1 |
=head1 NAME |
2 |
|
3 |
JSON::XS - JSON serialising/deserialising, done correctly and fast |
4 |
|
5 |
=encoding utf-8 |
6 |
|
7 |
JSON::XS - 正しくて高速な JSON シリアライザ/デシリアライザ |
8 |
(http://fleur.hio.jp/perldoc/mix/lib/JSON/XS.html) |
9 |
|
10 |
=head1 SYNOPSIS |
11 |
|
12 |
use JSON::XS; |
13 |
|
14 |
# exported functions, they croak on error |
15 |
# and expect/generate UTF-8 |
16 |
|
17 |
$utf8_encoded_json_text = encode_json $perl_hash_or_arrayref; |
18 |
$perl_hash_or_arrayref = decode_json $utf8_encoded_json_text; |
19 |
|
20 |
# OO-interface |
21 |
|
22 |
$coder = JSON::XS->new->ascii->pretty->allow_nonref; |
23 |
$pretty_printed_unencoded = $coder->encode ($perl_scalar); |
24 |
$perl_scalar = $coder->decode ($unicode_json_text); |
25 |
|
26 |
# Note that JSON version 2.0 and above will automatically use JSON::XS |
27 |
# if available, at virtually no speed overhead either, so you should |
28 |
# be able to just: |
29 |
|
30 |
use JSON; |
31 |
|
32 |
# and do the same things, except that you have a pure-perl fallback now. |
33 |
|
34 |
=head1 DESCRIPTION |
35 |
|
36 |
This module converts Perl data structures to JSON and vice versa. Its |
37 |
primary goal is to be I<correct> and its secondary goal is to be |
38 |
I<fast>. To reach the latter goal it was written in C. |
39 |
|
40 |
Beginning with version 2.0 of the JSON module, when both JSON and |
41 |
JSON::XS are installed, then JSON will fall back on JSON::XS (this can be |
42 |
overridden) with no overhead due to emulation (by inheriting constructor |
43 |
and methods). If JSON::XS is not available, it will fall back to the |
44 |
compatible JSON::PP module as backend, so using JSON instead of JSON::XS |
45 |
gives you a portable JSON API that can be fast when you need and doesn't |
46 |
require a C compiler when that is a problem. |
47 |
|
48 |
As this is the n-th-something JSON module on CPAN, what was the reason |
49 |
to write yet another JSON module? While it seems there are many JSON |
50 |
modules, none of them correctly handle all corner cases, and in most cases |
51 |
their maintainers are unresponsive, gone missing, or not listening to bug |
52 |
reports for other reasons. |
53 |
|
54 |
See MAPPING, below, on how JSON::XS maps perl values to JSON values and |
55 |
vice versa. |
56 |
|
57 |
=head2 FEATURES |
58 |
|
59 |
=over 4 |
60 |
|
61 |
=item * correct Unicode handling |
62 |
|
63 |
This module knows how to handle Unicode, documents how and when it does |
64 |
so, and even documents what "correct" means. |
65 |
|
66 |
=item * round-trip integrity |
67 |
|
68 |
When you serialise a perl data structure using only data types supported |
69 |
by JSON and Perl, the deserialised data structure is identical on the Perl |
70 |
level. (e.g. the string "2.0" doesn't suddenly become "2" just because |
71 |
it looks like a number). There I<are> minor exceptions to this, read the |
72 |
MAPPING section below to learn about those. |
73 |
|
74 |
=item * strict checking of JSON correctness |
75 |
|
76 |
There is no guessing, no generating of illegal JSON texts by default, |
77 |
and only JSON is accepted as input by default (the latter is a security |
78 |
feature). |
79 |
|
80 |
=item * fast |
81 |
|
82 |
Compared to other JSON modules and other serialisers such as Storable, |
83 |
this module usually compares favourably in terms of speed, too. |
84 |
|
85 |
=item * simple to use |
86 |
|
87 |
This module has both a simple functional interface as well as an object |
88 |
oriented interface. |
89 |
|
90 |
=item * reasonably versatile output formats |
91 |
|
92 |
You can choose between the most compact guaranteed-single-line format |
93 |
possible (nice for simple line-based protocols), a pure-ASCII format |
94 |
(for when your transport is not 8-bit clean, still supports the whole |
95 |
Unicode range), or a pretty-printed format (for when you want to read that |
96 |
stuff). Or you can combine those features in whatever way you like. |
97 |
|
98 |
=back |
99 |
|
100 |
=cut |
101 |
|
102 |
package JSON::XS; |
103 |
|
104 |
use common::sense; |
105 |
|
106 |
our $VERSION = 3.02; |
107 |
our @ISA = qw(Exporter); |
108 |
|
109 |
our @EXPORT = qw(encode_json decode_json); |
110 |
|
111 |
use Exporter; |
112 |
use XSLoader; |
113 |
|
114 |
use Types::Serialiser (); |
115 |
|
116 |
=head1 FUNCTIONAL INTERFACE |
117 |
|
118 |
The following convenience methods are provided by this module. They are |
119 |
exported by default: |
120 |
|
121 |
=over 4 |
122 |
|
123 |
=item $json_text = encode_json $perl_scalar |
124 |
|
125 |
Converts the given Perl data structure to a UTF-8 encoded, binary string |
126 |
(that is, the string contains octets only). Croaks on error. |
127 |
|
128 |
This function call is functionally identical to: |
129 |
|
130 |
$json_text = JSON::XS->new->utf8->encode ($perl_scalar) |
131 |
|
132 |
Except being faster. |
133 |
|
134 |
=item $perl_scalar = decode_json $json_text |
135 |
|
136 |
The opposite of C<encode_json>: expects an UTF-8 (binary) string and tries |
137 |
to parse that as an UTF-8 encoded JSON text, returning the resulting |
138 |
reference. Croaks on error. |
139 |
|
140 |
This function call is functionally identical to: |
141 |
|
142 |
$perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
143 |
|
144 |
Except being faster. |
145 |
|
146 |
=back |
147 |
|
148 |
|
149 |
=head1 A FEW NOTES ON UNICODE AND PERL |
150 |
|
151 |
Since this often leads to confusion, here are a few very clear words on |
152 |
how Unicode works in Perl, modulo bugs. |
153 |
|
154 |
=over 4 |
155 |
|
156 |
=item 1. Perl strings can store characters with ordinal values > 255. |
157 |
|
158 |
This enables you to store Unicode characters as single characters in a |
159 |
Perl string - very natural. |
160 |
|
161 |
=item 2. Perl does I<not> associate an encoding with your strings. |
162 |
|
163 |
... until you force it to, e.g. when matching it against a regex, or |
164 |
printing the scalar to a file, in which case Perl either interprets your |
165 |
string as locale-encoded text, octets/binary, or as Unicode, depending |
166 |
on various settings. In no case is an encoding stored together with your |
167 |
data, it is I<use> that decides encoding, not any magical meta data. |
168 |
|
169 |
=item 3. The internal utf-8 flag has no meaning with regards to the |
170 |
encoding of your string. |
171 |
|
172 |
Just ignore that flag unless you debug a Perl bug, a module written in |
173 |
XS or want to dive into the internals of perl. Otherwise it will only |
174 |
confuse you, as, despite the name, it says nothing about how your string |
175 |
is encoded. You can have Unicode strings with that flag set, with that |
176 |
flag clear, and you can have binary data with that flag set and that flag |
177 |
clear. Other possibilities exist, too. |
178 |
|
179 |
If you didn't know about that flag, just the better, pretend it doesn't |
180 |
exist. |
181 |
|
182 |
=item 4. A "Unicode String" is simply a string where each character can be |
183 |
validly interpreted as a Unicode code point. |
184 |
|
185 |
If you have UTF-8 encoded data, it is no longer a Unicode string, but a |
186 |
Unicode string encoded in UTF-8, giving you a binary string. |
187 |
|
188 |
=item 5. A string containing "high" (> 255) character values is I<not> a UTF-8 string. |
189 |
|
190 |
It's a fact. Learn to live with it. |
191 |
|
192 |
=back |
193 |
|
194 |
I hope this helps :) |
195 |
|
196 |
|
197 |
=head1 OBJECT-ORIENTED INTERFACE |
198 |
|
199 |
The object oriented interface lets you configure your own encoding or |
200 |
decoding style, within the limits of supported formats. |
201 |
|
202 |
=over 4 |
203 |
|
204 |
=item $json = new JSON::XS |
205 |
|
206 |
Creates a new JSON::XS object that can be used to de/encode JSON |
207 |
strings. All boolean flags described below are by default I<disabled>. |
208 |
|
209 |
The mutators for flags all return the JSON object again and thus calls can |
210 |
be chained: |
211 |
|
212 |
my $json = JSON::XS->new->utf8->space_after->encode ({a => [1,2]}) |
213 |
=> {"a": [1, 2]} |
214 |
|
215 |
=item $json = $json->ascii ([$enable]) |
216 |
|
217 |
=item $enabled = $json->get_ascii |
218 |
|
219 |
If C<$enable> is true (or missing), then the C<encode> method will not |
220 |
generate characters outside the code range C<0..127> (which is ASCII). Any |
221 |
Unicode characters outside that range will be escaped using either a |
222 |
single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL escape sequence, |
223 |
as per RFC4627. The resulting encoded JSON text can be treated as a native |
224 |
Unicode string, an ascii-encoded, latin1-encoded or UTF-8 encoded string, |
225 |
or any other superset of ASCII. |
226 |
|
227 |
If C<$enable> is false, then the C<encode> method will not escape Unicode |
228 |
characters unless required by the JSON syntax or other flags. This results |
229 |
in a faster and more compact format. |
230 |
|
231 |
See also the section I<ENCODING/CODESET FLAG NOTES> later in this |
232 |
document. |
233 |
|
234 |
The main use for this flag is to produce JSON texts that can be |
235 |
transmitted over a 7-bit channel, as the encoded JSON texts will not |
236 |
contain any 8 bit characters. |
237 |
|
238 |
JSON::XS->new->ascii (1)->encode ([chr 0x10401]) |
239 |
=> ["\ud801\udc01"] |
240 |
|
241 |
=item $json = $json->latin1 ([$enable]) |
242 |
|
243 |
=item $enabled = $json->get_latin1 |
244 |
|
245 |
If C<$enable> is true (or missing), then the C<encode> method will encode |
246 |
the resulting JSON text as latin1 (or iso-8859-1), escaping any characters |
247 |
outside the code range C<0..255>. The resulting string can be treated as a |
248 |
latin1-encoded JSON text or a native Unicode string. The C<decode> method |
249 |
will not be affected in any way by this flag, as C<decode> by default |
250 |
expects Unicode, which is a strict superset of latin1. |
251 |
|
252 |
If C<$enable> is false, then the C<encode> method will not escape Unicode |
253 |
characters unless required by the JSON syntax or other flags. |
254 |
|
255 |
See also the section I<ENCODING/CODESET FLAG NOTES> later in this |
256 |
document. |
257 |
|
258 |
The main use for this flag is efficiently encoding binary data as JSON |
259 |
text, as most octets will not be escaped, resulting in a smaller encoded |
260 |
size. The disadvantage is that the resulting JSON text is encoded |
261 |
in latin1 (and must correctly be treated as such when storing and |
262 |
transferring), a rare encoding for JSON. It is therefore most useful when |
263 |
you want to store data structures known to contain binary data efficiently |
264 |
in files or databases, not when talking to other JSON encoders/decoders. |
265 |
|
266 |
JSON::XS->new->latin1->encode (["\x{89}\x{abc}"] |
267 |
=> ["\x{89}\\u0abc"] # (perl syntax, U+abc escaped, U+89 not) |
268 |
|
269 |
=item $json = $json->utf8 ([$enable]) |
270 |
|
271 |
=item $enabled = $json->get_utf8 |
272 |
|
273 |
If C<$enable> is true (or missing), then the C<encode> method will encode |
274 |
the JSON result into UTF-8, as required by many protocols, while the |
275 |
C<decode> method expects to be handled an UTF-8-encoded string. Please |
276 |
note that UTF-8-encoded strings do not contain any characters outside the |
277 |
range C<0..255>, they are thus useful for bytewise/binary I/O. In future |
278 |
versions, enabling this option might enable autodetection of the UTF-16 |
279 |
and UTF-32 encoding families, as described in RFC4627. |
280 |
|
281 |
If C<$enable> is false, then the C<encode> method will return the JSON |
282 |
string as a (non-encoded) Unicode string, while C<decode> expects thus a |
283 |
Unicode string. Any decoding or encoding (e.g. to UTF-8 or UTF-16) needs |
284 |
to be done yourself, e.g. using the Encode module. |
285 |
|
286 |
See also the section I<ENCODING/CODESET FLAG NOTES> later in this |
287 |
document. |
288 |
|
289 |
Example, output UTF-16BE-encoded JSON: |
290 |
|
291 |
use Encode; |
292 |
$jsontext = encode "UTF-16BE", JSON::XS->new->encode ($object); |
293 |
|
294 |
Example, decode UTF-32LE-encoded JSON: |
295 |
|
296 |
use Encode; |
297 |
$object = JSON::XS->new->decode (decode "UTF-32LE", $jsontext); |
298 |
|
299 |
=item $json = $json->pretty ([$enable]) |
300 |
|
301 |
This enables (or disables) all of the C<indent>, C<space_before> and |
302 |
C<space_after> (and in the future possibly more) flags in one call to |
303 |
generate the most readable (or most compact) form possible. |
304 |
|
305 |
Example, pretty-print some simple structure: |
306 |
|
307 |
my $json = JSON::XS->new->pretty(1)->encode ({a => [1,2]}) |
308 |
=> |
309 |
{ |
310 |
"a" : [ |
311 |
1, |
312 |
2 |
313 |
] |
314 |
} |
315 |
|
316 |
=item $json = $json->indent ([$enable]) |
317 |
|
318 |
=item $enabled = $json->get_indent |
319 |
|
320 |
If C<$enable> is true (or missing), then the C<encode> method will use a multiline |
321 |
format as output, putting every array member or object/hash key-value pair |
322 |
into its own line, indenting them properly. |
323 |
|
324 |
If C<$enable> is false, no newlines or indenting will be produced, and the |
325 |
resulting JSON text is guaranteed not to contain any C<newlines>. |
326 |
|
327 |
This setting has no effect when decoding JSON texts. |
328 |
|
329 |
=item $json = $json->space_before ([$enable]) |
330 |
|
331 |
=item $enabled = $json->get_space_before |
332 |
|
333 |
If C<$enable> is true (or missing), then the C<encode> method will add an extra |
334 |
optional space before the C<:> separating keys from values in JSON objects. |
335 |
|
336 |
If C<$enable> is false, then the C<encode> method will not add any extra |
337 |
space at those places. |
338 |
|
339 |
This setting has no effect when decoding JSON texts. You will also |
340 |
most likely combine this setting with C<space_after>. |
341 |
|
342 |
Example, space_before enabled, space_after and indent disabled: |
343 |
|
344 |
{"key" :"value"} |
345 |
|
346 |
=item $json = $json->space_after ([$enable]) |
347 |
|
348 |
=item $enabled = $json->get_space_after |
349 |
|
350 |
If C<$enable> is true (or missing), then the C<encode> method will add an extra |
351 |
optional space after the C<:> separating keys from values in JSON objects |
352 |
and extra whitespace after the C<,> separating key-value pairs and array |
353 |
members. |
354 |
|
355 |
If C<$enable> is false, then the C<encode> method will not add any extra |
356 |
space at those places. |
357 |
|
358 |
This setting has no effect when decoding JSON texts. |
359 |
|
360 |
Example, space_before and indent disabled, space_after enabled: |
361 |
|
362 |
{"key": "value"} |
363 |
|
364 |
=item $json = $json->relaxed ([$enable]) |
365 |
|
366 |
=item $enabled = $json->get_relaxed |
367 |
|
368 |
If C<$enable> is true (or missing), then C<decode> will accept some |
369 |
extensions to normal JSON syntax (see below). C<encode> will not be |
370 |
affected in anyway. I<Be aware that this option makes you accept invalid |
371 |
JSON texts as if they were valid!>. I suggest only to use this option to |
372 |
parse application-specific files written by humans (configuration files, |
373 |
resource files etc.) |
374 |
|
375 |
If C<$enable> is false (the default), then C<decode> will only accept |
376 |
valid JSON texts. |
377 |
|
378 |
Currently accepted extensions are: |
379 |
|
380 |
=over 4 |
381 |
|
382 |
=item * list items can have an end-comma |
383 |
|
384 |
JSON I<separates> array elements and key-value pairs with commas. This |
385 |
can be annoying if you write JSON texts manually and want to be able to |
386 |
quickly append elements, so this extension accepts comma at the end of |
387 |
such items not just between them: |
388 |
|
389 |
[ |
390 |
1, |
391 |
2, <- this comma not normally allowed |
392 |
] |
393 |
{ |
394 |
"k1": "v1", |
395 |
"k2": "v2", <- this comma not normally allowed |
396 |
} |
397 |
|
398 |
=item * shell-style '#'-comments |
399 |
|
400 |
Whenever JSON allows whitespace, shell-style comments are additionally |
401 |
allowed. They are terminated by the first carriage-return or line-feed |
402 |
character, after which more white-space and comments are allowed. |
403 |
|
404 |
[ |
405 |
1, # this comment not allowed in JSON |
406 |
# neither this one... |
407 |
] |
408 |
|
409 |
=item * literal ASCII TAB characters in strings |
410 |
|
411 |
Literal ASCII TAB characters are now allowed in strings (and treated as |
412 |
C<\t>). |
413 |
|
414 |
[ |
415 |
"Hello\tWorld", |
416 |
"Hello<TAB>World", # literal <TAB> would not normally be allowed |
417 |
] |
418 |
|
419 |
=back |
420 |
|
421 |
=item $json = $json->canonical ([$enable]) |
422 |
|
423 |
=item $enabled = $json->get_canonical |
424 |
|
425 |
If C<$enable> is true (or missing), then the C<encode> method will output JSON objects |
426 |
by sorting their keys. This is adding a comparatively high overhead. |
427 |
|
428 |
If C<$enable> is false, then the C<encode> method will output key-value |
429 |
pairs in the order Perl stores them (which will likely change between runs |
430 |
of the same script, and can change even within the same run from 5.18 |
431 |
onwards). |
432 |
|
433 |
This option is useful if you want the same data structure to be encoded as |
434 |
the same JSON text (given the same overall settings). If it is disabled, |
435 |
the same hash might be encoded differently even if contains the same data, |
436 |
as key-value pairs have no inherent ordering in Perl. |
437 |
|
438 |
This setting has no effect when decoding JSON texts. |
439 |
|
440 |
This setting has currently no effect on tied hashes. |
441 |
|
442 |
=item $json = $json->allow_nonref ([$enable]) |
443 |
|
444 |
=item $enabled = $json->get_allow_nonref |
445 |
|
446 |
If C<$enable> is true (or missing), then the C<encode> method can convert a |
447 |
non-reference into its corresponding string, number or null JSON value, |
448 |
which is an extension to RFC4627. Likewise, C<decode> will accept those JSON |
449 |
values instead of croaking. |
450 |
|
451 |
If C<$enable> is false, then the C<encode> method will croak if it isn't |
452 |
passed an arrayref or hashref, as JSON texts must either be an object |
453 |
or array. Likewise, C<decode> will croak if given something that is not a |
454 |
JSON object or array. |
455 |
|
456 |
Example, encode a Perl scalar as JSON value with enabled C<allow_nonref>, |
457 |
resulting in an invalid JSON text: |
458 |
|
459 |
JSON::XS->new->allow_nonref->encode ("Hello, World!") |
460 |
=> "Hello, World!" |
461 |
|
462 |
=item $json = $json->allow_unknown ([$enable]) |
463 |
|
464 |
=item $enabled = $json->get_allow_unknown |
465 |
|
466 |
If C<$enable> is true (or missing), then C<encode> will I<not> throw an |
467 |
exception when it encounters values it cannot represent in JSON (for |
468 |
example, filehandles) but instead will encode a JSON C<null> value. Note |
469 |
that blessed objects are not included here and are handled separately by |
470 |
c<allow_nonref>. |
471 |
|
472 |
If C<$enable> is false (the default), then C<encode> will throw an |
473 |
exception when it encounters anything it cannot encode as JSON. |
474 |
|
475 |
This option does not affect C<decode> in any way, and it is recommended to |
476 |
leave it off unless you know your communications partner. |
477 |
|
478 |
=item $json = $json->allow_blessed ([$enable]) |
479 |
|
480 |
=item $enabled = $json->get_allow_blessed |
481 |
|
482 |
See L<OBJECT SERIALISATION> for details. |
483 |
|
484 |
If C<$enable> is true (or missing), then the C<encode> method will not |
485 |
barf when it encounters a blessed reference that it cannot convert |
486 |
otherwise. Instead, a JSON C<null> value is encoded instead of the object. |
487 |
|
488 |
If C<$enable> is false (the default), then C<encode> will throw an |
489 |
exception when it encounters a blessed object that it cannot convert |
490 |
otherwise. |
491 |
|
492 |
This setting has no effect on C<decode>. |
493 |
|
494 |
=item $json = $json->convert_blessed ([$enable]) |
495 |
|
496 |
=item $enabled = $json->get_convert_blessed |
497 |
|
498 |
See L<OBJECT SERIALISATION> for details. |
499 |
|
500 |
If C<$enable> is true (or missing), then C<encode>, upon encountering a |
501 |
blessed object, will check for the availability of the C<TO_JSON> method |
502 |
on the object's class. If found, it will be called in scalar context and |
503 |
the resulting scalar will be encoded instead of the object. |
504 |
|
505 |
The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON> |
506 |
returns other blessed objects, those will be handled in the same |
507 |
way. C<TO_JSON> must take care of not causing an endless recursion cycle |
508 |
(== crash) in this case. The name of C<TO_JSON> was chosen because other |
509 |
methods called by the Perl core (== not by the user of the object) are |
510 |
usually in upper case letters and to avoid collisions with any C<to_json> |
511 |
function or method. |
512 |
|
513 |
If C<$enable> is false (the default), then C<encode> will not consider |
514 |
this type of conversion. |
515 |
|
516 |
This setting has no effect on C<decode>. |
517 |
|
518 |
=item $json = $json->allow_tags ([$enable]) |
519 |
|
520 |
=item $enabled = $json->allow_tags |
521 |
|
522 |
See L<OBJECT SERIALISATION> for details. |
523 |
|
524 |
If C<$enable> is true (or missing), then C<encode>, upon encountering a |
525 |
blessed object, will check for the availability of the C<FREEZE> method on |
526 |
the object's class. If found, it will be used to serialise the object into |
527 |
a nonstandard tagged JSON value (that JSON decoders cannot decode). |
528 |
|
529 |
It also causes C<decode> to parse such tagged JSON values and deserialise |
530 |
them via a call to the C<THAW> method. |
531 |
|
532 |
If C<$enable> is false (the default), then C<encode> will not consider |
533 |
this type of conversion, and tagged JSON values will cause a parse error |
534 |
in C<decode>, as if tags were not part of the grammar. |
535 |
|
536 |
=item $json = $json->filter_json_object ([$coderef->($hashref)]) |
537 |
|
538 |
When C<$coderef> is specified, it will be called from C<decode> each |
539 |
time it decodes a JSON object. The only argument is a reference to the |
540 |
newly-created hash. If the code references returns a single scalar (which |
541 |
need not be a reference), this value (i.e. a copy of that scalar to avoid |
542 |
aliasing) is inserted into the deserialised data structure. If it returns |
543 |
an empty list (NOTE: I<not> C<undef>, which is a valid scalar), the |
544 |
original deserialised hash will be inserted. This setting can slow down |
545 |
decoding considerably. |
546 |
|
547 |
When C<$coderef> is omitted or undefined, any existing callback will |
548 |
be removed and C<decode> will not change the deserialised hash in any |
549 |
way. |
550 |
|
551 |
Example, convert all JSON objects into the integer 5: |
552 |
|
553 |
my $js = JSON::XS->new->filter_json_object (sub { 5 }); |
554 |
# returns [5] |
555 |
$js->decode ('[{}]') |
556 |
# throw an exception because allow_nonref is not enabled |
557 |
# so a lone 5 is not allowed. |
558 |
$js->decode ('{"a":1, "b":2}'); |
559 |
|
560 |
=item $json = $json->filter_json_single_key_object ($key [=> $coderef->($value)]) |
561 |
|
562 |
Works remotely similar to C<filter_json_object>, but is only called for |
563 |
JSON objects having a single key named C<$key>. |
564 |
|
565 |
This C<$coderef> is called before the one specified via |
566 |
C<filter_json_object>, if any. It gets passed the single value in the JSON |
567 |
object. If it returns a single value, it will be inserted into the data |
568 |
structure. If it returns nothing (not even C<undef> but the empty list), |
569 |
the callback from C<filter_json_object> will be called next, as if no |
570 |
single-key callback were specified. |
571 |
|
572 |
If C<$coderef> is omitted or undefined, the corresponding callback will be |
573 |
disabled. There can only ever be one callback for a given key. |
574 |
|
575 |
As this callback gets called less often then the C<filter_json_object> |
576 |
one, decoding speed will not usually suffer as much. Therefore, single-key |
577 |
objects make excellent targets to serialise Perl objects into, especially |
578 |
as single-key JSON objects are as close to the type-tagged value concept |
579 |
as JSON gets (it's basically an ID/VALUE tuple). Of course, JSON does not |
580 |
support this in any way, so you need to make sure your data never looks |
581 |
like a serialised Perl hash. |
582 |
|
583 |
Typical names for the single object key are C<__class_whatever__>, or |
584 |
C<$__dollars_are_rarely_used__$> or C<}ugly_brace_placement>, or even |
585 |
things like C<__class_md5sum(classname)__>, to reduce the risk of clashing |
586 |
with real hashes. |
587 |
|
588 |
Example, decode JSON objects of the form C<< { "__widget__" => <id> } >> |
589 |
into the corresponding C<< $WIDGET{<id>} >> object: |
590 |
|
591 |
# return whatever is in $WIDGET{5}: |
592 |
JSON::XS |
593 |
->new |
594 |
->filter_json_single_key_object (__widget__ => sub { |
595 |
$WIDGET{ $_[0] } |
596 |
}) |
597 |
->decode ('{"__widget__": 5') |
598 |
|
599 |
# this can be used with a TO_JSON method in some "widget" class |
600 |
# for serialisation to json: |
601 |
sub WidgetBase::TO_JSON { |
602 |
my ($self) = @_; |
603 |
|
604 |
unless ($self->{id}) { |
605 |
$self->{id} = ..get..some..id..; |
606 |
$WIDGET{$self->{id}} = $self; |
607 |
} |
608 |
|
609 |
{ __widget__ => $self->{id} } |
610 |
} |
611 |
|
612 |
=item $json = $json->shrink ([$enable]) |
613 |
|
614 |
=item $enabled = $json->get_shrink |
615 |
|
616 |
Perl usually over-allocates memory a bit when allocating space for |
617 |
strings. This flag optionally resizes strings generated by either |
618 |
C<encode> or C<decode> to their minimum size possible. This can save |
619 |
memory when your JSON texts are either very very long or you have many |
620 |
short strings. It will also try to downgrade any strings to octet-form |
621 |
if possible: perl stores strings internally either in an encoding called |
622 |
UTF-X or in octet-form. The latter cannot store everything but uses less |
623 |
space in general (and some buggy Perl or C code might even rely on that |
624 |
internal representation being used). |
625 |
|
626 |
The actual definition of what shrink does might change in future versions, |
627 |
but it will always try to save space at the expense of time. |
628 |
|
629 |
If C<$enable> is true (or missing), the string returned by C<encode> will |
630 |
be shrunk-to-fit, while all strings generated by C<decode> will also be |
631 |
shrunk-to-fit. |
632 |
|
633 |
If C<$enable> is false, then the normal perl allocation algorithms are used. |
634 |
If you work with your data, then this is likely to be faster. |
635 |
|
636 |
In the future, this setting might control other things, such as converting |
637 |
strings that look like integers or floats into integers or floats |
638 |
internally (there is no difference on the Perl level), saving space. |
639 |
|
640 |
=item $json = $json->max_depth ([$maximum_nesting_depth]) |
641 |
|
642 |
=item $max_depth = $json->get_max_depth |
643 |
|
644 |
Sets the maximum nesting level (default C<512>) accepted while encoding |
645 |
or decoding. If a higher nesting level is detected in JSON text or a Perl |
646 |
data structure, then the encoder and decoder will stop and croak at that |
647 |
point. |
648 |
|
649 |
Nesting level is defined by number of hash- or arrayrefs that the encoder |
650 |
needs to traverse to reach a given point or the number of C<{> or C<[> |
651 |
characters without their matching closing parenthesis crossed to reach a |
652 |
given character in a string. |
653 |
|
654 |
Setting the maximum depth to one disallows any nesting, so that ensures |
655 |
that the object is only a single hash/object or array. |
656 |
|
657 |
If no argument is given, the highest possible setting will be used, which |
658 |
is rarely useful. |
659 |
|
660 |
Note that nesting is implemented by recursion in C. The default value has |
661 |
been chosen to be as large as typical operating systems allow without |
662 |
crashing. |
663 |
|
664 |
See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
665 |
|
666 |
=item $json = $json->max_size ([$maximum_string_size]) |
667 |
|
668 |
=item $max_size = $json->get_max_size |
669 |
|
670 |
Set the maximum length a JSON text may have (in bytes) where decoding is |
671 |
being attempted. The default is C<0>, meaning no limit. When C<decode> |
672 |
is called on a string that is longer then this many bytes, it will not |
673 |
attempt to decode the string but throw an exception. This setting has no |
674 |
effect on C<encode> (yet). |
675 |
|
676 |
If no argument is given, the limit check will be deactivated (same as when |
677 |
C<0> is specified). |
678 |
|
679 |
See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
680 |
|
681 |
=item $json_text = $json->encode ($perl_scalar) |
682 |
|
683 |
Converts the given Perl value or data structure to its JSON |
684 |
representation. Croaks on error. |
685 |
|
686 |
=item $perl_scalar = $json->decode ($json_text) |
687 |
|
688 |
The opposite of C<encode>: expects a JSON text and tries to parse it, |
689 |
returning the resulting simple scalar or reference. Croaks on error. |
690 |
|
691 |
=item ($perl_scalar, $characters) = $json->decode_prefix ($json_text) |
692 |
|
693 |
This works like the C<decode> method, but instead of raising an exception |
694 |
when there is trailing garbage after the first JSON object, it will |
695 |
silently stop parsing there and return the number of characters consumed |
696 |
so far. |
697 |
|
698 |
This is useful if your JSON texts are not delimited by an outer protocol |
699 |
and you need to know where the JSON text ends. |
700 |
|
701 |
JSON::XS->new->decode_prefix ("[1] the tail") |
702 |
=> ([1], 3) |
703 |
|
704 |
=back |
705 |
|
706 |
|
707 |
=head1 INCREMENTAL PARSING |
708 |
|
709 |
In some cases, there is the need for incremental parsing of JSON |
710 |
texts. While this module always has to keep both JSON text and resulting |
711 |
Perl data structure in memory at one time, it does allow you to parse a |
712 |
JSON stream incrementally. It does so by accumulating text until it has |
713 |
a full JSON object, which it then can decode. This process is similar to |
714 |
using C<decode_prefix> to see if a full JSON object is available, but |
715 |
is much more efficient (and can be implemented with a minimum of method |
716 |
calls). |
717 |
|
718 |
JSON::XS will only attempt to parse the JSON text once it is sure it |
719 |
has enough text to get a decisive result, using a very simple but |
720 |
truly incremental parser. This means that it sometimes won't stop as |
721 |
early as the full parser, for example, it doesn't detect mismatched |
722 |
parentheses. The only thing it guarantees is that it starts decoding as |
723 |
soon as a syntactically valid JSON text has been seen. This means you need |
724 |
to set resource limits (e.g. C<max_size>) to ensure the parser will stop |
725 |
parsing in the presence if syntax errors. |
726 |
|
727 |
The following methods implement this incremental parser. |
728 |
|
729 |
=over 4 |
730 |
|
731 |
=item [void, scalar or list context] = $json->incr_parse ([$string]) |
732 |
|
733 |
This is the central parsing function. It can both append new text and |
734 |
extract objects from the stream accumulated so far (both of these |
735 |
functions are optional). |
736 |
|
737 |
If C<$string> is given, then this string is appended to the already |
738 |
existing JSON fragment stored in the C<$json> object. |
739 |
|
740 |
After that, if the function is called in void context, it will simply |
741 |
return without doing anything further. This can be used to add more text |
742 |
in as many chunks as you want. |
743 |
|
744 |
If the method is called in scalar context, then it will try to extract |
745 |
exactly I<one> JSON object. If that is successful, it will return this |
746 |
object, otherwise it will return C<undef>. If there is a parse error, |
747 |
this method will croak just as C<decode> would do (one can then use |
748 |
C<incr_skip> to skip the erroneous part). This is the most common way of |
749 |
using the method. |
750 |
|
751 |
And finally, in list context, it will try to extract as many objects |
752 |
from the stream as it can find and return them, or the empty list |
753 |
otherwise. For this to work, there must be no separators between the JSON |
754 |
objects or arrays, instead they must be concatenated back-to-back. If |
755 |
an error occurs, an exception will be raised as in the scalar context |
756 |
case. Note that in this case, any previously-parsed JSON texts will be |
757 |
lost. |
758 |
|
759 |
Example: Parse some JSON arrays/objects in a given string and return |
760 |
them. |
761 |
|
762 |
my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]"); |
763 |
|
764 |
=item $lvalue_string = $json->incr_text |
765 |
|
766 |
This method returns the currently stored JSON fragment as an lvalue, that |
767 |
is, you can manipulate it. This I<only> works when a preceding call to |
768 |
C<incr_parse> in I<scalar context> successfully returned an object. Under |
769 |
all other circumstances you must not call this function (I mean it. |
770 |
although in simple tests it might actually work, it I<will> fail under |
771 |
real world conditions). As a special exception, you can also call this |
772 |
method before having parsed anything. |
773 |
|
774 |
This function is useful in two cases: a) finding the trailing text after a |
775 |
JSON object or b) parsing multiple JSON objects separated by non-JSON text |
776 |
(such as commas). |
777 |
|
778 |
=item $json->incr_skip |
779 |
|
780 |
This will reset the state of the incremental parser and will remove |
781 |
the parsed text from the input buffer so far. This is useful after |
782 |
C<incr_parse> died, in which case the input buffer and incremental parser |
783 |
state is left unchanged, to skip the text parsed so far and to reset the |
784 |
parse state. |
785 |
|
786 |
The difference to C<incr_reset> is that only text until the parse error |
787 |
occurred is removed. |
788 |
|
789 |
=item $json->incr_reset |
790 |
|
791 |
This completely resets the incremental parser, that is, after this call, |
792 |
it will be as if the parser had never parsed anything. |
793 |
|
794 |
This is useful if you want to repeatedly parse JSON objects and want to |
795 |
ignore any trailing data, which means you have to reset the parser after |
796 |
each successful decode. |
797 |
|
798 |
=back |
799 |
|
800 |
=head2 LIMITATIONS |
801 |
|
802 |
All options that affect decoding are supported, except |
803 |
C<allow_nonref>. The reason for this is that it cannot be made to work |
804 |
sensibly: JSON objects and arrays are self-delimited, i.e. you can |
805 |
concatenate them back to back and still decode them perfectly. This does |
806 |
not hold true for JSON numbers, however. |
807 |
|
808 |
For example, is the string C<1> a single JSON number, or is it simply the |
809 |
start of C<12>? Or is C<12> a single JSON number, or the concatenation |
810 |
of C<1> and C<2>? In neither case you can tell, and this is why JSON::XS |
811 |
takes the conservative route and disallows this case. |
812 |
|
813 |
=head2 EXAMPLES |
814 |
|
815 |
Some examples will make all this clearer. First, a simple example that |
816 |
works similarly to C<decode_prefix>: We want to decode the JSON object at |
817 |
the start of a string and identify the portion after the JSON object: |
818 |
|
819 |
my $text = "[1,2,3] hello"; |
820 |
|
821 |
my $json = new JSON::XS; |
822 |
|
823 |
my $obj = $json->incr_parse ($text) |
824 |
or die "expected JSON object or array at beginning of string"; |
825 |
|
826 |
my $tail = $json->incr_text; |
827 |
# $tail now contains " hello" |
828 |
|
829 |
Easy, isn't it? |
830 |
|
831 |
Now for a more complicated example: Imagine a hypothetical protocol where |
832 |
you read some requests from a TCP stream, and each request is a JSON |
833 |
array, without any separation between them (in fact, it is often useful to |
834 |
use newlines as "separators", as these get interpreted as whitespace at |
835 |
the start of the JSON text, which makes it possible to test said protocol |
836 |
with C<telnet>...). |
837 |
|
838 |
Here is how you'd do it (it is trivial to write this in an event-based |
839 |
manner): |
840 |
|
841 |
my $json = new JSON::XS; |
842 |
|
843 |
# read some data from the socket |
844 |
while (sysread $socket, my $buf, 4096) { |
845 |
|
846 |
# split and decode as many requests as possible |
847 |
for my $request ($json->incr_parse ($buf)) { |
848 |
# act on the $request |
849 |
} |
850 |
} |
851 |
|
852 |
Another complicated example: Assume you have a string with JSON objects |
853 |
or arrays, all separated by (optional) comma characters (e.g. C<[1],[2], |
854 |
[3]>). To parse them, we have to skip the commas between the JSON texts, |
855 |
and here is where the lvalue-ness of C<incr_text> comes in useful: |
856 |
|
857 |
my $text = "[1],[2], [3]"; |
858 |
my $json = new JSON::XS; |
859 |
|
860 |
# void context, so no parsing done |
861 |
$json->incr_parse ($text); |
862 |
|
863 |
# now extract as many objects as possible. note the |
864 |
# use of scalar context so incr_text can be called. |
865 |
while (my $obj = $json->incr_parse) { |
866 |
# do something with $obj |
867 |
|
868 |
# now skip the optional comma |
869 |
$json->incr_text =~ s/^ \s* , //x; |
870 |
} |
871 |
|
872 |
Now lets go for a very complex example: Assume that you have a gigantic |
873 |
JSON array-of-objects, many gigabytes in size, and you want to parse it, |
874 |
but you cannot load it into memory fully (this has actually happened in |
875 |
the real world :). |
876 |
|
877 |
Well, you lost, you have to implement your own JSON parser. But JSON::XS |
878 |
can still help you: You implement a (very simple) array parser and let |
879 |
JSON decode the array elements, which are all full JSON objects on their |
880 |
own (this wouldn't work if the array elements could be JSON numbers, for |
881 |
example): |
882 |
|
883 |
my $json = new JSON::XS; |
884 |
|
885 |
# open the monster |
886 |
open my $fh, "<bigfile.json" |
887 |
or die "bigfile: $!"; |
888 |
|
889 |
# first parse the initial "[" |
890 |
for (;;) { |
891 |
sysread $fh, my $buf, 65536 |
892 |
or die "read error: $!"; |
893 |
$json->incr_parse ($buf); # void context, so no parsing |
894 |
|
895 |
# Exit the loop once we found and removed(!) the initial "[". |
896 |
# In essence, we are (ab-)using the $json object as a simple scalar |
897 |
# we append data to. |
898 |
last if $json->incr_text =~ s/^ \s* \[ //x; |
899 |
} |
900 |
|
901 |
# now we have the skipped the initial "[", so continue |
902 |
# parsing all the elements. |
903 |
for (;;) { |
904 |
# in this loop we read data until we got a single JSON object |
905 |
for (;;) { |
906 |
if (my $obj = $json->incr_parse) { |
907 |
# do something with $obj |
908 |
last; |
909 |
} |
910 |
|
911 |
# add more data |
912 |
sysread $fh, my $buf, 65536 |
913 |
or die "read error: $!"; |
914 |
$json->incr_parse ($buf); # void context, so no parsing |
915 |
} |
916 |
|
917 |
# in this loop we read data until we either found and parsed the |
918 |
# separating "," between elements, or the final "]" |
919 |
for (;;) { |
920 |
# first skip whitespace |
921 |
$json->incr_text =~ s/^\s*//; |
922 |
|
923 |
# if we find "]", we are done |
924 |
if ($json->incr_text =~ s/^\]//) { |
925 |
print "finished.\n"; |
926 |
exit; |
927 |
} |
928 |
|
929 |
# if we find ",", we can continue with the next element |
930 |
if ($json->incr_text =~ s/^,//) { |
931 |
last; |
932 |
} |
933 |
|
934 |
# if we find anything else, we have a parse error! |
935 |
if (length $json->incr_text) { |
936 |
die "parse error near ", $json->incr_text; |
937 |
} |
938 |
|
939 |
# else add more data |
940 |
sysread $fh, my $buf, 65536 |
941 |
or die "read error: $!"; |
942 |
$json->incr_parse ($buf); # void context, so no parsing |
943 |
} |
944 |
|
945 |
This is a complex example, but most of the complexity comes from the fact |
946 |
that we are trying to be correct (bear with me if I am wrong, I never ran |
947 |
the above example :). |
948 |
|
949 |
|
950 |
|
951 |
=head1 MAPPING |
952 |
|
953 |
This section describes how JSON::XS maps Perl values to JSON values and |
954 |
vice versa. These mappings are designed to "do the right thing" in most |
955 |
circumstances automatically, preserving round-tripping characteristics |
956 |
(what you put in comes out as something equivalent). |
957 |
|
958 |
For the more enlightened: note that in the following descriptions, |
959 |
lowercase I<perl> refers to the Perl interpreter, while uppercase I<Perl> |
960 |
refers to the abstract Perl language itself. |
961 |
|
962 |
|
963 |
=head2 JSON -> PERL |
964 |
|
965 |
=over 4 |
966 |
|
967 |
=item object |
968 |
|
969 |
A JSON object becomes a reference to a hash in Perl. No ordering of object |
970 |
keys is preserved (JSON does not preserve object key ordering itself). |
971 |
|
972 |
=item array |
973 |
|
974 |
A JSON array becomes a reference to an array in Perl. |
975 |
|
976 |
=item string |
977 |
|
978 |
A JSON string becomes a string scalar in Perl - Unicode codepoints in JSON |
979 |
are represented by the same codepoints in the Perl string, so no manual |
980 |
decoding is necessary. |
981 |
|
982 |
=item number |
983 |
|
984 |
A JSON number becomes either an integer, numeric (floating point) or |
985 |
string scalar in perl, depending on its range and any fractional parts. On |
986 |
the Perl level, there is no difference between those as Perl handles all |
987 |
the conversion details, but an integer may take slightly less memory and |
988 |
might represent more values exactly than floating point numbers. |
989 |
|
990 |
If the number consists of digits only, JSON::XS will try to represent |
991 |
it as an integer value. If that fails, it will try to represent it as |
992 |
a numeric (floating point) value if that is possible without loss of |
993 |
precision. Otherwise it will preserve the number as a string value (in |
994 |
which case you lose roundtripping ability, as the JSON number will be |
995 |
re-encoded to a JSON string). |
996 |
|
997 |
Numbers containing a fractional or exponential part will always be |
998 |
represented as numeric (floating point) values, possibly at a loss of |
999 |
precision (in which case you might lose perfect roundtripping ability, but |
1000 |
the JSON number will still be re-encoded as a JSON number). |
1001 |
|
1002 |
Note that precision is not accuracy - binary floating point values cannot |
1003 |
represent most decimal fractions exactly, and when converting from and to |
1004 |
floating point, JSON::XS only guarantees precision up to but not including |
1005 |
the least significant bit. |
1006 |
|
1007 |
=item true, false |
1008 |
|
1009 |
These JSON atoms become C<Types::Serialiser::true> and |
1010 |
C<Types::Serialiser::false>, respectively. They are overloaded to act |
1011 |
almost exactly like the numbers C<1> and C<0>. You can check whether |
1012 |
a scalar is a JSON boolean by using the C<Types::Serialiser::is_bool> |
1013 |
function (after C<use Types::Serialier>, of course). |
1014 |
|
1015 |
=item null |
1016 |
|
1017 |
A JSON null atom becomes C<undef> in Perl. |
1018 |
|
1019 |
=item shell-style comments (C<< # I<text> >>) |
1020 |
|
1021 |
As a nonstandard extension to the JSON syntax that is enabled by the |
1022 |
C<relaxed> setting, shell-style comments are allowed. They can start |
1023 |
anywhere outside strings and go till the end of the line. |
1024 |
|
1025 |
=item tagged values (C<< (I<tag>)I<value> >>). |
1026 |
|
1027 |
Another nonstandard extension to the JSON syntax, enabled with the |
1028 |
C<allow_tags> setting, are tagged values. In this implementation, the |
1029 |
I<tag> must be a perl package/class name encoded as a JSON string, and the |
1030 |
I<value> must be a JSON array encoding optional constructor arguments. |
1031 |
|
1032 |
See L<OBJECT SERIALISATION>, below, for details. |
1033 |
|
1034 |
=back |
1035 |
|
1036 |
|
1037 |
=head2 PERL -> JSON |
1038 |
|
1039 |
The mapping from Perl to JSON is slightly more difficult, as Perl is a |
1040 |
truly typeless language, so we can only guess which JSON type is meant by |
1041 |
a Perl value. |
1042 |
|
1043 |
=over 4 |
1044 |
|
1045 |
=item hash references |
1046 |
|
1047 |
Perl hash references become JSON objects. As there is no inherent |
1048 |
ordering in hash keys (or JSON objects), they will usually be encoded |
1049 |
in a pseudo-random order. JSON::XS can optionally sort the hash keys |
1050 |
(determined by the I<canonical> flag), so the same datastructure will |
1051 |
serialise to the same JSON text (given same settings and version of |
1052 |
JSON::XS), but this incurs a runtime overhead and is only rarely useful, |
1053 |
e.g. when you want to compare some JSON text against another for equality. |
1054 |
|
1055 |
=item array references |
1056 |
|
1057 |
Perl array references become JSON arrays. |
1058 |
|
1059 |
=item other references |
1060 |
|
1061 |
Other unblessed references are generally not allowed and will cause an |
1062 |
exception to be thrown, except for references to the integers C<0> and |
1063 |
C<1>, which get turned into C<false> and C<true> atoms in JSON. |
1064 |
|
1065 |
Since C<JSON::XS> uses the boolean model from L<Types::Serialiser>, you |
1066 |
can also C<use Types::Serialiser> and then use C<Types::Serialiser::false> |
1067 |
and C<Types::Serialiser::true> to improve readability. |
1068 |
|
1069 |
use Types::Serialiser; |
1070 |
encode_json [\0, Types::Serialiser::true] # yields [false,true] |
1071 |
|
1072 |
=item Types::Serialiser::true, Types::Serialiser::false |
1073 |
|
1074 |
These special values from the L<Types::Serialiser> module become JSON true |
1075 |
and JSON false values, respectively. You can also use C<\1> and C<\0> |
1076 |
directly if you want. |
1077 |
|
1078 |
=item blessed objects |
1079 |
|
1080 |
Blessed objects are not directly representable in JSON, but C<JSON::XS> |
1081 |
allows various ways of handling objects. See L<OBJECT SERIALISATION>, |
1082 |
below, for details. |
1083 |
|
1084 |
=item simple scalars |
1085 |
|
1086 |
Simple Perl scalars (any scalar that is not a reference) are the most |
1087 |
difficult objects to encode: JSON::XS will encode undefined scalars as |
1088 |
JSON C<null> values, scalars that have last been used in a string context |
1089 |
before encoding as JSON strings, and anything else as number value: |
1090 |
|
1091 |
# dump as number |
1092 |
encode_json [2] # yields [2] |
1093 |
encode_json [-3.0e17] # yields [-3e+17] |
1094 |
my $value = 5; encode_json [$value] # yields [5] |
1095 |
|
1096 |
# used as string, so dump as string |
1097 |
print $value; |
1098 |
encode_json [$value] # yields ["5"] |
1099 |
|
1100 |
# undef becomes null |
1101 |
encode_json [undef] # yields [null] |
1102 |
|
1103 |
You can force the type to be a JSON string by stringifying it: |
1104 |
|
1105 |
my $x = 3.1; # some variable containing a number |
1106 |
"$x"; # stringified |
1107 |
$x .= ""; # another, more awkward way to stringify |
1108 |
print $x; # perl does it for you, too, quite often |
1109 |
|
1110 |
You can force the type to be a JSON number by numifying it: |
1111 |
|
1112 |
my $x = "3"; # some variable containing a string |
1113 |
$x += 0; # numify it, ensuring it will be dumped as a number |
1114 |
$x *= 1; # same thing, the choice is yours. |
1115 |
|
1116 |
You can not currently force the type in other, less obscure, ways. Tell me |
1117 |
if you need this capability (but don't forget to explain why it's needed |
1118 |
:). |
1119 |
|
1120 |
Note that numerical precision has the same meaning as under Perl (so |
1121 |
binary to decimal conversion follows the same rules as in Perl, which |
1122 |
can differ to other languages). Also, your perl interpreter might expose |
1123 |
extensions to the floating point numbers of your platform, such as |
1124 |
infinities or NaN's - these cannot be represented in JSON, and it is an |
1125 |
error to pass those in. |
1126 |
|
1127 |
=back |
1128 |
|
1129 |
=head2 OBJECT SERIALISATION |
1130 |
|
1131 |
As JSON cannot directly represent Perl objects, you have to choose between |
1132 |
a pure JSON representation (without the ability to deserialise the object |
1133 |
automatically again), and a nonstandard extension to the JSON syntax, |
1134 |
tagged values. |
1135 |
|
1136 |
=head3 SERIALISATION |
1137 |
|
1138 |
What happens when C<JSON::XS> encounters a Perl object depends on the |
1139 |
C<allow_blessed>, C<convert_blessed> and C<allow_tags> settings, which are |
1140 |
used in this order: |
1141 |
|
1142 |
=over 4 |
1143 |
|
1144 |
=item 1. C<allow_tags> is enabled and the object has a C<FREEZE> method. |
1145 |
|
1146 |
In this case, C<JSON::XS> uses the L<Types::Serialiser> object |
1147 |
serialisation protocol to create a tagged JSON value, using a nonstandard |
1148 |
extension to the JSON syntax. |
1149 |
|
1150 |
This works by invoking the C<FREEZE> method on the object, with the first |
1151 |
argument being the object to serialise, and the second argument being the |
1152 |
constant string C<JSON> to distinguish it from other serialisers. |
1153 |
|
1154 |
The C<FREEZE> method can return any number of values (i.e. zero or |
1155 |
more). These values and the paclkage/classname of the object will then be |
1156 |
encoded as a tagged JSON value in the following format: |
1157 |
|
1158 |
("classname")[FREEZE return values...] |
1159 |
|
1160 |
e.g.: |
1161 |
|
1162 |
("URI")["http://www.google.com/"] |
1163 |
("MyDate")[2013,10,29] |
1164 |
("ImageData::JPEG")["Z3...VlCg=="] |
1165 |
|
1166 |
For example, the hypothetical C<My::Object> C<FREEZE> method might use the |
1167 |
objects C<type> and C<id> members to encode the object: |
1168 |
|
1169 |
sub My::Object::FREEZE { |
1170 |
my ($self, $serialiser) = @_; |
1171 |
|
1172 |
($self->{type}, $self->{id}) |
1173 |
} |
1174 |
|
1175 |
=item 2. C<convert_blessed> is enabled and the object has a C<TO_JSON> method. |
1176 |
|
1177 |
In this case, the C<TO_JSON> method of the object is invoked in scalar |
1178 |
context. It must return a single scalar that can be directly encoded into |
1179 |
JSON. This scalar replaces the object in the JSON text. |
1180 |
|
1181 |
For example, the following C<TO_JSON> method will convert all L<URI> |
1182 |
objects to JSON strings when serialised. The fatc that these values |
1183 |
originally were L<URI> objects is lost. |
1184 |
|
1185 |
sub URI::TO_JSON { |
1186 |
my ($uri) = @_; |
1187 |
$uri->as_string |
1188 |
} |
1189 |
|
1190 |
=item 3. C<allow_blessed> is enabled. |
1191 |
|
1192 |
The object will be serialised as a JSON null value. |
1193 |
|
1194 |
=item 4. none of the above |
1195 |
|
1196 |
If none of the settings are enabled or the respective methods are missing, |
1197 |
C<JSON::XS> throws an exception. |
1198 |
|
1199 |
=back |
1200 |
|
1201 |
=head3 DESERIALISATION |
1202 |
|
1203 |
For deserialisation there are only two cases to consider: either |
1204 |
nonstandard tagging was used, in which case C<allow_tags> decides, |
1205 |
or objects cannot be automatically be deserialised, in which |
1206 |
case you can use postprocessing or the C<filter_json_object> or |
1207 |
C<filter_json_single_key_object> callbacks to get some real objects our of |
1208 |
your JSON. |
1209 |
|
1210 |
This section only considers the tagged value case: I a tagged JSON object |
1211 |
is encountered during decoding and C<allow_tags> is disabled, a parse |
1212 |
error will result (as if tagged values were not part of the grammar). |
1213 |
|
1214 |
If C<allow_tags> is enabled, C<JSON::XS> will look up the C<THAW> method |
1215 |
of the package/classname used during serialisation (it will not attempt |
1216 |
to load the package as a Perl module). If there is no such method, the |
1217 |
decoding will fail with an error. |
1218 |
|
1219 |
Otherwise, the C<THAW> method is invoked with the classname as first |
1220 |
argument, the constant string C<JSON> as second argument, and all the |
1221 |
values from the JSON array (the values originally returned by the |
1222 |
C<FREEZE> method) as remaining arguments. |
1223 |
|
1224 |
The method must then return the object. While technically you can return |
1225 |
any Perl scalar, you might have to enable the C<enable_nonref> setting to |
1226 |
make that work in all cases, so better return an actual blessed reference. |
1227 |
|
1228 |
As an example, let's implement a C<THAW> function that regenerates the |
1229 |
C<My::Object> from the C<FREEZE> example earlier: |
1230 |
|
1231 |
sub My::Object::THAW { |
1232 |
my ($class, $serialiser, $type, $id) = @_; |
1233 |
|
1234 |
$class->new (type => $type, id => $id) |
1235 |
} |
1236 |
|
1237 |
|
1238 |
=head1 ENCODING/CODESET FLAG NOTES |
1239 |
|
1240 |
The interested reader might have seen a number of flags that signify |
1241 |
encodings or codesets - C<utf8>, C<latin1> and C<ascii>. There seems to be |
1242 |
some confusion on what these do, so here is a short comparison: |
1243 |
|
1244 |
C<utf8> controls whether the JSON text created by C<encode> (and expected |
1245 |
by C<decode>) is UTF-8 encoded or not, while C<latin1> and C<ascii> only |
1246 |
control whether C<encode> escapes character values outside their respective |
1247 |
codeset range. Neither of these flags conflict with each other, although |
1248 |
some combinations make less sense than others. |
1249 |
|
1250 |
Care has been taken to make all flags symmetrical with respect to |
1251 |
C<encode> and C<decode>, that is, texts encoded with any combination of |
1252 |
these flag values will be correctly decoded when the same flags are used |
1253 |
- in general, if you use different flag settings while encoding vs. when |
1254 |
decoding you likely have a bug somewhere. |
1255 |
|
1256 |
Below comes a verbose discussion of these flags. Note that a "codeset" is |
1257 |
simply an abstract set of character-codepoint pairs, while an encoding |
1258 |
takes those codepoint numbers and I<encodes> them, in our case into |
1259 |
octets. Unicode is (among other things) a codeset, UTF-8 is an encoding, |
1260 |
and ISO-8859-1 (= latin 1) and ASCII are both codesets I<and> encodings at |
1261 |
the same time, which can be confusing. |
1262 |
|
1263 |
=over 4 |
1264 |
|
1265 |
=item C<utf8> flag disabled |
1266 |
|
1267 |
When C<utf8> is disabled (the default), then C<encode>/C<decode> generate |
1268 |
and expect Unicode strings, that is, characters with high ordinal Unicode |
1269 |
values (> 255) will be encoded as such characters, and likewise such |
1270 |
characters are decoded as-is, no changes to them will be done, except |
1271 |
"(re-)interpreting" them as Unicode codepoints or Unicode characters, |
1272 |
respectively (to Perl, these are the same thing in strings unless you do |
1273 |
funny/weird/dumb stuff). |
1274 |
|
1275 |
This is useful when you want to do the encoding yourself (e.g. when you |
1276 |
want to have UTF-16 encoded JSON texts) or when some other layer does |
1277 |
the encoding for you (for example, when printing to a terminal using a |
1278 |
filehandle that transparently encodes to UTF-8 you certainly do NOT want |
1279 |
to UTF-8 encode your data first and have Perl encode it another time). |
1280 |
|
1281 |
=item C<utf8> flag enabled |
1282 |
|
1283 |
If the C<utf8>-flag is enabled, C<encode>/C<decode> will encode all |
1284 |
characters using the corresponding UTF-8 multi-byte sequence, and will |
1285 |
expect your input strings to be encoded as UTF-8, that is, no "character" |
1286 |
of the input string must have any value > 255, as UTF-8 does not allow |
1287 |
that. |
1288 |
|
1289 |
The C<utf8> flag therefore switches between two modes: disabled means you |
1290 |
will get a Unicode string in Perl, enabled means you get an UTF-8 encoded |
1291 |
octet/binary string in Perl. |
1292 |
|
1293 |
=item C<latin1> or C<ascii> flags enabled |
1294 |
|
1295 |
With C<latin1> (or C<ascii>) enabled, C<encode> will escape characters |
1296 |
with ordinal values > 255 (> 127 with C<ascii>) and encode the remaining |
1297 |
characters as specified by the C<utf8> flag. |
1298 |
|
1299 |
If C<utf8> is disabled, then the result is also correctly encoded in those |
1300 |
character sets (as both are proper subsets of Unicode, meaning that a |
1301 |
Unicode string with all character values < 256 is the same thing as a |
1302 |
ISO-8859-1 string, and a Unicode string with all character values < 128 is |
1303 |
the same thing as an ASCII string in Perl). |
1304 |
|
1305 |
If C<utf8> is enabled, you still get a correct UTF-8-encoded string, |
1306 |
regardless of these flags, just some more characters will be escaped using |
1307 |
C<\uXXXX> then before. |
1308 |
|
1309 |
Note that ISO-8859-1-I<encoded> strings are not compatible with UTF-8 |
1310 |
encoding, while ASCII-encoded strings are. That is because the ISO-8859-1 |
1311 |
encoding is NOT a subset of UTF-8 (despite the ISO-8859-1 I<codeset> being |
1312 |
a subset of Unicode), while ASCII is. |
1313 |
|
1314 |
Surprisingly, C<decode> will ignore these flags and so treat all input |
1315 |
values as governed by the C<utf8> flag. If it is disabled, this allows you |
1316 |
to decode ISO-8859-1- and ASCII-encoded strings, as both strict subsets of |
1317 |
Unicode. If it is enabled, you can correctly decode UTF-8 encoded strings. |
1318 |
|
1319 |
So neither C<latin1> nor C<ascii> are incompatible with the C<utf8> flag - |
1320 |
they only govern when the JSON output engine escapes a character or not. |
1321 |
|
1322 |
The main use for C<latin1> is to relatively efficiently store binary data |
1323 |
as JSON, at the expense of breaking compatibility with most JSON decoders. |
1324 |
|
1325 |
The main use for C<ascii> is to force the output to not contain characters |
1326 |
with values > 127, which means you can interpret the resulting string |
1327 |
as UTF-8, ISO-8859-1, ASCII, KOI8-R or most about any character set and |
1328 |
8-bit-encoding, and still get the same data structure back. This is useful |
1329 |
when your channel for JSON transfer is not 8-bit clean or the encoding |
1330 |
might be mangled in between (e.g. in mail), and works because ASCII is a |
1331 |
proper subset of most 8-bit and multibyte encodings in use in the world. |
1332 |
|
1333 |
=back |
1334 |
|
1335 |
|
1336 |
=head2 JSON and ECMAscript |
1337 |
|
1338 |
JSON syntax is based on how literals are represented in javascript (the |
1339 |
not-standardised predecessor of ECMAscript) which is presumably why it is |
1340 |
called "JavaScript Object Notation". |
1341 |
|
1342 |
However, JSON is not a subset (and also not a superset of course) of |
1343 |
ECMAscript (the standard) or javascript (whatever browsers actually |
1344 |
implement). |
1345 |
|
1346 |
If you want to use javascript's C<eval> function to "parse" JSON, you |
1347 |
might run into parse errors for valid JSON texts, or the resulting data |
1348 |
structure might not be queryable: |
1349 |
|
1350 |
One of the problems is that U+2028 and U+2029 are valid characters inside |
1351 |
JSON strings, but are not allowed in ECMAscript string literals, so the |
1352 |
following Perl fragment will not output something that can be guaranteed |
1353 |
to be parsable by javascript's C<eval>: |
1354 |
|
1355 |
use JSON::XS; |
1356 |
|
1357 |
print encode_json [chr 0x2028]; |
1358 |
|
1359 |
The right fix for this is to use a proper JSON parser in your javascript |
1360 |
programs, and not rely on C<eval> (see for example Douglas Crockford's |
1361 |
F<json2.js> parser). |
1362 |
|
1363 |
If this is not an option, you can, as a stop-gap measure, simply encode to |
1364 |
ASCII-only JSON: |
1365 |
|
1366 |
use JSON::XS; |
1367 |
|
1368 |
print JSON::XS->new->ascii->encode ([chr 0x2028]); |
1369 |
|
1370 |
Note that this will enlarge the resulting JSON text quite a bit if you |
1371 |
have many non-ASCII characters. You might be tempted to run some regexes |
1372 |
to only escape U+2028 and U+2029, e.g.: |
1373 |
|
1374 |
# DO NOT USE THIS! |
1375 |
my $json = JSON::XS->new->utf8->encode ([chr 0x2028]); |
1376 |
$json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028 |
1377 |
$json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029 |
1378 |
print $json; |
1379 |
|
1380 |
Note that I<this is a bad idea>: the above only works for U+2028 and |
1381 |
U+2029 and thus only for fully ECMAscript-compliant parsers. Many existing |
1382 |
javascript implementations, however, have issues with other characters as |
1383 |
well - using C<eval> naively simply I<will> cause problems. |
1384 |
|
1385 |
Another problem is that some javascript implementations reserve |
1386 |
some property names for their own purposes (which probably makes |
1387 |
them non-ECMAscript-compliant). For example, Iceweasel reserves the |
1388 |
C<__proto__> property name for its own purposes. |
1389 |
|
1390 |
If that is a problem, you could parse try to filter the resulting JSON |
1391 |
output for these property strings, e.g.: |
1392 |
|
1393 |
$json =~ s/"__proto__"\s*:/"__proto__renamed":/g; |
1394 |
|
1395 |
This works because C<__proto__> is not valid outside of strings, so every |
1396 |
occurrence of C<"__proto__"\s*:> must be a string used as property name. |
1397 |
|
1398 |
If you know of other incompatibilities, please let me know. |
1399 |
|
1400 |
|
1401 |
=head2 JSON and YAML |
1402 |
|
1403 |
You often hear that JSON is a subset of YAML. This is, however, a mass |
1404 |
hysteria(*) and very far from the truth (as of the time of this writing), |
1405 |
so let me state it clearly: I<in general, there is no way to configure |
1406 |
JSON::XS to output a data structure as valid YAML> that works in all |
1407 |
cases. |
1408 |
|
1409 |
If you really must use JSON::XS to generate YAML, you should use this |
1410 |
algorithm (subject to change in future versions): |
1411 |
|
1412 |
my $to_yaml = JSON::XS->new->utf8->space_after (1); |
1413 |
my $yaml = $to_yaml->encode ($ref) . "\n"; |
1414 |
|
1415 |
This will I<usually> generate JSON texts that also parse as valid |
1416 |
YAML. Please note that YAML has hardcoded limits on (simple) object key |
1417 |
lengths that JSON doesn't have and also has different and incompatible |
1418 |
unicode character escape syntax, so you should make sure that your hash |
1419 |
keys are noticeably shorter than the 1024 "stream characters" YAML allows |
1420 |
and that you do not have characters with codepoint values outside the |
1421 |
Unicode BMP (basic multilingual page). YAML also does not allow C<\/> |
1422 |
sequences in strings (which JSON::XS does not I<currently> generate, but |
1423 |
other JSON generators might). |
1424 |
|
1425 |
There might be other incompatibilities that I am not aware of (or the YAML |
1426 |
specification has been changed yet again - it does so quite often). In |
1427 |
general you should not try to generate YAML with a JSON generator or vice |
1428 |
versa, or try to parse JSON with a YAML parser or vice versa: chances are |
1429 |
high that you will run into severe interoperability problems when you |
1430 |
least expect it. |
1431 |
|
1432 |
=over 4 |
1433 |
|
1434 |
=item (*) |
1435 |
|
1436 |
I have been pressured multiple times by Brian Ingerson (one of the |
1437 |
authors of the YAML specification) to remove this paragraph, despite him |
1438 |
acknowledging that the actual incompatibilities exist. As I was personally |
1439 |
bitten by this "JSON is YAML" lie, I refused and said I will continue to |
1440 |
educate people about these issues, so others do not run into the same |
1441 |
problem again and again. After this, Brian called me a (quote)I<complete |
1442 |
and worthless idiot>(unquote). |
1443 |
|
1444 |
In my opinion, instead of pressuring and insulting people who actually |
1445 |
clarify issues with YAML and the wrong statements of some of its |
1446 |
proponents, I would kindly suggest reading the JSON spec (which is not |
1447 |
that difficult or long) and finally make YAML compatible to it, and |
1448 |
educating users about the changes, instead of spreading lies about the |
1449 |
real compatibility for many I<years> and trying to silence people who |
1450 |
point out that it isn't true. |
1451 |
|
1452 |
Addendum/2009: the YAML 1.2 spec is still incompatible with JSON, even |
1453 |
though the incompatibilities have been documented (and are known to Brian) |
1454 |
for many years and the spec makes explicit claims that YAML is a superset |
1455 |
of JSON. It would be so easy to fix, but apparently, bullying people and |
1456 |
corrupting userdata is so much easier. |
1457 |
|
1458 |
=back |
1459 |
|
1460 |
|
1461 |
=head2 SPEED |
1462 |
|
1463 |
It seems that JSON::XS is surprisingly fast, as shown in the following |
1464 |
tables. They have been generated with the help of the C<eg/bench> program |
1465 |
in the JSON::XS distribution, to make it easy to compare on your own |
1466 |
system. |
1467 |
|
1468 |
First comes a comparison between various modules using |
1469 |
a very short single-line JSON string (also available at |
1470 |
L<http://dist.schmorp.de/misc/json/short.json>). |
1471 |
|
1472 |
{"method": "handleMessage", "params": ["user1", |
1473 |
"we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7, |
1474 |
1, 0]} |
1475 |
|
1476 |
It shows the number of encodes/decodes per second (JSON::XS uses |
1477 |
the functional interface, while JSON::XS/2 uses the OO interface |
1478 |
with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables |
1479 |
shrink. JSON::DWIW/DS uses the deserialise function, while JSON::DWIW::FJ |
1480 |
uses the from_json method). Higher is better: |
1481 |
|
1482 |
module | encode | decode | |
1483 |
--------------|------------|------------| |
1484 |
JSON::DWIW/DS | 86302.551 | 102300.098 | |
1485 |
JSON::DWIW/FJ | 86302.551 | 75983.768 | |
1486 |
JSON::PP | 15827.562 | 6638.658 | |
1487 |
JSON::Syck | 63358.066 | 47662.545 | |
1488 |
JSON::XS | 511500.488 | 511500.488 | |
1489 |
JSON::XS/2 | 291271.111 | 388361.481 | |
1490 |
JSON::XS/3 | 361577.931 | 361577.931 | |
1491 |
Storable | 66788.280 | 265462.278 | |
1492 |
--------------+------------+------------+ |
1493 |
|
1494 |
That is, JSON::XS is almost six times faster than JSON::DWIW on encoding, |
1495 |
about five times faster on decoding, and over thirty to seventy times |
1496 |
faster than JSON's pure perl implementation. It also compares favourably |
1497 |
to Storable for small amounts of data. |
1498 |
|
1499 |
Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
1500 |
search API (L<http://dist.schmorp.de/misc/json/long.json>). |
1501 |
|
1502 |
module | encode | decode | |
1503 |
--------------|------------|------------| |
1504 |
JSON::DWIW/DS | 1647.927 | 2673.916 | |
1505 |
JSON::DWIW/FJ | 1630.249 | 2596.128 | |
1506 |
JSON::PP | 400.640 | 62.311 | |
1507 |
JSON::Syck | 1481.040 | 1524.869 | |
1508 |
JSON::XS | 20661.596 | 9541.183 | |
1509 |
JSON::XS/2 | 10683.403 | 9416.938 | |
1510 |
JSON::XS/3 | 20661.596 | 9400.054 | |
1511 |
Storable | 19765.806 | 10000.725 | |
1512 |
--------------+------------+------------+ |
1513 |
|
1514 |
Again, JSON::XS leads by far (except for Storable which non-surprisingly |
1515 |
decodes a bit faster). |
1516 |
|
1517 |
On large strings containing lots of high Unicode characters, some modules |
1518 |
(such as JSON::PC) seem to decode faster than JSON::XS, but the result |
1519 |
will be broken due to missing (or wrong) Unicode handling. Others refuse |
1520 |
to decode or encode properly, so it was impossible to prepare a fair |
1521 |
comparison table for that case. |
1522 |
|
1523 |
|
1524 |
=head1 SECURITY CONSIDERATIONS |
1525 |
|
1526 |
When you are using JSON in a protocol, talking to untrusted potentially |
1527 |
hostile creatures requires relatively few measures. |
1528 |
|
1529 |
First of all, your JSON decoder should be secure, that is, should not have |
1530 |
any buffer overflows. Obviously, this module should ensure that and I am |
1531 |
trying hard on making that true, but you never know. |
1532 |
|
1533 |
Second, you need to avoid resource-starving attacks. That means you should |
1534 |
limit the size of JSON texts you accept, or make sure then when your |
1535 |
resources run out, that's just fine (e.g. by using a separate process that |
1536 |
can crash safely). The size of a JSON text in octets or characters is |
1537 |
usually a good indication of the size of the resources required to decode |
1538 |
it into a Perl structure. While JSON::XS can check the size of the JSON |
1539 |
text, it might be too late when you already have it in memory, so you |
1540 |
might want to check the size before you accept the string. |
1541 |
|
1542 |
Third, JSON::XS recurses using the C stack when decoding objects and |
1543 |
arrays. The C stack is a limited resource: for instance, on my amd64 |
1544 |
machine with 8MB of stack size I can decode around 180k nested arrays but |
1545 |
only 14k nested JSON objects (due to perl itself recursing deeply on croak |
1546 |
to free the temporary). If that is exceeded, the program crashes. To be |
1547 |
conservative, the default nesting limit is set to 512. If your process |
1548 |
has a smaller stack, you should adjust this setting accordingly with the |
1549 |
C<max_depth> method. |
1550 |
|
1551 |
Something else could bomb you, too, that I forgot to think of. In that |
1552 |
case, you get to keep the pieces. I am always open for hints, though... |
1553 |
|
1554 |
Also keep in mind that JSON::XS might leak contents of your Perl data |
1555 |
structures in its error messages, so when you serialise sensitive |
1556 |
information you might want to make sure that exceptions thrown by JSON::XS |
1557 |
will not end up in front of untrusted eyes. |
1558 |
|
1559 |
If you are using JSON::XS to return packets to consumption |
1560 |
by JavaScript scripts in a browser you should have a look at |
1561 |
L<http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> to |
1562 |
see whether you are vulnerable to some common attack vectors (which really |
1563 |
are browser design bugs, but it is still you who will have to deal with |
1564 |
it, as major browser developers care only for features, not about getting |
1565 |
security right). |
1566 |
|
1567 |
|
1568 |
=head1 "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159) |
1569 |
|
1570 |
TL;DR: Due to security concerns, JSON::XS will not allow scalar data in |
1571 |
JSON texts by default - you need to create your own JSON::XS object and |
1572 |
enable C<allow_nonref>: |
1573 |
|
1574 |
|
1575 |
my $json = JSON::XS->new->allow_nonref; |
1576 |
|
1577 |
$text = $json->encode ($data); |
1578 |
$data = $json->decode ($text); |
1579 |
|
1580 |
The long version: JSON being an important and supposedly stable format, |
1581 |
the IETF standardised it as RFC 4627 in 2006. Unfortunately, the inventor |
1582 |
of JSON, Dougles Crockford, unilaterally changed the definition of JSON in |
1583 |
javascript. Rather than create a fork, the IETF decided to standardise the |
1584 |
new syntax (apparently, so Iw as told, without finding it very amusing). |
1585 |
|
1586 |
The biggest difference between thed original JSON and the new JSON is that |
1587 |
the new JSON supports scalars (anything other than arrays and objects) at |
1588 |
the toplevel of a JSON text. While this is strictly backwards compatible |
1589 |
to older versions, it breaks a number of protocols that relied on sending |
1590 |
JSON back-to-back, and is a minor security concern. |
1591 |
|
1592 |
For example, imagine you have two banks communicating, and on one side, |
1593 |
trhe JSON coder gets upgraded. Two messages, such as C<10> and C<1000> |
1594 |
might then be confused to mean C<101000>, something that couldn't happen |
1595 |
in the original JSON, because niether of these messages would be valid |
1596 |
JSON. |
1597 |
|
1598 |
If one side accepts these messages, then an upgrade in the coder on either |
1599 |
side could result in this becoming exploitable. |
1600 |
|
1601 |
This module has always allowed these messages as an optional extension, by |
1602 |
default disabled. The security concerns are the reason why the default is |
1603 |
still disabled, but future versions might/will likely upgrade to the newer |
1604 |
RFC as default format, so you are advised to check your implementation |
1605 |
and/or override the default with C<< ->allow_nonref (0) >> to ensure that |
1606 |
future versions are safe. |
1607 |
|
1608 |
|
1609 |
=head1 INTEROPERABILITY WITH OTHER MODULES |
1610 |
|
1611 |
C<JSON::XS> uses the L<Types::Serialiser> module to provide boolean |
1612 |
constants. That means that the JSON true and false values will be |
1613 |
comaptible to true and false values of iother modules that do the same, |
1614 |
such as L<JSON::PP> and L<CBOR::XS>. |
1615 |
|
1616 |
|
1617 |
=head1 INTEROPERABILITY WITH OTHER JSON DECODERS |
1618 |
|
1619 |
As long as you only serialise data that can be directly expressed in JSON, |
1620 |
C<JSON::XS> is incapable of generating invalid JSON output (modulo bugs, |
1621 |
but C<JSON::XS> has found more bugs in the official JSON testsuite (1) |
1622 |
than the official JSON testsuite has found in C<JSON::XS> (0)). |
1623 |
|
1624 |
When you have trouble decoding JSON generated by this module using other |
1625 |
decoders, then it is very likely that you have an encoding mismatch or the |
1626 |
other decoder is broken. |
1627 |
|
1628 |
When decoding, C<JSON::XS> is strict by default and will likely catch all |
1629 |
errors. There are currently two settings that change this: C<relaxed> |
1630 |
makes C<JSON::XS> accept (but not generate) some non-standard extensions, |
1631 |
and C<allow_tags> will allow you to encode and decode Perl objects, at the |
1632 |
cost of not outputting valid JSON anymore. |
1633 |
|
1634 |
=head2 TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS |
1635 |
|
1636 |
When you use C<allow_tags> to use the extended (and also nonstandard and |
1637 |
invalid) JSON syntax for serialised objects, and you still want to decode |
1638 |
the generated When you want to serialise objects, you can run a regex |
1639 |
to replace the tagged syntax by standard JSON arrays (it only works for |
1640 |
"normal" packagesnames without comma, newlines or single colons). First, |
1641 |
the readable Perl version: |
1642 |
|
1643 |
# if your FREEZE methods return no values, you need this replace first: |
1644 |
$json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx; |
1645 |
|
1646 |
# this works for non-empty constructor arg lists: |
1647 |
$json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx; |
1648 |
|
1649 |
And here is a less readable version that is easy to adapt to other |
1650 |
languages: |
1651 |
|
1652 |
$json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g; |
1653 |
|
1654 |
Here is an ECMAScript version (same regex): |
1655 |
|
1656 |
json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,"); |
1657 |
|
1658 |
Since this syntax converts to standard JSON arrays, it might be hard to |
1659 |
distinguish serialised objects from normal arrays. You can prepend a |
1660 |
"magic number" as first array element to reduce chances of a collision: |
1661 |
|
1662 |
$json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g; |
1663 |
|
1664 |
And after decoding the JSON text, you could walk the data |
1665 |
structure looking for arrays with a first element of |
1666 |
C<XU1peReLzT4ggEllLanBYq4G9VzliwKF>. |
1667 |
|
1668 |
The same approach can be used to create the tagged format with another |
1669 |
encoder. First, you create an array with the magic string as first member, |
1670 |
the classname as second, and constructor arguments last, encode it as part |
1671 |
of your JSON structure, and then: |
1672 |
|
1673 |
$json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g; |
1674 |
|
1675 |
Again, this has some limitations - the magic string must not be encoded |
1676 |
with character escapes, and the constructor arguments must be non-empty. |
1677 |
|
1678 |
|
1679 |
=head1 RFC7159 |
1680 |
|
1681 |
Since this module was written, Google has written a new JSON RFC, RFC 7159 |
1682 |
(and RFC7158). Unfortunately, this RFC breaks compatibility with both the |
1683 |
original JSON specification on www.json.org and RFC4627. |
1684 |
|
1685 |
As far as I can see, you can get partial compatibility when parsing by |
1686 |
using C<< ->allow_nonref >>. However, consider thew security implications |
1687 |
of doing so. |
1688 |
|
1689 |
I haven't decided yet when to break compatibility with RFC4627 by default |
1690 |
(and potentially leave applications insecure) and change the default to |
1691 |
follow RFC7159, but application authors are well advised to call C<< |
1692 |
->allow_nonref(0) >> even if this is the current default, if they cannot |
1693 |
handle non-reference values, in preparation for the day when the4 default |
1694 |
will change. |
1695 |
|
1696 |
|
1697 |
=head1 THREADS |
1698 |
|
1699 |
This module is I<not> guaranteed to be thread safe and there are no |
1700 |
plans to change this until Perl gets thread support (as opposed to the |
1701 |
horribly slow so-called "threads" which are simply slow and bloated |
1702 |
process simulations - use fork, it's I<much> faster, cheaper, better). |
1703 |
|
1704 |
(It might actually work, but you have been warned). |
1705 |
|
1706 |
|
1707 |
=head1 THE PERILS OF SETLOCALE |
1708 |
|
1709 |
Sometimes people avoid the Perl locale support and directly call the |
1710 |
system's setlocale function with C<LC_ALL>. |
1711 |
|
1712 |
This breaks both perl and modules such as JSON::XS, as stringification of |
1713 |
numbers no longer works correctly (e.g. C<$x = 0.1; print "$x"+1> might |
1714 |
print C<1>, and JSON::XS might output illegal JSON as JSON::XS relies on |
1715 |
perl to stringify numbers). |
1716 |
|
1717 |
The solution is simple: don't call C<setlocale>, or use it for only those |
1718 |
categories you need, such as C<LC_MESSAGES> or C<LC_CTYPE>. |
1719 |
|
1720 |
If you need C<LC_NUMERIC>, you should enable it only around the code that |
1721 |
actually needs it (avoiding stringification of numbers), and restore it |
1722 |
afterwards. |
1723 |
|
1724 |
|
1725 |
=head1 BUGS |
1726 |
|
1727 |
While the goal of this module is to be correct, that unfortunately does |
1728 |
not mean it's bug-free, only that I think its design is bug-free. If you |
1729 |
keep reporting bugs they will be fixed swiftly, though. |
1730 |
|
1731 |
Please refrain from using rt.cpan.org or any other bug reporting |
1732 |
service. I put the contact address into my modules for a reason. |
1733 |
|
1734 |
=cut |
1735 |
|
1736 |
BEGIN { |
1737 |
*true = \$Types::Serialiser::true; |
1738 |
*true = \&Types::Serialiser::true; |
1739 |
*false = \$Types::Serialiser::false; |
1740 |
*false = \&Types::Serialiser::false; |
1741 |
*is_bool = \&Types::Serialiser::is_bool; |
1742 |
|
1743 |
*JSON::XS::Boolean:: = *Types::Serialiser::Boolean::; |
1744 |
} |
1745 |
|
1746 |
XSLoader::load "JSON::XS", $VERSION; |
1747 |
|
1748 |
=head1 SEE ALSO |
1749 |
|
1750 |
The F<json_xs> command line utility for quick experiments. |
1751 |
|
1752 |
=head1 AUTHOR |
1753 |
|
1754 |
Marc Lehmann <schmorp@schmorp.de> |
1755 |
http://home.schmorp.de/ |
1756 |
|
1757 |
=cut |
1758 |
|
1759 |
1 |
1760 |
|