| … | |
… | |
| 393 | given character in a string. |
393 | given character in a string. |
| 394 | |
394 | |
| 395 | Setting the maximum depth to one disallows any nesting, so that ensures |
395 | Setting the maximum depth to one disallows any nesting, so that ensures |
| 396 | that the object is only a single hash/object or array. |
396 | that the object is only a single hash/object or array. |
| 397 | |
397 | |
| 398 | The argument to C<max_depth> will be rounded up to the next nearest power |
398 | The argument to C<max_depth> will be rounded up to the next highest power |
| 399 | of two. |
399 | of two. If no argument is given, the highest possible setting will be |
|
|
400 | used, which is rarely useful. |
|
|
401 | |
|
|
402 | See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
|
|
403 | |
|
|
404 | =item $json = $json->max_size ([$maximum_string_size]) |
|
|
405 | |
|
|
406 | Set the maximum length a JSON text may have (in bytes) where decoding is |
|
|
407 | being attempted. The default is C<0>, meaning no limit. When C<decode> |
|
|
408 | is called on a string longer then this number of characters it will not |
|
|
409 | attempt to decode the string but throw an exception. This setting has no |
|
|
410 | effect on C<encode> (yet). |
|
|
411 | |
|
|
412 | The argument to C<max_size> will be rounded up to the next B<highest> |
|
|
413 | power of two (so may be more than requested). If no argument is given, the |
|
|
414 | limit check will be deactivated (same as when C<0> is specified). |
| 400 | |
415 | |
| 401 | See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
416 | See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
| 402 | |
417 | |
| 403 | =item $json_text = $json->encode ($perl_scalar) |
418 | =item $json_text = $json->encode ($perl_scalar) |
| 404 | |
419 | |
| … | |
… | |
| 696 | It shows the number of encodes/decodes per second (JSON::XS uses |
711 | It shows the number of encodes/decodes per second (JSON::XS uses |
| 697 | the functional interface, while JSON::XS/2 uses the OO interface |
712 | the functional interface, while JSON::XS/2 uses the OO interface |
| 698 | with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables |
713 | with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables |
| 699 | shrink). Higher is better: |
714 | shrink). Higher is better: |
| 700 | |
715 | |
|
|
716 | Storable | 15779.925 | 14169.946 | |
|
|
717 | -----------+------------+------------+ |
| 701 | module | encode | decode | |
718 | module | encode | decode | |
| 702 | -----------|------------|------------| |
719 | -----------|------------|------------| |
| 703 | JSON | 7645.468 | 4208.613 | |
720 | JSON | 4990.842 | 4088.813 | |
| 704 | JSON::DWIW | 40721.398 | 77101.176 | |
721 | JSON::DWIW | 51653.990 | 71575.154 | |
| 705 | JSON::PC | 65948.176 | 78251.940 | |
722 | JSON::PC | 65948.176 | 74631.744 | |
| 706 | JSON::Syck | 22844.793 | 26479.192 | |
723 | JSON::PP | 8931.652 | 3817.168 | |
|
|
724 | JSON::Syck | 24877.248 | 27776.848 | |
| 707 | JSON::XS | 388361.481 | 199728.762 | |
725 | JSON::XS | 388361.481 | 227951.304 | |
| 708 | JSON::XS/2 | 218453.333 | 192399.266 | |
726 | JSON::XS/2 | 227951.304 | 218453.333 | |
| 709 | JSON::XS/3 | 338250.323 | 192399.266 | |
727 | JSON::XS/3 | 338250.323 | 218453.333 | |
| 710 | Storable | 15779.925 | 14169.946 | |
728 | Storable | 16500.016 | 135300.129 | |
| 711 | -----------+------------+------------+ |
729 | -----------+------------+------------+ |
| 712 | |
730 | |
| 713 | That is, JSON::XS is about five times faster than JSON::DWIW on encoding, |
731 | That is, JSON::XS is about five times faster than JSON::DWIW on encoding, |
| 714 | about three times faster on decoding, and over fourty times faster |
732 | about three times faster on decoding, and over fourty times faster |
| 715 | than JSON, even with pretty-printing and key sorting. It also compares |
733 | than JSON, even with pretty-printing and key sorting. It also compares |
| … | |
… | |
| 718 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
736 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
| 719 | search API (http://nanoref.com/yahooapis/mgPdGg): |
737 | search API (http://nanoref.com/yahooapis/mgPdGg): |
| 720 | |
738 | |
| 721 | module | encode | decode | |
739 | module | encode | decode | |
| 722 | -----------|------------|------------| |
740 | -----------|------------|------------| |
| 723 | JSON | 254.685 | 37.665 | |
741 | JSON | 55.260 | 34.971 | |
| 724 | JSON::DWIW | 843.343 | 1049.731 | |
742 | JSON::DWIW | 825.228 | 1082.513 | |
| 725 | JSON::PC | 3602.116 | 2307.352 | |
743 | JSON::PC | 3571.444 | 2394.829 | |
|
|
744 | JSON::PP | 210.987 | 32.574 | |
| 726 | JSON::Syck | 505.107 | 787.899 | |
745 | JSON::Syck | 552.551 | 787.544 | |
| 727 | JSON::XS | 5747.196 | 3690.220 | |
746 | JSON::XS | 5780.463 | 4854.519 | |
| 728 | JSON::XS/2 | 3968.121 | 3676.634 | |
747 | JSON::XS/2 | 3869.998 | 4798.975 | |
| 729 | JSON::XS/3 | 6105.246 | 3662.508 | |
748 | JSON::XS/3 | 5862.880 | 4798.975 | |
| 730 | Storable | 4417.337 | 5285.161 | |
749 | Storable | 4445.002 | 5235.027 | |
| 731 | -----------+------------+------------+ |
750 | -----------+------------+------------+ |
| 732 | |
751 | |
| 733 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
752 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
| 734 | decodes faster). |
753 | decodes faster). |
| 735 | |
754 | |
| … | |
… | |
| 752 | Second, you need to avoid resource-starving attacks. That means you should |
771 | Second, you need to avoid resource-starving attacks. That means you should |
| 753 | limit the size of JSON texts you accept, or make sure then when your |
772 | limit the size of JSON texts you accept, or make sure then when your |
| 754 | resources run out, thats just fine (e.g. by using a separate process that |
773 | resources run out, thats just fine (e.g. by using a separate process that |
| 755 | can crash safely). The size of a JSON text in octets or characters is |
774 | can crash safely). The size of a JSON text in octets or characters is |
| 756 | usually a good indication of the size of the resources required to decode |
775 | usually a good indication of the size of the resources required to decode |
| 757 | it into a Perl structure. |
776 | it into a Perl structure. While JSON::XS can check the size of the JSON |
|
|
777 | text, it might be too late when you already have it in memory, so you |
|
|
778 | might want to check the size before you accept the string. |
| 758 | |
779 | |
| 759 | Third, JSON::XS recurses using the C stack when decoding objects and |
780 | Third, JSON::XS recurses using the C stack when decoding objects and |
| 760 | arrays. The C stack is a limited resource: for instance, on my amd64 |
781 | arrays. The C stack is a limited resource: for instance, on my amd64 |
| 761 | machine with 8MB of stack size I can decode around 180k nested arrays but |
782 | machine with 8MB of stack size I can decode around 180k nested arrays but |
| 762 | only 14k nested JSON objects (due to perl itself recursing deeply on croak |
783 | only 14k nested JSON objects (due to perl itself recursing deeply on croak |
