… | |
… | |
341 | |
341 | |
342 | The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON> |
342 | The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON> |
343 | returns other blessed objects, those will be handled in the same |
343 | returns other blessed objects, those will be handled in the same |
344 | way. C<TO_JSON> must take care of not causing an endless recursion cycle |
344 | way. C<TO_JSON> must take care of not causing an endless recursion cycle |
345 | (== crash) in this case. The name of C<TO_JSON> was chosen because other |
345 | (== crash) in this case. The name of C<TO_JSON> was chosen because other |
346 | methods called by the Perl core (== not the user of the object) are |
346 | methods called by the Perl core (== not by the user of the object) are |
347 | usually in upper case letters and to avoid collisions with the C<to_json> |
347 | usually in upper case letters and to avoid collisions with the C<to_json> |
348 | function. |
348 | function. |
|
|
349 | |
|
|
350 | This setting does not yet influence C<decode> in any way, but in the |
|
|
351 | future, global hooks might get installed that influence C<decode> and are |
|
|
352 | enabled by this setting. |
349 | |
353 | |
350 | If C<$enable> is false, then the C<allow_blessed> setting will decide what |
354 | If C<$enable> is false, then the C<allow_blessed> setting will decide what |
351 | to do when a blessed object is found. |
355 | to do when a blessed object is found. |
352 | |
356 | |
353 | =item $json = $json->shrink ([$enable]) |
357 | =item $json = $json->shrink ([$enable]) |
… | |
… | |
389 | given character in a string. |
393 | given character in a string. |
390 | |
394 | |
391 | Setting the maximum depth to one disallows any nesting, so that ensures |
395 | Setting the maximum depth to one disallows any nesting, so that ensures |
392 | that the object is only a single hash/object or array. |
396 | that the object is only a single hash/object or array. |
393 | |
397 | |
394 | The argument to C<max_depth> will be rounded up to the next nearest power |
398 | The argument to C<max_depth> will be rounded up to the next highest power |
395 | of two. |
399 | of two. If no argument is given, the highest possible setting will be |
|
|
400 | used, which is rarely useful. |
|
|
401 | |
|
|
402 | See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
|
|
403 | |
|
|
404 | =item $json = $json->max_size ([$maximum_string_size]) |
|
|
405 | |
|
|
406 | Set the maximum length a JSON text may have (in bytes) where decoding is |
|
|
407 | being attempted. The default is C<0>, meaning no limit. When C<decode> |
|
|
408 | is called on a string longer then this number of characters it will not |
|
|
409 | attempt to decode the string but throw an exception. This setting has no |
|
|
410 | effect on C<encode> (yet). |
|
|
411 | |
|
|
412 | The argument to C<max_size> will be rounded up to the next B<highest> |
|
|
413 | power of two (so may be more than requested). If no argument is given, the |
|
|
414 | limit check will be deactivated (same as when C<0> is specified). |
396 | |
415 | |
397 | See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
416 | See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
398 | |
417 | |
399 | =item $json_text = $json->encode ($perl_scalar) |
418 | =item $json_text = $json->encode ($perl_scalar) |
400 | |
419 | |
… | |
… | |
692 | It shows the number of encodes/decodes per second (JSON::XS uses |
711 | It shows the number of encodes/decodes per second (JSON::XS uses |
693 | the functional interface, while JSON::XS/2 uses the OO interface |
712 | the functional interface, while JSON::XS/2 uses the OO interface |
694 | with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables |
713 | with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables |
695 | shrink). Higher is better: |
714 | shrink). Higher is better: |
696 | |
715 | |
|
|
716 | Storable | 15779.925 | 14169.946 | |
|
|
717 | -----------+------------+------------+ |
697 | module | encode | decode | |
718 | module | encode | decode | |
698 | -----------|------------|------------| |
719 | -----------|------------|------------| |
699 | JSON | 7645.468 | 4208.613 | |
720 | JSON | 4990.842 | 4088.813 | |
700 | JSON::DWIW | 40721.398 | 77101.176 | |
721 | JSON::DWIW | 51653.990 | 71575.154 | |
701 | JSON::PC | 65948.176 | 78251.940 | |
722 | JSON::PC | 65948.176 | 74631.744 | |
702 | JSON::Syck | 22844.793 | 26479.192 | |
723 | JSON::PP | 8931.652 | 3817.168 | |
|
|
724 | JSON::Syck | 24877.248 | 27776.848 | |
703 | JSON::XS | 388361.481 | 199728.762 | |
725 | JSON::XS | 388361.481 | 227951.304 | |
704 | JSON::XS/2 | 218453.333 | 192399.266 | |
726 | JSON::XS/2 | 227951.304 | 218453.333 | |
705 | JSON::XS/3 | 338250.323 | 192399.266 | |
727 | JSON::XS/3 | 338250.323 | 218453.333 | |
706 | Storable | 15779.925 | 14169.946 | |
728 | Storable | 16500.016 | 135300.129 | |
707 | -----------+------------+------------+ |
729 | -----------+------------+------------+ |
708 | |
730 | |
709 | That is, JSON::XS is about five times faster than JSON::DWIW on encoding, |
731 | That is, JSON::XS is about five times faster than JSON::DWIW on encoding, |
710 | about three times faster on decoding, and over fourty times faster |
732 | about three times faster on decoding, and over fourty times faster |
711 | than JSON, even with pretty-printing and key sorting. It also compares |
733 | than JSON, even with pretty-printing and key sorting. It also compares |
… | |
… | |
714 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
736 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
715 | search API (http://nanoref.com/yahooapis/mgPdGg): |
737 | search API (http://nanoref.com/yahooapis/mgPdGg): |
716 | |
738 | |
717 | module | encode | decode | |
739 | module | encode | decode | |
718 | -----------|------------|------------| |
740 | -----------|------------|------------| |
719 | JSON | 254.685 | 37.665 | |
741 | JSON | 55.260 | 34.971 | |
720 | JSON::DWIW | 843.343 | 1049.731 | |
742 | JSON::DWIW | 825.228 | 1082.513 | |
721 | JSON::PC | 3602.116 | 2307.352 | |
743 | JSON::PC | 3571.444 | 2394.829 | |
|
|
744 | JSON::PP | 210.987 | 32.574 | |
722 | JSON::Syck | 505.107 | 787.899 | |
745 | JSON::Syck | 552.551 | 787.544 | |
723 | JSON::XS | 5747.196 | 3690.220 | |
746 | JSON::XS | 5780.463 | 4854.519 | |
724 | JSON::XS/2 | 3968.121 | 3676.634 | |
747 | JSON::XS/2 | 3869.998 | 4798.975 | |
725 | JSON::XS/3 | 6105.246 | 3662.508 | |
748 | JSON::XS/3 | 5862.880 | 4798.975 | |
726 | Storable | 4417.337 | 5285.161 | |
749 | Storable | 4445.002 | 5235.027 | |
727 | -----------+------------+------------+ |
750 | -----------+------------+------------+ |
728 | |
751 | |
729 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
752 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
730 | decodes faster). |
753 | decodes faster). |
731 | |
754 | |
… | |
… | |
748 | Second, you need to avoid resource-starving attacks. That means you should |
771 | Second, you need to avoid resource-starving attacks. That means you should |
749 | limit the size of JSON texts you accept, or make sure then when your |
772 | limit the size of JSON texts you accept, or make sure then when your |
750 | resources run out, thats just fine (e.g. by using a separate process that |
773 | resources run out, thats just fine (e.g. by using a separate process that |
751 | can crash safely). The size of a JSON text in octets or characters is |
774 | can crash safely). The size of a JSON text in octets or characters is |
752 | usually a good indication of the size of the resources required to decode |
775 | usually a good indication of the size of the resources required to decode |
753 | it into a Perl structure. |
776 | it into a Perl structure. While JSON::XS can check the size of the JSON |
|
|
777 | text, it might be too late when you already have it in memory, so you |
|
|
778 | might want to check the size before you accept the string. |
754 | |
779 | |
755 | Third, JSON::XS recurses using the C stack when decoding objects and |
780 | Third, JSON::XS recurses using the C stack when decoding objects and |
756 | arrays. The C stack is a limited resource: for instance, on my amd64 |
781 | arrays. The C stack is a limited resource: for instance, on my amd64 |
757 | machine with 8MB of stack size I can decode around 180k nested arrays but |
782 | machine with 8MB of stack size I can decode around 180k nested arrays but |
758 | only 14k nested JSON objects (due to perl itself recursing deeply on croak |
783 | only 14k nested JSON objects (due to perl itself recursing deeply on croak |