… | |
… | |
40 | |
40 | |
41 | =head2 FEATURES |
41 | =head2 FEATURES |
42 | |
42 | |
43 | =over 4 |
43 | =over 4 |
44 | |
44 | |
45 | =item * correct unicode handling |
45 | =item * correct Unicode handling |
46 | |
46 | |
47 | This module knows how to handle Unicode, and even documents how and when |
47 | This module knows how to handle Unicode, and even documents how and when |
48 | it does so. |
48 | it does so. |
49 | |
49 | |
50 | =item * round-trip integrity |
50 | =item * round-trip integrity |
… | |
… | |
70 | This module has both a simple functional interface as well as an OO |
70 | This module has both a simple functional interface as well as an OO |
71 | interface. |
71 | interface. |
72 | |
72 | |
73 | =item * reasonably versatile output formats |
73 | =item * reasonably versatile output formats |
74 | |
74 | |
75 | You can choose between the most compact guarenteed single-line format |
75 | You can choose between the most compact guaranteed single-line format |
76 | possible (nice for simple line-based protocols), a pure-ascii format |
76 | possible (nice for simple line-based protocols), a pure-ascii format |
77 | (for when your transport is not 8-bit clean, still supports the whole |
77 | (for when your transport is not 8-bit clean, still supports the whole |
78 | unicode range), or a pretty-printed format (for when you want to read that |
78 | Unicode range), or a pretty-printed format (for when you want to read that |
79 | stuff). Or you can combine those features in whatever way you like. |
79 | stuff). Or you can combine those features in whatever way you like. |
80 | |
80 | |
81 | =back |
81 | =back |
82 | |
82 | |
83 | =cut |
83 | =cut |
… | |
… | |
94 | use Exporter; |
94 | use Exporter; |
95 | use XSLoader; |
95 | use XSLoader; |
96 | |
96 | |
97 | =head1 FUNCTIONAL INTERFACE |
97 | =head1 FUNCTIONAL INTERFACE |
98 | |
98 | |
99 | The following convinience methods are provided by this module. They are |
99 | The following convenience methods are provided by this module. They are |
100 | exported by default: |
100 | exported by default: |
101 | |
101 | |
102 | =over 4 |
102 | =over 4 |
103 | |
103 | |
104 | =item $json_text = to_json $perl_scalar |
104 | =item $json_text = to_json $perl_scalar |
… | |
… | |
143 | |
143 | |
144 | =over 4 |
144 | =over 4 |
145 | |
145 | |
146 | =item 1. Perl strings can store characters with ordinal values > 255. |
146 | =item 1. Perl strings can store characters with ordinal values > 255. |
147 | |
147 | |
148 | This enables you to store unicode characters as single characters in a |
148 | This enables you to store Unicode characters as single characters in a |
149 | Perl string - very natural. |
149 | Perl string - very natural. |
150 | |
150 | |
151 | =item 2. Perl does I<not> associate an encoding with your strings. |
151 | =item 2. Perl does I<not> associate an encoding with your strings. |
152 | |
152 | |
153 | Unless you force it to, e.g. when matching it against a regex, or printing |
153 | Unless you force it to, e.g. when matching it against a regex, or printing |
… | |
… | |
160 | encoding of your string. |
160 | encoding of your string. |
161 | |
161 | |
162 | Just ignore that flag unless you debug a Perl bug, a module written in |
162 | Just ignore that flag unless you debug a Perl bug, a module written in |
163 | XS or want to dive into the internals of perl. Otherwise it will only |
163 | XS or want to dive into the internals of perl. Otherwise it will only |
164 | confuse you, as, despite the name, it says nothing about how your string |
164 | confuse you, as, despite the name, it says nothing about how your string |
165 | is encoded. You can have unicode strings with that flag set, with that |
165 | is encoded. You can have Unicode strings with that flag set, with that |
166 | flag clear, and you can have binary data with that flag set and that flag |
166 | flag clear, and you can have binary data with that flag set and that flag |
167 | clear. Other possibilities exist, too. |
167 | clear. Other possibilities exist, too. |
168 | |
168 | |
169 | If you didn't know about that flag, just the better, pretend it doesn't |
169 | If you didn't know about that flag, just the better, pretend it doesn't |
170 | exist. |
170 | exist. |
… | |
… | |
175 | If you have UTF-8 encoded data, it is no longer a Unicode string, but a |
175 | If you have UTF-8 encoded data, it is no longer a Unicode string, but a |
176 | Unicode string encoded in UTF-8, giving you a binary string. |
176 | Unicode string encoded in UTF-8, giving you a binary string. |
177 | |
177 | |
178 | =item 5. A string containing "high" (> 255) character values is I<not> a UTF-8 string. |
178 | =item 5. A string containing "high" (> 255) character values is I<not> a UTF-8 string. |
179 | |
179 | |
180 | Its a fact. Learn to live with it. |
180 | It's a fact. Learn to live with it. |
181 | |
181 | |
182 | =back |
182 | =back |
183 | |
183 | |
184 | I hope this helps :) |
184 | I hope this helps :) |
185 | |
185 | |
… | |
… | |
204 | |
204 | |
205 | =item $json = $json->ascii ([$enable]) |
205 | =item $json = $json->ascii ([$enable]) |
206 | |
206 | |
207 | If C<$enable> is true (or missing), then the C<encode> method will not |
207 | If C<$enable> is true (or missing), then the C<encode> method will not |
208 | generate characters outside the code range C<0..127> (which is ASCII). Any |
208 | generate characters outside the code range C<0..127> (which is ASCII). Any |
209 | unicode characters outside that range will be escaped using either a |
209 | Unicode characters outside that range will be escaped using either a |
210 | single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL escape sequence, |
210 | single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL escape sequence, |
211 | as per RFC4627. The resulting encoded JSON text can be treated as a native |
211 | as per RFC4627. The resulting encoded JSON text can be treated as a native |
212 | unicode string, an ascii-encoded, latin1-encoded or UTF-8 encoded string, |
212 | Unicode string, an ascii-encoded, latin1-encoded or UTF-8 encoded string, |
213 | or any other superset of ASCII. |
213 | or any other superset of ASCII. |
214 | |
214 | |
215 | If C<$enable> is false, then the C<encode> method will not escape Unicode |
215 | If C<$enable> is false, then the C<encode> method will not escape Unicode |
216 | characters unless required by the JSON syntax or other flags. This results |
216 | characters unless required by the JSON syntax or other flags. This results |
217 | in a faster and more compact format. |
217 | in a faster and more compact format. |
… | |
… | |
226 | =item $json = $json->latin1 ([$enable]) |
226 | =item $json = $json->latin1 ([$enable]) |
227 | |
227 | |
228 | If C<$enable> is true (or missing), then the C<encode> method will encode |
228 | If C<$enable> is true (or missing), then the C<encode> method will encode |
229 | the resulting JSON text as latin1 (or iso-8859-1), escaping any characters |
229 | the resulting JSON text as latin1 (or iso-8859-1), escaping any characters |
230 | outside the code range C<0..255>. The resulting string can be treated as a |
230 | outside the code range C<0..255>. The resulting string can be treated as a |
231 | latin1-encoded JSON text or a native unicode string. The C<decode> method |
231 | latin1-encoded JSON text or a native Unicode string. The C<decode> method |
232 | will not be affected in any way by this flag, as C<decode> by default |
232 | will not be affected in any way by this flag, as C<decode> by default |
233 | expects unicode, which is a strict superset of latin1. |
233 | expects Unicode, which is a strict superset of latin1. |
234 | |
234 | |
235 | If C<$enable> is false, then the C<encode> method will not escape Unicode |
235 | If C<$enable> is false, then the C<encode> method will not escape Unicode |
236 | characters unless required by the JSON syntax or other flags. |
236 | characters unless required by the JSON syntax or other flags. |
237 | |
237 | |
238 | The main use for this flag is efficiently encoding binary data as JSON |
238 | The main use for this flag is efficiently encoding binary data as JSON |
239 | text, as most octets will not be escaped, resulting in a smaller encoded |
239 | text, as most octets will not be escaped, resulting in a smaller encoded |
240 | size. The disadvantage is that the resulting JSON text is encoded |
240 | size. The disadvantage is that the resulting JSON text is encoded |
241 | in latin1 (and must correctly be treated as such when storing and |
241 | in latin1 (and must correctly be treated as such when storing and |
242 | transfering), a rare encoding for JSON. It is therefore most useful when |
242 | transferring), a rare encoding for JSON. It is therefore most useful when |
243 | you want to store data structures known to contain binary data efficiently |
243 | you want to store data structures known to contain binary data efficiently |
244 | in files or databases, not when talking to other JSON encoders/decoders. |
244 | in files or databases, not when talking to other JSON encoders/decoders. |
245 | |
245 | |
246 | JSON::XS->new->latin1->encode (["\x{89}\x{abc}"] |
246 | JSON::XS->new->latin1->encode (["\x{89}\x{abc}"] |
247 | => ["\x{89}\\u0abc"] # (perl syntax, U+abc escaped, U+89 not) |
247 | => ["\x{89}\\u0abc"] # (perl syntax, U+abc escaped, U+89 not) |
… | |
… | |
255 | range C<0..255>, they are thus useful for bytewise/binary I/O. In future |
255 | range C<0..255>, they are thus useful for bytewise/binary I/O. In future |
256 | versions, enabling this option might enable autodetection of the UTF-16 |
256 | versions, enabling this option might enable autodetection of the UTF-16 |
257 | and UTF-32 encoding families, as described in RFC4627. |
257 | and UTF-32 encoding families, as described in RFC4627. |
258 | |
258 | |
259 | If C<$enable> is false, then the C<encode> method will return the JSON |
259 | If C<$enable> is false, then the C<encode> method will return the JSON |
260 | string as a (non-encoded) unicode string, while C<decode> expects thus a |
260 | string as a (non-encoded) Unicode string, while C<decode> expects thus a |
261 | unicode string. Any decoding or encoding (e.g. to UTF-8 or UTF-16) needs |
261 | Unicode string. Any decoding or encoding (e.g. to UTF-8 or UTF-16) needs |
262 | to be done yourself, e.g. using the Encode module. |
262 | to be done yourself, e.g. using the Encode module. |
263 | |
263 | |
264 | Example, output UTF-16BE-encoded JSON: |
264 | Example, output UTF-16BE-encoded JSON: |
265 | |
265 | |
266 | use Encode; |
266 | use Encode; |
… | |
… | |
290 | |
290 | |
291 | =item $json = $json->indent ([$enable]) |
291 | =item $json = $json->indent ([$enable]) |
292 | |
292 | |
293 | If C<$enable> is true (or missing), then the C<encode> method will use a multiline |
293 | If C<$enable> is true (or missing), then the C<encode> method will use a multiline |
294 | format as output, putting every array member or object/hash key-value pair |
294 | format as output, putting every array member or object/hash key-value pair |
295 | into its own line, identing them properly. |
295 | into its own line, indenting them properly. |
296 | |
296 | |
297 | If C<$enable> is false, no newlines or indenting will be produced, and the |
297 | If C<$enable> is false, no newlines or indenting will be produced, and the |
298 | resulting JSON text is guarenteed not to contain any C<newlines>. |
298 | resulting JSON text is guaranteed not to contain any C<newlines>. |
299 | |
299 | |
300 | This setting has no effect when decoding JSON texts. |
300 | This setting has no effect when decoding JSON texts. |
301 | |
301 | |
302 | =item $json = $json->space_before ([$enable]) |
302 | =item $json = $json->space_before ([$enable]) |
303 | |
303 | |
… | |
… | |
384 | pairs in the order Perl stores them (which will likely change between runs |
384 | pairs in the order Perl stores them (which will likely change between runs |
385 | of the same script). |
385 | of the same script). |
386 | |
386 | |
387 | This option is useful if you want the same data structure to be encoded as |
387 | This option is useful if you want the same data structure to be encoded as |
388 | the same JSON text (given the same overall settings). If it is disabled, |
388 | the same JSON text (given the same overall settings). If it is disabled, |
389 | the same hash migh be encoded differently even if contains the same data, |
389 | the same hash might be encoded differently even if contains the same data, |
390 | as key-value pairs have no inherent ordering in Perl. |
390 | as key-value pairs have no inherent ordering in Perl. |
391 | |
391 | |
392 | This setting has no effect when decoding JSON texts. |
392 | This setting has no effect when decoding JSON texts. |
393 | |
393 | |
394 | =item $json = $json->allow_nonref ([$enable]) |
394 | =item $json = $json->allow_nonref ([$enable]) |
… | |
… | |
411 | |
411 | |
412 | =item $json = $json->allow_blessed ([$enable]) |
412 | =item $json = $json->allow_blessed ([$enable]) |
413 | |
413 | |
414 | If C<$enable> is true (or missing), then the C<encode> method will not |
414 | If C<$enable> is true (or missing), then the C<encode> method will not |
415 | barf when it encounters a blessed reference. Instead, the value of the |
415 | barf when it encounters a blessed reference. Instead, the value of the |
416 | B<convert_blessed> option will decide wether C<null> (C<convert_blessed> |
416 | B<convert_blessed> option will decide whether C<null> (C<convert_blessed> |
417 | disabled or no C<to_json> method found) or a representation of the |
417 | disabled or no C<to_json> method found) or a representation of the |
418 | object (C<convert_blessed> enabled and C<to_json> method found) is being |
418 | object (C<convert_blessed> enabled and C<to_json> method found) is being |
419 | encoded. Has no effect on C<decode>. |
419 | encoded. Has no effect on C<decode>. |
420 | |
420 | |
421 | If C<$enable> is false (the default), then C<encode> will throw an |
421 | If C<$enable> is false (the default), then C<encode> will throw an |
… | |
… | |
486 | |
486 | |
487 | As this callback gets called less often then the C<filter_json_object> |
487 | As this callback gets called less often then the C<filter_json_object> |
488 | one, decoding speed will not usually suffer as much. Therefore, single-key |
488 | one, decoding speed will not usually suffer as much. Therefore, single-key |
489 | objects make excellent targets to serialise Perl objects into, especially |
489 | objects make excellent targets to serialise Perl objects into, especially |
490 | as single-key JSON objects are as close to the type-tagged value concept |
490 | as single-key JSON objects are as close to the type-tagged value concept |
491 | as JSON gets (its basically an ID/VALUE tuple). Of course, JSON does not |
491 | as JSON gets (it's basically an ID/VALUE tuple). Of course, JSON does not |
492 | support this in any way, so you need to make sure your data never looks |
492 | support this in any way, so you need to make sure your data never looks |
493 | like a serialised Perl hash. |
493 | like a serialised Perl hash. |
494 | |
494 | |
495 | Typical names for the single object key are C<__class_whatever__>, or |
495 | Typical names for the single object key are C<__class_whatever__>, or |
496 | C<$__dollars_are_rarely_used__$> or C<}ugly_brace_placement>, or even |
496 | C<$__dollars_are_rarely_used__$> or C<}ugly_brace_placement>, or even |
… | |
… | |
623 | vice versa. These mappings are designed to "do the right thing" in most |
623 | vice versa. These mappings are designed to "do the right thing" in most |
624 | circumstances automatically, preserving round-tripping characteristics |
624 | circumstances automatically, preserving round-tripping characteristics |
625 | (what you put in comes out as something equivalent). |
625 | (what you put in comes out as something equivalent). |
626 | |
626 | |
627 | For the more enlightened: note that in the following descriptions, |
627 | For the more enlightened: note that in the following descriptions, |
628 | lowercase I<perl> refers to the Perl interpreter, while uppcercase I<Perl> |
628 | lowercase I<perl> refers to the Perl interpreter, while uppercase I<Perl> |
629 | refers to the abstract Perl language itself. |
629 | refers to the abstract Perl language itself. |
630 | |
630 | |
631 | |
631 | |
632 | =head2 JSON -> PERL |
632 | =head2 JSON -> PERL |
633 | |
633 | |
634 | =over 4 |
634 | =over 4 |
635 | |
635 | |
636 | =item object |
636 | =item object |
637 | |
637 | |
638 | A JSON object becomes a reference to a hash in Perl. No ordering of object |
638 | A JSON object becomes a reference to a hash in Perl. No ordering of object |
639 | keys is preserved (JSON does not preserver object key ordering itself). |
639 | keys is preserved (JSON does not preserve object key ordering itself). |
640 | |
640 | |
641 | =item array |
641 | =item array |
642 | |
642 | |
643 | A JSON array becomes a reference to an array in Perl. |
643 | A JSON array becomes a reference to an array in Perl. |
644 | |
644 | |
… | |
… | |
670 | |
670 | |
671 | =item true, false |
671 | =item true, false |
672 | |
672 | |
673 | These JSON atoms become C<JSON::XS::true> and C<JSON::XS::false>, |
673 | These JSON atoms become C<JSON::XS::true> and C<JSON::XS::false>, |
674 | respectively. They are overloaded to act almost exactly like the numbers |
674 | respectively. They are overloaded to act almost exactly like the numbers |
675 | C<1> and C<0>. You can check wether a scalar is a JSON boolean by using |
675 | C<1> and C<0>. You can check whether a scalar is a JSON boolean by using |
676 | the C<JSON::XS::is_bool> function. |
676 | the C<JSON::XS::is_bool> function. |
677 | |
677 | |
678 | =item null |
678 | =item null |
679 | |
679 | |
680 | A JSON null atom becomes C<undef> in Perl. |
680 | A JSON null atom becomes C<undef> in Perl. |
… | |
… | |
743 | to_json [$value] # yields ["5"] |
743 | to_json [$value] # yields ["5"] |
744 | |
744 | |
745 | # undef becomes null |
745 | # undef becomes null |
746 | to_json [undef] # yields [null] |
746 | to_json [undef] # yields [null] |
747 | |
747 | |
748 | You can force the type to be a string by stringifying it: |
748 | You can force the type to be a JSON string by stringifying it: |
749 | |
749 | |
750 | my $x = 3.1; # some variable containing a number |
750 | my $x = 3.1; # some variable containing a number |
751 | "$x"; # stringified |
751 | "$x"; # stringified |
752 | $x .= ""; # another, more awkward way to stringify |
752 | $x .= ""; # another, more awkward way to stringify |
753 | print $x; # perl does it for you, too, quite often |
753 | print $x; # perl does it for you, too, quite often |
754 | |
754 | |
755 | You can force the type to be a number by numifying it: |
755 | You can force the type to be a JSON number by numifying it: |
756 | |
756 | |
757 | my $x = "3"; # some variable containing a string |
757 | my $x = "3"; # some variable containing a string |
758 | $x += 0; # numify it, ensuring it will be dumped as a number |
758 | $x += 0; # numify it, ensuring it will be dumped as a number |
759 | $x *= 1; # same thing, the choise is yours. |
759 | $x *= 1; # same thing, the choice is yours. |
760 | |
760 | |
761 | You can not currently output JSON booleans or force the type in other, |
761 | You can not currently force the type in other, less obscure, ways. Tell me |
762 | less obscure, ways. Tell me if you need this capability. |
762 | if you need this capability. |
763 | |
763 | |
764 | =back |
764 | =back |
765 | |
765 | |
766 | |
766 | |
767 | =head1 COMPARISON |
767 | =head1 COMPARISON |
… | |
… | |
776 | |
776 | |
777 | =item JSON 1.07 |
777 | =item JSON 1.07 |
778 | |
778 | |
779 | Slow (but very portable, as it is written in pure Perl). |
779 | Slow (but very portable, as it is written in pure Perl). |
780 | |
780 | |
781 | Undocumented/buggy Unicode handling (how JSON handles unicode values is |
781 | Undocumented/buggy Unicode handling (how JSON handles Unicode values is |
782 | undocumented. One can get far by feeding it unicode strings and doing |
782 | undocumented. One can get far by feeding it Unicode strings and doing |
783 | en-/decoding oneself, but unicode escapes are not working properly). |
783 | en-/decoding oneself, but Unicode escapes are not working properly). |
784 | |
784 | |
785 | No roundtripping (strings get clobbered if they look like numbers, e.g. |
785 | No roundtripping (strings get clobbered if they look like numbers, e.g. |
786 | the string C<2.0> will encode to C<2.0> instead of C<"2.0">, and that will |
786 | the string C<2.0> will encode to C<2.0> instead of C<"2.0">, and that will |
787 | decode into the number 2. |
787 | decode into the number 2. |
788 | |
788 | |
… | |
… | |
810 | Very inflexible (no human-readable format supported, format pretty much |
810 | Very inflexible (no human-readable format supported, format pretty much |
811 | undocumented. I need at least a format for easy reading by humans and a |
811 | undocumented. I need at least a format for easy reading by humans and a |
812 | single-line compact format for use in a protocol, and preferably a way to |
812 | single-line compact format for use in a protocol, and preferably a way to |
813 | generate ASCII-only JSON texts). |
813 | generate ASCII-only JSON texts). |
814 | |
814 | |
815 | Completely broken (and confusingly documented) Unicode handling (unicode |
815 | Completely broken (and confusingly documented) Unicode handling (Unicode |
816 | escapes are not working properly, you need to set ImplicitUnicode to |
816 | escapes are not working properly, you need to set ImplicitUnicode to |
817 | I<different> values on en- and decoding to get symmetric behaviour). |
817 | I<different> values on en- and decoding to get symmetric behaviour). |
818 | |
818 | |
819 | No roundtripping (simple cases work, but this depends on wether the scalar |
819 | No roundtripping (simple cases work, but this depends on whether the scalar |
820 | value was used in a numeric context or not). |
820 | value was used in a numeric context or not). |
821 | |
821 | |
822 | Dumping hashes may skip hash values depending on iterator state. |
822 | Dumping hashes may skip hash values depending on iterator state. |
823 | |
823 | |
824 | Unmaintained (maintainer unresponsive for many months, bugs are not |
824 | Unmaintained (maintainer unresponsive for many months, bugs are not |
825 | getting fixed). |
825 | getting fixed). |
826 | |
826 | |
827 | Does not check input for validity (i.e. will accept non-JSON input and |
827 | Does not check input for validity (i.e. will accept non-JSON input and |
828 | return "something" instead of raising an exception. This is a security |
828 | return "something" instead of raising an exception. This is a security |
829 | issue: imagine two banks transfering money between each other using |
829 | issue: imagine two banks transferring money between each other using |
830 | JSON. One bank might parse a given non-JSON request and deduct money, |
830 | JSON. One bank might parse a given non-JSON request and deduct money, |
831 | while the other might reject the transaction with a syntax error. While a |
831 | while the other might reject the transaction with a syntax error. While a |
832 | good protocol will at least recover, that is extra unnecessary work and |
832 | good protocol will at least recover, that is extra unnecessary work and |
833 | the transaction will still not succeed). |
833 | the transaction will still not succeed). |
834 | |
834 | |
835 | =item JSON::DWIW 0.04 |
835 | =item JSON::DWIW 0.04 |
836 | |
836 | |
837 | Very fast. Very natural. Very nice. |
837 | Very fast. Very natural. Very nice. |
838 | |
838 | |
839 | Undocumented unicode handling (but the best of the pack. Unicode escapes |
839 | Undocumented Unicode handling (but the best of the pack. Unicode escapes |
840 | still don't get parsed properly). |
840 | still don't get parsed properly). |
841 | |
841 | |
842 | Very inflexible. |
842 | Very inflexible. |
843 | |
843 | |
844 | No roundtripping. |
844 | No roundtripping. |
… | |
… | |
864 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
864 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
865 | |
865 | |
866 | This will usually generate JSON texts that also parse as valid |
866 | This will usually generate JSON texts that also parse as valid |
867 | YAML. Please note that YAML has hardcoded limits on (simple) object key |
867 | YAML. Please note that YAML has hardcoded limits on (simple) object key |
868 | lengths that JSON doesn't have, so you should make sure that your hash |
868 | lengths that JSON doesn't have, so you should make sure that your hash |
869 | keys are noticably shorter than the 1024 characters YAML allows. |
869 | keys are noticeably shorter than the 1024 characters YAML allows. |
870 | |
870 | |
871 | There might be other incompatibilities that I am not aware of. In general |
871 | There might be other incompatibilities that I am not aware of. In general |
872 | you should not try to generate YAML with a JSON generator or vice versa, |
872 | you should not try to generate YAML with a JSON generator or vice versa, |
873 | or try to parse JSON with a YAML parser or vice versa: chances are high |
873 | or try to parse JSON with a YAML parser or vice versa: chances are high |
874 | that you will run into severe interoperability problems. |
874 | that you will run into severe interoperability problems. |
… | |
… | |
906 | JSON::XS/3 | 338250.323 | 218453.333 | |
906 | JSON::XS/3 | 338250.323 | 218453.333 | |
907 | Storable | 16500.016 | 135300.129 | |
907 | Storable | 16500.016 | 135300.129 | |
908 | -----------+------------+------------+ |
908 | -----------+------------+------------+ |
909 | |
909 | |
910 | That is, JSON::XS is about five times faster than JSON::DWIW on encoding, |
910 | That is, JSON::XS is about five times faster than JSON::DWIW on encoding, |
911 | about three times faster on decoding, and over fourty times faster |
911 | about three times faster on decoding, and over forty times faster |
912 | than JSON, even with pretty-printing and key sorting. It also compares |
912 | than JSON, even with pretty-printing and key sorting. It also compares |
913 | favourably to Storable for small amounts of data. |
913 | favourably to Storable for small amounts of data. |
914 | |
914 | |
915 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
915 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
916 | search API (http://nanoref.com/yahooapis/mgPdGg): |
916 | search API (http://nanoref.com/yahooapis/mgPdGg): |
… | |
… | |
929 | -----------+------------+------------+ |
929 | -----------+------------+------------+ |
930 | |
930 | |
931 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
931 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
932 | decodes faster). |
932 | decodes faster). |
933 | |
933 | |
934 | On large strings containing lots of high unicode characters, some modules |
934 | On large strings containing lots of high Unicode characters, some modules |
935 | (such as JSON::PC) seem to decode faster than JSON::XS, but the result |
935 | (such as JSON::PC) seem to decode faster than JSON::XS, but the result |
936 | will be broken due to missing (or wrong) unicode handling. Others refuse |
936 | will be broken due to missing (or wrong) Unicode handling. Others refuse |
937 | to decode or encode properly, so it was impossible to prepare a fair |
937 | to decode or encode properly, so it was impossible to prepare a fair |
938 | comparison table for that case. |
938 | comparison table for that case. |
939 | |
939 | |
940 | |
940 | |
941 | =head1 SECURITY CONSIDERATIONS |
941 | =head1 SECURITY CONSIDERATIONS |
… | |
… | |
947 | any buffer overflows. Obviously, this module should ensure that and I am |
947 | any buffer overflows. Obviously, this module should ensure that and I am |
948 | trying hard on making that true, but you never know. |
948 | trying hard on making that true, but you never know. |
949 | |
949 | |
950 | Second, you need to avoid resource-starving attacks. That means you should |
950 | Second, you need to avoid resource-starving attacks. That means you should |
951 | limit the size of JSON texts you accept, or make sure then when your |
951 | limit the size of JSON texts you accept, or make sure then when your |
952 | resources run out, thats just fine (e.g. by using a separate process that |
952 | resources run out, that's just fine (e.g. by using a separate process that |
953 | can crash safely). The size of a JSON text in octets or characters is |
953 | can crash safely). The size of a JSON text in octets or characters is |
954 | usually a good indication of the size of the resources required to decode |
954 | usually a good indication of the size of the resources required to decode |
955 | it into a Perl structure. While JSON::XS can check the size of the JSON |
955 | it into a Perl structure. While JSON::XS can check the size of the JSON |
956 | text, it might be too late when you already have it in memory, so you |
956 | text, it might be too late when you already have it in memory, so you |
957 | might want to check the size before you accept the string. |
957 | might want to check the size before you accept the string. |
… | |
… | |
968 | And last but least, something else could bomb you that I forgot to think |
968 | And last but least, something else could bomb you that I forgot to think |
969 | of. In that case, you get to keep the pieces. I am always open for hints, |
969 | of. In that case, you get to keep the pieces. I am always open for hints, |
970 | though... |
970 | though... |
971 | |
971 | |
972 | If you are using JSON::XS to return packets to consumption |
972 | If you are using JSON::XS to return packets to consumption |
973 | by javascript scripts in a browser you should have a look at |
973 | by JavaScript scripts in a browser you should have a look at |
974 | L<http://jpsykes.com/47/practical-csrf-and-json-security> to see wether |
974 | L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
975 | you are vulnerable to some common attack vectors (which really are browser |
975 | you are vulnerable to some common attack vectors (which really are browser |
976 | design bugs, but it is still you who will have to deal with it, as major |
976 | design bugs, but it is still you who will have to deal with it, as major |
977 | browser developers care only for features, not about doing security |
977 | browser developers care only for features, not about doing security |
978 | right). |
978 | right). |
979 | |
979 | |
980 | |
980 | |
981 | =head1 THREADS |
981 | =head1 THREADS |
982 | |
982 | |
983 | This module is I<not> guarenteed to be thread safe and there are no |
983 | This module is I<not> guaranteed to be thread safe and there are no |
984 | plans to change this until Perl gets thread support (as opposed to the |
984 | plans to change this until Perl gets thread support (as opposed to the |
985 | horribly slow so-called "threads" which are simply slow and bloated |
985 | horribly slow so-called "threads" which are simply slow and bloated |
986 | process simulations - use fork, its I<much> faster, cheaper, better). |
986 | process simulations - use fork, its I<much> faster, cheaper, better). |
987 | |
987 | |
988 | (It might actually work, but you ahve ben warned). |
988 | (It might actually work, but you have been warned). |
989 | |
989 | |
990 | |
990 | |
991 | =head1 BUGS |
991 | =head1 BUGS |
992 | |
992 | |
993 | While the goal of this module is to be correct, that unfortunately does |
993 | While the goal of this module is to be correct, that unfortunately does |