ("# *text*") |
|
|
936 | As a nonstandard extension to the JSON syntax that is enabled by the |
|
|
937 | "relaxed" setting, shell-style comments are allowed. They can start |
|
|
938 | anywhere outside strings and go till the end of the line. |
|
|
939 | |
|
|
940 | tagged values ("(*tag*)*value*"). |
|
|
941 | Another nonstandard extension to the JSON syntax, enabled with the |
|
|
942 | "allow_tags" setting, are tagged values. In this implementation, the |
|
|
943 | *tag* must be a perl package/class name encoded as a JSON string, |
|
|
944 | and the *value* must be a JSON array encoding optional constructor |
|
|
945 | arguments. |
|
|
946 | |
|
|
947 | See "OBJECT SERIALISATION", below, for details. |
907 | |
948 | |
908 | PERL -> JSON |
949 | PERL -> JSON |
909 | The mapping from Perl to JSON is slightly more difficult, as Perl is a |
950 | The mapping from Perl to JSON is slightly more difficult, as Perl is a |
910 | truly typeless language, so we can only guess which JSON type is meant |
951 | truly typeless language, so we can only guess which JSON type is meant |
911 | by a Perl value. |
952 | by a Perl value. |
912 | |
953 | |
913 | hash references |
954 | hash references |
914 | Perl hash references become JSON objects. As there is no inherent |
955 | Perl hash references become JSON objects. As there is no inherent |
915 | ordering in hash keys (or JSON objects), they will usually be |
956 | ordering in hash keys (or JSON objects), they will usually be |
916 | encoded in a pseudo-random order that can change between runs of the |
957 | encoded in a pseudo-random order. JSON::XS can optionally sort the |
917 | same program but stays generally the same within a single run of a |
958 | hash keys (determined by the *canonical* flag), so the same |
918 | program. JSON::XS can optionally sort the hash keys (determined by |
959 | datastructure will serialise to the same JSON text (given same |
919 | the *canonical* flag), so the same datastructure will serialise to |
960 | settings and version of JSON::XS), but this incurs a runtime |
920 | the same JSON text (given same settings and version of JSON::XS), |
961 | overhead and is only rarely useful, e.g. when you want to compare |
921 | but this incurs a runtime overhead and is only rarely useful, e.g. |
962 | some JSON text against another for equality. |
922 | when you want to compare some JSON text against another for |
|
|
923 | equality. |
|
|
924 | |
963 | |
925 | array references |
964 | array references |
926 | Perl array references become JSON arrays. |
965 | Perl array references become JSON arrays. |
927 | |
966 | |
928 | other references |
967 | other references |
929 | Other unblessed references are generally not allowed and will cause |
968 | Other unblessed references are generally not allowed and will cause |
930 | an exception to be thrown, except for references to the integers 0 |
969 | an exception to be thrown, except for references to the integers 0 |
931 | and 1, which get turned into "false" and "true" atoms in JSON. You |
970 | and 1, which get turned into "false" and "true" atoms in JSON. |
932 | can also use "JSON::XS::false" and "JSON::XS::true" to improve |
971 | |
|
|
972 | Since "JSON::XS" uses the boolean model from Types::Serialiser, you |
|
|
973 | can also "use Types::Serialiser" and then use |
|
|
974 | "Types::Serialiser::false" and "Types::Serialiser::true" to improve |
933 | readability. |
975 | readability. |
934 | |
976 | |
|
|
977 | use Types::Serialiser; |
935 | encode_json [\0, JSON::XS::true] # yields [false,true] |
978 | encode_json [\0, Types::Serialiser::true] # yields [false,true] |
936 | |
979 | |
937 | JSON::XS::true, JSON::XS::false |
980 | Types::Serialiser::true, Types::Serialiser::false |
938 | These special values become JSON true and JSON false values, |
981 | These special values from the Types::Serialiser module become JSON |
939 | respectively. You can also use "\1" and "\0" directly if you want. |
982 | true and JSON false values, respectively. You can also use "\1" and |
|
|
983 | "\0" directly if you want. |
940 | |
984 | |
941 | blessed objects |
985 | blessed objects |
942 | Blessed objects are not directly representable in JSON. See the |
986 | Blessed objects are not directly representable in JSON, but |
943 | "allow_blessed" and "convert_blessed" methods on various options on |
987 | "JSON::XS" allows various ways of handling objects. See "OBJECT |
944 | how to deal with this: basically, you can choose between throwing an |
988 | SERIALISATION", below, for details. |
945 | exception, encoding the reference as if it weren't blessed, or |
|
|
946 | provide your own serialiser method. |
|
|
947 | |
989 | |
948 | simple scalars |
990 | simple scalars |
949 | Simple Perl scalars (any scalar that is not a reference) are the |
991 | Simple Perl scalars (any scalar that is not a reference) are the |
950 | most difficult objects to encode: JSON::XS will encode undefined |
992 | most difficult objects to encode: JSON::XS will encode undefined |
951 | scalars as JSON "null" values, scalars that have last been used in a |
993 | scalars as JSON "null" values, scalars that have last been used in a |
… | |
… | |
979 | |
1021 | |
980 | You can not currently force the type in other, less obscure, ways. |
1022 | You can not currently force the type in other, less obscure, ways. |
981 | Tell me if you need this capability (but don't forget to explain why |
1023 | Tell me if you need this capability (but don't forget to explain why |
982 | it's needed :). |
1024 | it's needed :). |
983 | |
1025 | |
|
|
1026 | Note that numerical precision has the same meaning as under Perl (so |
|
|
1027 | binary to decimal conversion follows the same rules as in Perl, |
|
|
1028 | which can differ to other languages). Also, your perl interpreter |
|
|
1029 | might expose extensions to the floating point numbers of your |
|
|
1030 | platform, such as infinities or NaN's - these cannot be represented |
|
|
1031 | in JSON, and it is an error to pass those in. |
|
|
1032 | |
|
|
1033 | OBJECT SERIALISATION |
|
|
1034 | As JSON cannot directly represent Perl objects, you have to choose |
|
|
1035 | between a pure JSON representation (without the ability to deserialise |
|
|
1036 | the object automatically again), and a nonstandard extension to the JSON |
|
|
1037 | syntax, tagged values. |
|
|
1038 | |
|
|
1039 | SERIALISATION |
|
|
1040 | What happens when "JSON::XS" encounters a Perl object depends on the |
|
|
1041 | "allow_blessed", "convert_blessed" and "allow_tags" settings, which are |
|
|
1042 | used in this order: |
|
|
1043 | |
|
|
1044 | 1. "allow_tags" is enabled and the object has a "FREEZE" method. |
|
|
1045 | In this case, "JSON::XS" uses the Types::Serialiser object |
|
|
1046 | serialisation protocol to create a tagged JSON value, using a |
|
|
1047 | nonstandard extension to the JSON syntax. |
|
|
1048 | |
|
|
1049 | This works by invoking the "FREEZE" method on the object, with the |
|
|
1050 | first argument being the object to serialise, and the second |
|
|
1051 | argument being the constant string "JSON" to distinguish it from |
|
|
1052 | other serialisers. |
|
|
1053 | |
|
|
1054 | The "FREEZE" method can return any number of values (i.e. zero or |
|
|
1055 | more). These values and the paclkage/classname of the object will |
|
|
1056 | then be encoded as a tagged JSON value in the following format: |
|
|
1057 | |
|
|
1058 | ("classname")[FREEZE return values...] |
|
|
1059 | |
|
|
1060 | e.g.: |
|
|
1061 | |
|
|
1062 | ("URI")["http://www.google.com/"] |
|
|
1063 | ("MyDate")[2013,10,29] |
|
|
1064 | ("ImageData::JPEG")["Z3...VlCg=="] |
|
|
1065 | |
|
|
1066 | For example, the hypothetical "My::Object" "FREEZE" method might use |
|
|
1067 | the objects "type" and "id" members to encode the object: |
|
|
1068 | |
|
|
1069 | sub My::Object::FREEZE { |
|
|
1070 | my ($self, $serialiser) = @_; |
|
|
1071 | |
|
|
1072 | ($self->{type}, $self->{id}) |
|
|
1073 | } |
|
|
1074 | |
|
|
1075 | 2. "convert_blessed" is enabled and the object has a "TO_JSON" method. |
|
|
1076 | In this case, the "TO_JSON" method of the object is invoked in |
|
|
1077 | scalar context. It must return a single scalar that can be directly |
|
|
1078 | encoded into JSON. This scalar replaces the object in the JSON text. |
|
|
1079 | |
|
|
1080 | For example, the following "TO_JSON" method will convert all URI |
|
|
1081 | objects to JSON strings when serialised. The fatc that these values |
|
|
1082 | originally were URI objects is lost. |
|
|
1083 | |
|
|
1084 | sub URI::TO_JSON { |
|
|
1085 | my ($uri) = @_; |
|
|
1086 | $uri->as_string |
|
|
1087 | } |
|
|
1088 | |
|
|
1089 | 3. "allow_blessed" is enabled. |
|
|
1090 | The object will be serialised as a JSON null value. |
|
|
1091 | |
|
|
1092 | 4. none of the above |
|
|
1093 | If none of the settings are enabled or the respective methods are |
|
|
1094 | missing, "JSON::XS" throws an exception. |
|
|
1095 | |
|
|
1096 | DESERIALISATION |
|
|
1097 | For deserialisation there are only two cases to consider: either |
|
|
1098 | nonstandard tagging was used, in which case "allow_tags" decides, or |
|
|
1099 | objects cannot be automatically be deserialised, in which case you can |
|
|
1100 | use postprocessing or the "filter_json_object" or |
|
|
1101 | "filter_json_single_key_object" callbacks to get some real objects our |
|
|
1102 | of your JSON. |
|
|
1103 | |
|
|
1104 | This section only considers the tagged value case: I a tagged JSON |
|
|
1105 | object is encountered during decoding and "allow_tags" is disabled, a |
|
|
1106 | parse error will result (as if tagged values were not part of the |
|
|
1107 | grammar). |
|
|
1108 | |
|
|
1109 | If "allow_tags" is enabled, "JSON::XS" will look up the "THAW" method of |
|
|
1110 | the package/classname used during serialisation (it will not attempt to |
|
|
1111 | load the package as a Perl module). If there is no such method, the |
|
|
1112 | decoding will fail with an error. |
|
|
1113 | |
|
|
1114 | Otherwise, the "THAW" method is invoked with the classname as first |
|
|
1115 | argument, the constant string "JSON" as second argument, and all the |
|
|
1116 | values from the JSON array (the values originally returned by the |
|
|
1117 | "FREEZE" method) as remaining arguments. |
|
|
1118 | |
|
|
1119 | The method must then return the object. While technically you can return |
|
|
1120 | any Perl scalar, you might have to enable the "enable_nonref" setting to |
|
|
1121 | make that work in all cases, so better return an actual blessed |
|
|
1122 | reference. |
|
|
1123 | |
|
|
1124 | As an example, let's implement a "THAW" function that regenerates the |
|
|
1125 | "My::Object" from the "FREEZE" example earlier: |
|
|
1126 | |
|
|
1127 | sub My::Object::THAW { |
|
|
1128 | my ($class, $serialiser, $type, $id) = @_; |
|
|
1129 | |
|
|
1130 | $class->new (type => $type, id => $id) |
|
|
1131 | } |
|
|
1132 | |
984 | ENCODING/CODESET FLAG NOTES |
1133 | ENCODING/CODESET FLAG NOTES |
985 | The interested reader might have seen a number of flags that signify |
1134 | The interested reader might have seen a number of flags that signify |
986 | encodings or codesets - "utf8", "latin1" and "ascii". There seems to be |
1135 | encodings or codesets - "utf8", "latin1" and "ascii". There seems to be |
987 | some confusion on what these do, so here is a short comparison: |
1136 | some confusion on what these do, so here is a short comparison: |
988 | |
1137 | |
… | |
… | |
1007 | |
1156 | |
1008 | "utf8" flag disabled |
1157 | "utf8" flag disabled |
1009 | When "utf8" is disabled (the default), then "encode"/"decode" |
1158 | When "utf8" is disabled (the default), then "encode"/"decode" |
1010 | generate and expect Unicode strings, that is, characters with high |
1159 | generate and expect Unicode strings, that is, characters with high |
1011 | ordinal Unicode values (> 255) will be encoded as such characters, |
1160 | ordinal Unicode values (> 255) will be encoded as such characters, |
1012 | and likewise such characters are decoded as-is, no canges to them |
1161 | and likewise such characters are decoded as-is, no changes to them |
1013 | will be done, except "(re-)interpreting" them as Unicode codepoints |
1162 | will be done, except "(re-)interpreting" them as Unicode codepoints |
1014 | or Unicode characters, respectively (to Perl, these are the same |
1163 | or Unicode characters, respectively (to Perl, these are the same |
1015 | thing in strings unless you do funny/weird/dumb stuff). |
1164 | thing in strings unless you do funny/weird/dumb stuff). |
1016 | |
1165 | |
1017 | This is useful when you want to do the encoding yourself (e.g. when |
1166 | This is useful when you want to do the encoding yourself (e.g. when |
… | |
… | |
1125 | characters as well - using "eval" naively simply *will* cause problems. |
1274 | characters as well - using "eval" naively simply *will* cause problems. |
1126 | |
1275 | |
1127 | Another problem is that some javascript implementations reserve some |
1276 | Another problem is that some javascript implementations reserve some |
1128 | property names for their own purposes (which probably makes them |
1277 | property names for their own purposes (which probably makes them |
1129 | non-ECMAscript-compliant). For example, Iceweasel reserves the |
1278 | non-ECMAscript-compliant). For example, Iceweasel reserves the |
1130 | "__proto__" property name for it's own purposes. |
1279 | "__proto__" property name for its own purposes. |
1131 | |
1280 | |
1132 | If that is a problem, you could parse try to filter the resulting JSON |
1281 | If that is a problem, you could parse try to filter the resulting JSON |
1133 | output for these property strings, e.g.: |
1282 | output for these property strings, e.g.: |
1134 | |
1283 | |
1135 | $json =~ s/"__proto__"\s*:/"__proto__renamed":/g; |
1284 | $json =~ s/"__proto__"\s*:/"__proto__renamed":/g; |
1136 | |
1285 | |
1137 | This works because "__proto__" is not valid outside of strings, so every |
1286 | This works because "__proto__" is not valid outside of strings, so every |
1138 | occurence of ""__proto__"\s*:" must be a string used as property name. |
1287 | occurrence of ""__proto__"\s*:" must be a string used as property name. |
1139 | |
1288 | |
1140 | If you know of other incompatibilities, please let me know. |
1289 | If you know of other incompatibilities, please let me know. |
1141 | |
1290 | |
1142 | JSON and YAML |
1291 | JSON and YAML |
1143 | You often hear that JSON is a subset of YAML. This is, however, a mass |
1292 | You often hear that JSON is a subset of YAML. This is, however, a mass |
… | |
… | |
1153 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
1302 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
1154 | |
1303 | |
1155 | This will *usually* generate JSON texts that also parse as valid YAML. |
1304 | This will *usually* generate JSON texts that also parse as valid YAML. |
1156 | Please note that YAML has hardcoded limits on (simple) object key |
1305 | Please note that YAML has hardcoded limits on (simple) object key |
1157 | lengths that JSON doesn't have and also has different and incompatible |
1306 | lengths that JSON doesn't have and also has different and incompatible |
1158 | unicode handling, so you should make sure that your hash keys are |
1307 | unicode character escape syntax, so you should make sure that your hash |
1159 | noticeably shorter than the 1024 "stream characters" YAML allows and |
1308 | keys are noticeably shorter than the 1024 "stream characters" YAML |
1160 | that you do not have characters with codepoint values outside the |
1309 | allows and that you do not have characters with codepoint values outside |
1161 | Unicode BMP (basic multilingual page). YAML also does not allow "\/" |
1310 | the Unicode BMP (basic multilingual page). YAML also does not allow "\/" |
1162 | sequences in strings (which JSON::XS does not *currently* generate, but |
1311 | sequences in strings (which JSON::XS does not *currently* generate, but |
1163 | other JSON generators might). |
1312 | other JSON generators might). |
1164 | |
1313 | |
1165 | There might be other incompatibilities that I am not aware of (or the |
1314 | There might be other incompatibilities that I am not aware of (or the |
1166 | YAML specification has been changed yet again - it does so quite often). |
1315 | YAML specification has been changed yet again - it does so quite often). |
… | |
… | |
1183 | (which is not that difficult or long) and finally make YAML |
1332 | (which is not that difficult or long) and finally make YAML |
1184 | compatible to it, and educating users about the changes, instead of |
1333 | compatible to it, and educating users about the changes, instead of |
1185 | spreading lies about the real compatibility for many *years* and |
1334 | spreading lies about the real compatibility for many *years* and |
1186 | trying to silence people who point out that it isn't true. |
1335 | trying to silence people who point out that it isn't true. |
1187 | |
1336 | |
|
|
1337 | Addendum/2009: the YAML 1.2 spec is still incompatible with JSON, |
|
|
1338 | even though the incompatibilities have been documented (and are |
|
|
1339 | known to Brian) for many years and the spec makes explicit claims |
|
|
1340 | that YAML is a superset of JSON. It would be so easy to fix, but |
|
|
1341 | apparently, bullying people and corrupting userdata is so much |
|
|
1342 | easier. |
|
|
1343 | |
1188 | SPEED |
1344 | SPEED |
1189 | It seems that JSON::XS is surprisingly fast, as shown in the following |
1345 | It seems that JSON::XS is surprisingly fast, as shown in the following |
1190 | tables. They have been generated with the help of the "eg/bench" program |
1346 | tables. They have been generated with the help of the "eg/bench" program |
1191 | in the JSON::XS distribution, to make it easy to compare on your own |
1347 | in the JSON::XS distribution, to make it easy to compare on your own |
1192 | system. |
1348 | system. |
… | |
… | |
1195 | single-line JSON string (also available at |
1351 | single-line JSON string (also available at |
1196 | <http://dist.schmorp.de/misc/json/short.json>). |
1352 | <http://dist.schmorp.de/misc/json/short.json>). |
1197 | |
1353 | |
1198 | {"method": "handleMessage", "params": ["user1", |
1354 | {"method": "handleMessage", "params": ["user1", |
1199 | "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7, |
1355 | "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7, |
1200 | true, false]} |
1356 | 1, 0]} |
1201 | |
1357 | |
1202 | It shows the number of encodes/decodes per second (JSON::XS uses the |
1358 | It shows the number of encodes/decodes per second (JSON::XS uses the |
1203 | functional interface, while JSON::XS/2 uses the OO interface with |
1359 | functional interface, while JSON::XS/2 uses the OO interface with |
1204 | pretty-printing and hashkey sorting enabled, JSON::XS/3 enables shrink). |
1360 | pretty-printing and hashkey sorting enabled, JSON::XS/3 enables shrink. |
1205 | Higher is better: |
1361 | JSON::DWIW/DS uses the deserialise function, while JSON::DWIW::FJ uses |
|
|
1362 | the from_json method). Higher is better: |
1206 | |
1363 | |
1207 | module | encode | decode | |
1364 | module | encode | decode | |
1208 | -----------|------------|------------| |
1365 | --------------|------------|------------| |
1209 | JSON 1.x | 4990.842 | 4088.813 | |
1366 | JSON::DWIW/DS | 86302.551 | 102300.098 | |
1210 | JSON::DWIW | 51653.990 | 71575.154 | |
1367 | JSON::DWIW/FJ | 86302.551 | 75983.768 | |
1211 | JSON::PC | 65948.176 | 74631.744 | |
1368 | JSON::PP | 15827.562 | 6638.658 | |
1212 | JSON::PP | 8931.652 | 3817.168 | |
1369 | JSON::Syck | 63358.066 | 47662.545 | |
1213 | JSON::Syck | 24877.248 | 27776.848 | |
1370 | JSON::XS | 511500.488 | 511500.488 | |
1214 | JSON::XS | 388361.481 | 227951.304 | |
1371 | JSON::XS/2 | 291271.111 | 388361.481 | |
1215 | JSON::XS/2 | 227951.304 | 218453.333 | |
1372 | JSON::XS/3 | 361577.931 | 361577.931 | |
1216 | JSON::XS/3 | 338250.323 | 218453.333 | |
1373 | Storable | 66788.280 | 265462.278 | |
1217 | Storable | 16500.016 | 135300.129 | |
|
|
1218 | -----------+------------+------------+ |
1374 | --------------+------------+------------+ |
1219 | |
1375 | |
1220 | That is, JSON::XS is about five times faster than JSON::DWIW on |
1376 | That is, JSON::XS is almost six times faster than JSON::DWIW on |
1221 | encoding, about three times faster on decoding, and over forty times |
1377 | encoding, about five times faster on decoding, and over thirty to |
1222 | faster than JSON, even with pretty-printing and key sorting. It also |
1378 | seventy times faster than JSON's pure perl implementation. It also |
1223 | compares favourably to Storable for small amounts of data. |
1379 | compares favourably to Storable for small amounts of data. |
1224 | |
1380 | |
1225 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
1381 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
1226 | search API (<http://dist.schmorp.de/misc/json/long.json>). |
1382 | search API (<http://dist.schmorp.de/misc/json/long.json>). |
1227 | |
1383 | |
1228 | module | encode | decode | |
1384 | module | encode | decode | |
1229 | -----------|------------|------------| |
1385 | --------------|------------|------------| |
1230 | JSON 1.x | 55.260 | 34.971 | |
1386 | JSON::DWIW/DS | 1647.927 | 2673.916 | |
1231 | JSON::DWIW | 825.228 | 1082.513 | |
1387 | JSON::DWIW/FJ | 1630.249 | 2596.128 | |
1232 | JSON::PC | 3571.444 | 2394.829 | |
|
|
1233 | JSON::PP | 210.987 | 32.574 | |
1388 | JSON::PP | 400.640 | 62.311 | |
1234 | JSON::Syck | 552.551 | 787.544 | |
1389 | JSON::Syck | 1481.040 | 1524.869 | |
1235 | JSON::XS | 5780.463 | 4854.519 | |
1390 | JSON::XS | 20661.596 | 9541.183 | |
1236 | JSON::XS/2 | 3869.998 | 4798.975 | |
1391 | JSON::XS/2 | 10683.403 | 9416.938 | |
1237 | JSON::XS/3 | 5862.880 | 4798.975 | |
1392 | JSON::XS/3 | 20661.596 | 9400.054 | |
1238 | Storable | 4445.002 | 5235.027 | |
1393 | Storable | 19765.806 | 10000.725 | |
1239 | -----------+------------+------------+ |
1394 | --------------+------------+------------+ |
1240 | |
1395 | |
1241 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
1396 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
1242 | decodes faster). |
1397 | decodes a bit faster). |
1243 | |
1398 | |
1244 | On large strings containing lots of high Unicode characters, some |
1399 | On large strings containing lots of high Unicode characters, some |
1245 | modules (such as JSON::PC) seem to decode faster than JSON::XS, but the |
1400 | modules (such as JSON::PC) seem to decode faster than JSON::XS, but the |
1246 | result will be broken due to missing (or wrong) Unicode handling. Others |
1401 | result will be broken due to missing (or wrong) Unicode handling. Others |
1247 | refuse to decode or encode properly, so it was impossible to prepare a |
1402 | refuse to decode or encode properly, so it was impossible to prepare a |
… | |
… | |
1282 | information you might want to make sure that exceptions thrown by |
1437 | information you might want to make sure that exceptions thrown by |
1283 | JSON::XS will not end up in front of untrusted eyes. |
1438 | JSON::XS will not end up in front of untrusted eyes. |
1284 | |
1439 | |
1285 | If you are using JSON::XS to return packets to consumption by JavaScript |
1440 | If you are using JSON::XS to return packets to consumption by JavaScript |
1286 | scripts in a browser you should have a look at |
1441 | scripts in a browser you should have a look at |
1287 | <http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
1442 | <http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> |
1288 | you are vulnerable to some common attack vectors (which really are |
1443 | to see whether you are vulnerable to some common attack vectors (which |
1289 | browser design bugs, but it is still you who will have to deal with it, |
1444 | really are browser design bugs, but it is still you who will have to |
1290 | as major browser developers care only for features, not about getting |
1445 | deal with it, as major browser developers care only for features, not |
1291 | security right). |
1446 | about getting security right). |
1292 | |
1447 | |
|
|
1448 | "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159) |
|
|
1449 | TL;DR: Due to security concerns, JSON::XS will not allow scalar data in |
|
|
1450 | JSON texts by default - you need to create your own JSON::XS object and |
|
|
1451 | enable "allow_nonref": |
|
|
1452 | |
|
|
1453 | my $json = JSON::XS->new->allow_nonref; |
|
|
1454 | |
|
|
1455 | $text = $json->encode ($data); |
|
|
1456 | $data = $json->decode ($text); |
|
|
1457 | |
|
|
1458 | The long version: JSON being an important and supposedly stable format, |
|
|
1459 | the IETF standardised it as RFC 4627 in 2006. Unfortunately, the |
|
|
1460 | inventor of JSON, Dougles Crockford, unilaterally changed the definition |
|
|
1461 | of JSON in javascript. Rather than create a fork, the IETF decided to |
|
|
1462 | standardise the new syntax (apparently, so Iw as told, without finding |
|
|
1463 | it very amusing). |
|
|
1464 | |
|
|
1465 | The biggest difference between thed original JSON and the new JSON is |
|
|
1466 | that the new JSON supports scalars (anything other than arrays and |
|
|
1467 | objects) at the toplevel of a JSON text. While this is strictly |
|
|
1468 | backwards compatible to older versions, it breaks a number of protocols |
|
|
1469 | that relied on sending JSON back-to-back, and is a minor security |
|
|
1470 | concern. |
|
|
1471 | |
|
|
1472 | For example, imagine you have two banks communicating, and on one side, |
|
|
1473 | trhe JSON coder gets upgraded. Two messages, such as 10 and 1000 might |
|
|
1474 | then be confused to mean 101000, something that couldn't happen in the |
|
|
1475 | original JSON, because niether of these messages would be valid JSON. |
|
|
1476 | |
|
|
1477 | If one side accepts these messages, then an upgrade in the coder on |
|
|
1478 | either side could result in this becoming exploitable. |
|
|
1479 | |
|
|
1480 | This module has always allowed these messages as an optional extension, |
|
|
1481 | by default disabled. The security concerns are the reason why the |
|
|
1482 | default is still disabled, but future versions might/will likely upgrade |
|
|
1483 | to the newer RFC as default format, so you are advised to check your |
|
|
1484 | implementation and/or override the default with "->allow_nonref (0)" to |
|
|
1485 | ensure that future versions are safe. |
|
|
1486 | |
|
|
1487 | INTEROPERABILITY WITH OTHER MODULES |
|
|
1488 | "JSON::XS" uses the Types::Serialiser module to provide boolean |
|
|
1489 | constants. That means that the JSON true and false values will be |
|
|
1490 | comaptible to true and false values of other modules that do the same, |
|
|
1491 | such as JSON::PP and CBOR::XS. |
|
|
1492 | |
|
|
1493 | INTEROPERABILITY WITH OTHER JSON DECODERS |
|
|
1494 | As long as you only serialise data that can be directly expressed in |
|
|
1495 | JSON, "JSON::XS" is incapable of generating invalid JSON output (modulo |
|
|
1496 | bugs, but "JSON::XS" has found more bugs in the official JSON testsuite |
|
|
1497 | (1) than the official JSON testsuite has found in "JSON::XS" (0)). |
|
|
1498 | |
|
|
1499 | When you have trouble decoding JSON generated by this module using other |
|
|
1500 | decoders, then it is very likely that you have an encoding mismatch or |
|
|
1501 | the other decoder is broken. |
|
|
1502 | |
|
|
1503 | When decoding, "JSON::XS" is strict by default and will likely catch all |
|
|
1504 | errors. There are currently two settings that change this: "relaxed" |
|
|
1505 | makes "JSON::XS" accept (but not generate) some non-standard extensions, |
|
|
1506 | and "allow_tags" will allow you to encode and decode Perl objects, at |
|
|
1507 | the cost of not outputting valid JSON anymore. |
|
|
1508 | |
|
|
1509 | TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS |
|
|
1510 | When you use "allow_tags" to use the extended (and also nonstandard and |
|
|
1511 | invalid) JSON syntax for serialised objects, and you still want to |
|
|
1512 | decode the generated When you want to serialise objects, you can run a |
|
|
1513 | regex to replace the tagged syntax by standard JSON arrays (it only |
|
|
1514 | works for "normal" package names without comma, newlines or single |
|
|
1515 | colons). First, the readable Perl version: |
|
|
1516 | |
|
|
1517 | # if your FREEZE methods return no values, you need this replace first: |
|
|
1518 | $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx; |
|
|
1519 | |
|
|
1520 | # this works for non-empty constructor arg lists: |
|
|
1521 | $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx; |
|
|
1522 | |
|
|
1523 | And here is a less readable version that is easy to adapt to other |
|
|
1524 | languages: |
|
|
1525 | |
|
|
1526 | $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g; |
|
|
1527 | |
|
|
1528 | Here is an ECMAScript version (same regex): |
|
|
1529 | |
|
|
1530 | json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,"); |
|
|
1531 | |
|
|
1532 | Since this syntax converts to standard JSON arrays, it might be hard to |
|
|
1533 | distinguish serialised objects from normal arrays. You can prepend a |
|
|
1534 | "magic number" as first array element to reduce chances of a collision: |
|
|
1535 | |
|
|
1536 | $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g; |
|
|
1537 | |
|
|
1538 | And after decoding the JSON text, you could walk the data structure |
|
|
1539 | looking for arrays with a first element of |
|
|
1540 | "XU1peReLzT4ggEllLanBYq4G9VzliwKF". |
|
|
1541 | |
|
|
1542 | The same approach can be used to create the tagged format with another |
|
|
1543 | encoder. First, you create an array with the magic string as first |
|
|
1544 | member, the classname as second, and constructor arguments last, encode |
|
|
1545 | it as part of your JSON structure, and then: |
|
|
1546 | |
|
|
1547 | $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g; |
|
|
1548 | |
|
|
1549 | Again, this has some limitations - the magic string must not be encoded |
|
|
1550 | with character escapes, and the constructor arguments must be non-empty. |
|
|
1551 | |
|
|
1552 | RFC7159 |
|
|
1553 | Since this module was written, Google has written a new JSON RFC, RFC |
|
|
1554 | 7159 (and RFC7158). Unfortunately, this RFC breaks compatibility with |
|
|
1555 | both the original JSON specification on www.json.org and RFC4627. |
|
|
1556 | |
|
|
1557 | As far as I can see, you can get partial compatibility when parsing by |
|
|
1558 | using "->allow_nonref". However, consider the security implications of |
|
|
1559 | doing so. |
|
|
1560 | |
|
|
1561 | I haven't decided yet when to break compatibility with RFC4627 by |
|
|
1562 | default (and potentially leave applications insecure) and change the |
|
|
1563 | default to follow RFC7159, but application authors are well advised to |
|
|
1564 | call "->allow_nonref(0)" even if this is the current default, if they |
|
|
1565 | cannot handle non-reference values, in preparation for the day when the |
|
|
1566 | default will change. |
|
|
1567 | |
1293 | THREADS |
1568 | (I-)THREADS |
1294 | This module is *not* guaranteed to be thread safe and there are no plans |
1569 | This module is *not* guaranteed to be ithread (or MULTIPLICITY-) safe |
1295 | to change this until Perl gets thread support (as opposed to the |
1570 | and there are no plans to change this. Note that perl's builtin |
1296 | horribly slow so-called "threads" which are simply slow and bloated |
1571 | so-called theeads/ithreads are officially deprecated and should not be |
1297 | process simulations - use fork, it's *much* faster, cheaper, better). |
1572 | used. |
1298 | |
1573 | |
1299 | (It might actually work, but you have been warned). |
1574 | THE PERILS OF SETLOCALE |
|
|
1575 | Sometimes people avoid the Perl locale support and directly call the |
|
|
1576 | system's setlocale function with "LC_ALL". |
|
|
1577 | |
|
|
1578 | This breaks both perl and modules such as JSON::XS, as stringification |
|
|
1579 | of numbers no longer works correctly (e.g. "$x = 0.1; print "$x"+1" |
|
|
1580 | might print 1, and JSON::XS might output illegal JSON as JSON::XS relies |
|
|
1581 | on perl to stringify numbers). |
|
|
1582 | |
|
|
1583 | The solution is simple: don't call "setlocale", or use it for only those |
|
|
1584 | categories you need, such as "LC_MESSAGES" or "LC_CTYPE". |
|
|
1585 | |
|
|
1586 | If you need "LC_NUMERIC", you should enable it only around the code that |
|
|
1587 | actually needs it (avoiding stringification of numbers), and restore it |
|
|
1588 | afterwards. |
1300 | |
1589 | |
1301 | BUGS |
1590 | BUGS |
1302 | While the goal of this module is to be correct, that unfortunately does |
1591 | While the goal of this module is to be correct, that unfortunately does |
1303 | not mean it's bug-free, only that I think its design is bug-free. If you |
1592 | not mean it's bug-free, only that I think its design is bug-free. If you |
1304 | keep reporting bugs they will be fixed swiftly, though. |
1593 | keep reporting bugs they will be fixed swiftly, though. |