… | |
… | |
99 | |
99 | |
100 | =cut |
100 | =cut |
101 | |
101 | |
102 | package JSON::XS; |
102 | package JSON::XS; |
103 | |
103 | |
104 | no warnings; |
104 | use common::sense; |
105 | use strict; |
|
|
106 | |
105 | |
107 | our $VERSION = '2.231'; |
106 | our $VERSION = '2.28'; |
108 | our @ISA = qw(Exporter); |
107 | our @ISA = qw(Exporter); |
109 | |
108 | |
110 | our @EXPORT = qw(encode_json decode_json to_json from_json); |
109 | our @EXPORT = qw(encode_json decode_json to_json from_json); |
111 | |
110 | |
112 | sub to_json($) { |
111 | sub to_json($) { |
… | |
… | |
441 | the same JSON text (given the same overall settings). If it is disabled, |
440 | the same JSON text (given the same overall settings). If it is disabled, |
442 | the same hash might be encoded differently even if contains the same data, |
441 | the same hash might be encoded differently even if contains the same data, |
443 | as key-value pairs have no inherent ordering in Perl. |
442 | as key-value pairs have no inherent ordering in Perl. |
444 | |
443 | |
445 | This setting has no effect when decoding JSON texts. |
444 | This setting has no effect when decoding JSON texts. |
|
|
445 | |
|
|
446 | This setting has currently no effect on tied hashes. |
446 | |
447 | |
447 | =item $json = $json->allow_nonref ([$enable]) |
448 | =item $json = $json->allow_nonref ([$enable]) |
448 | |
449 | |
449 | =item $enabled = $json->get_allow_nonref |
450 | =item $enabled = $json->get_allow_nonref |
450 | |
451 | |
… | |
… | |
1185 | proper subset of most 8-bit and multibyte encodings in use in the world. |
1186 | proper subset of most 8-bit and multibyte encodings in use in the world. |
1186 | |
1187 | |
1187 | =back |
1188 | =back |
1188 | |
1189 | |
1189 | |
1190 | |
|
|
1191 | =head2 JSON and ECMAscript |
|
|
1192 | |
|
|
1193 | JSON syntax is based on how literals are represented in javascript (the |
|
|
1194 | not-standardised predecessor of ECMAscript) which is presumably why it is |
|
|
1195 | called "JavaScript Object Notation". |
|
|
1196 | |
|
|
1197 | However, JSON is not a subset (and also not a superset of course) of |
|
|
1198 | ECMAscript (the standard) or javascript (whatever browsers actually |
|
|
1199 | implement). |
|
|
1200 | |
|
|
1201 | If you want to use javascript's C<eval> function to "parse" JSON, you |
|
|
1202 | might run into parse errors for valid JSON texts, or the resulting data |
|
|
1203 | structure might not be queryable: |
|
|
1204 | |
|
|
1205 | One of the problems is that U+2028 and U+2029 are valid characters inside |
|
|
1206 | JSON strings, but are not allowed in ECMAscript string literals, so the |
|
|
1207 | following Perl fragment will not output something that can be guaranteed |
|
|
1208 | to be parsable by javascript's C<eval>: |
|
|
1209 | |
|
|
1210 | use JSON::XS; |
|
|
1211 | |
|
|
1212 | print encode_json [chr 0x2028]; |
|
|
1213 | |
|
|
1214 | The right fix for this is to use a proper JSON parser in your javascript |
|
|
1215 | programs, and not rely on C<eval> (see for example Douglas Crockford's |
|
|
1216 | F<json2.js> parser). |
|
|
1217 | |
|
|
1218 | If this is not an option, you can, as a stop-gap measure, simply encode to |
|
|
1219 | ASCII-only JSON: |
|
|
1220 | |
|
|
1221 | use JSON::XS; |
|
|
1222 | |
|
|
1223 | print JSON::XS->new->ascii->encode ([chr 0x2028]); |
|
|
1224 | |
|
|
1225 | Note that this will enlarge the resulting JSON text quite a bit if you |
|
|
1226 | have many non-ASCII characters. You might be tempted to run some regexes |
|
|
1227 | to only escape U+2028 and U+2029, e.g.: |
|
|
1228 | |
|
|
1229 | # DO NOT USE THIS! |
|
|
1230 | my $json = JSON::XS->new->utf8->encode ([chr 0x2028]); |
|
|
1231 | $json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028 |
|
|
1232 | $json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029 |
|
|
1233 | print $json; |
|
|
1234 | |
|
|
1235 | Note that I<this is a bad idea>: the above only works for U+2028 and |
|
|
1236 | U+2029 and thus only for fully ECMAscript-compliant parsers. Many existing |
|
|
1237 | javascript implementations, however, have issues with other characters as |
|
|
1238 | well - using C<eval> naively simply I<will> cause problems. |
|
|
1239 | |
|
|
1240 | Another problem is that some javascript implementations reserve |
|
|
1241 | some property names for their own purposes (which probably makes |
|
|
1242 | them non-ECMAscript-compliant). For example, Iceweasel reserves the |
|
|
1243 | C<__proto__> property name for it's own purposes. |
|
|
1244 | |
|
|
1245 | If that is a problem, you could parse try to filter the resulting JSON |
|
|
1246 | output for these property strings, e.g.: |
|
|
1247 | |
|
|
1248 | $json =~ s/"__proto__"\s*:/"__proto__renamed":/g; |
|
|
1249 | |
|
|
1250 | This works because C<__proto__> is not valid outside of strings, so every |
|
|
1251 | occurence of C<"__proto__"\s*:> must be a string used as property name. |
|
|
1252 | |
|
|
1253 | If you know of other incompatibilities, please let me know. |
|
|
1254 | |
|
|
1255 | |
1190 | =head2 JSON and YAML |
1256 | =head2 JSON and YAML |
1191 | |
1257 | |
1192 | You often hear that JSON is a subset of YAML. This is, however, a mass |
1258 | You often hear that JSON is a subset of YAML. This is, however, a mass |
1193 | hysteria(*) and very far from the truth (as of the time of this writing), |
1259 | hysteria(*) and very far from the truth (as of the time of this writing), |
1194 | so let me state it clearly: I<in general, there is no way to configure |
1260 | so let me state it clearly: I<in general, there is no way to configure |
… | |
… | |
1202 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
1268 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
1203 | |
1269 | |
1204 | This will I<usually> generate JSON texts that also parse as valid |
1270 | This will I<usually> generate JSON texts that also parse as valid |
1205 | YAML. Please note that YAML has hardcoded limits on (simple) object key |
1271 | YAML. Please note that YAML has hardcoded limits on (simple) object key |
1206 | lengths that JSON doesn't have and also has different and incompatible |
1272 | lengths that JSON doesn't have and also has different and incompatible |
1207 | unicode handling, so you should make sure that your hash keys are |
1273 | unicode character escape syntax, so you should make sure that your hash |
1208 | noticeably shorter than the 1024 "stream characters" YAML allows and that |
1274 | keys are noticeably shorter than the 1024 "stream characters" YAML allows |
1209 | you do not have characters with codepoint values outside the Unicode BMP |
1275 | and that you do not have characters with codepoint values outside the |
1210 | (basic multilingual page). YAML also does not allow C<\/> sequences in |
1276 | Unicode BMP (basic multilingual page). YAML also does not allow C<\/> |
1211 | strings (which JSON::XS does not I<currently> generate, but other JSON |
1277 | sequences in strings (which JSON::XS does not I<currently> generate, but |
1212 | generators might). |
1278 | other JSON generators might). |
1213 | |
1279 | |
1214 | There might be other incompatibilities that I am not aware of (or the YAML |
1280 | There might be other incompatibilities that I am not aware of (or the YAML |
1215 | specification has been changed yet again - it does so quite often). In |
1281 | specification has been changed yet again - it does so quite often). In |
1216 | general you should not try to generate YAML with a JSON generator or vice |
1282 | general you should not try to generate YAML with a JSON generator or vice |
1217 | versa, or try to parse JSON with a YAML parser or vice versa: chances are |
1283 | versa, or try to parse JSON with a YAML parser or vice versa: chances are |
… | |
… | |
1236 | that difficult or long) and finally make YAML compatible to it, and |
1302 | that difficult or long) and finally make YAML compatible to it, and |
1237 | educating users about the changes, instead of spreading lies about the |
1303 | educating users about the changes, instead of spreading lies about the |
1238 | real compatibility for many I<years> and trying to silence people who |
1304 | real compatibility for many I<years> and trying to silence people who |
1239 | point out that it isn't true. |
1305 | point out that it isn't true. |
1240 | |
1306 | |
|
|
1307 | Addendum/2009: the YAML 1.2 spec is still incomaptible with JSON, even |
|
|
1308 | though the incompatibilities have been documented (and are known to |
|
|
1309 | Brian) for many years and the spec makes explicit claims that YAML is a |
|
|
1310 | superset of JSON. It would be so easy to fix, but apparently, bullying and |
|
|
1311 | corrupting userdata is so much easier. |
|
|
1312 | |
1241 | =back |
1313 | =back |
1242 | |
1314 | |
1243 | |
1315 | |
1244 | =head2 SPEED |
1316 | =head2 SPEED |
1245 | |
1317 | |
… | |
… | |
1252 | a very short single-line JSON string (also available at |
1324 | a very short single-line JSON string (also available at |
1253 | L<http://dist.schmorp.de/misc/json/short.json>). |
1325 | L<http://dist.schmorp.de/misc/json/short.json>). |
1254 | |
1326 | |
1255 | {"method": "handleMessage", "params": ["user1", |
1327 | {"method": "handleMessage", "params": ["user1", |
1256 | "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7, |
1328 | "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7, |
1257 | true, false]} |
1329 | 1, 0]} |
1258 | |
1330 | |
1259 | It shows the number of encodes/decodes per second (JSON::XS uses |
1331 | It shows the number of encodes/decodes per second (JSON::XS uses |
1260 | the functional interface, while JSON::XS/2 uses the OO interface |
1332 | the functional interface, while JSON::XS/2 uses the OO interface |
1261 | with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables |
1333 | with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables |
1262 | shrink). Higher is better: |
1334 | shrink. JSON::DWIW/DS uses the deserialise function, while JSON::DWIW::FJ |
|
|
1335 | uses the from_json method). Higher is better: |
1263 | |
1336 | |
1264 | module | encode | decode | |
1337 | module | encode | decode | |
1265 | -----------|------------|------------| |
1338 | --------------|------------|------------| |
1266 | JSON 1.x | 4990.842 | 4088.813 | |
1339 | JSON::DWIW/DS | 86302.551 | 102300.098 | |
1267 | JSON::DWIW | 51653.990 | 71575.154 | |
1340 | JSON::DWIW/FJ | 86302.551 | 75983.768 | |
1268 | JSON::PC | 65948.176 | 74631.744 | |
1341 | JSON::PP | 15827.562 | 6638.658 | |
1269 | JSON::PP | 8931.652 | 3817.168 | |
1342 | JSON::Syck | 63358.066 | 47662.545 | |
1270 | JSON::Syck | 24877.248 | 27776.848 | |
1343 | JSON::XS | 511500.488 | 511500.488 | |
1271 | JSON::XS | 388361.481 | 227951.304 | |
1344 | JSON::XS/2 | 291271.111 | 388361.481 | |
1272 | JSON::XS/2 | 227951.304 | 218453.333 | |
1345 | JSON::XS/3 | 361577.931 | 361577.931 | |
1273 | JSON::XS/3 | 338250.323 | 218453.333 | |
1346 | Storable | 66788.280 | 265462.278 | |
1274 | Storable | 16500.016 | 135300.129 | |
|
|
1275 | -----------+------------+------------+ |
1347 | --------------+------------+------------+ |
1276 | |
1348 | |
1277 | That is, JSON::XS is about five times faster than JSON::DWIW on encoding, |
1349 | That is, JSON::XS is almost six times faster than JSON::DWIW on encoding, |
1278 | about three times faster on decoding, and over forty times faster |
1350 | about five times faster on decoding, and over thirty to seventy times |
1279 | than JSON, even with pretty-printing and key sorting. It also compares |
1351 | faster than JSON's pure perl implementation. It also compares favourably |
1280 | favourably to Storable for small amounts of data. |
1352 | to Storable for small amounts of data. |
1281 | |
1353 | |
1282 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
1354 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
1283 | search API (L<http://dist.schmorp.de/misc/json/long.json>). |
1355 | search API (L<http://dist.schmorp.de/misc/json/long.json>). |
1284 | |
1356 | |
1285 | module | encode | decode | |
1357 | module | encode | decode | |
1286 | -----------|------------|------------| |
1358 | --------------|------------|------------| |
1287 | JSON 1.x | 55.260 | 34.971 | |
1359 | JSON::DWIW/DS | 1647.927 | 2673.916 | |
1288 | JSON::DWIW | 825.228 | 1082.513 | |
1360 | JSON::DWIW/FJ | 1630.249 | 2596.128 | |
1289 | JSON::PC | 3571.444 | 2394.829 | |
|
|
1290 | JSON::PP | 210.987 | 32.574 | |
1361 | JSON::PP | 400.640 | 62.311 | |
1291 | JSON::Syck | 552.551 | 787.544 | |
1362 | JSON::Syck | 1481.040 | 1524.869 | |
1292 | JSON::XS | 5780.463 | 4854.519 | |
1363 | JSON::XS | 20661.596 | 9541.183 | |
1293 | JSON::XS/2 | 3869.998 | 4798.975 | |
1364 | JSON::XS/2 | 10683.403 | 9416.938 | |
1294 | JSON::XS/3 | 5862.880 | 4798.975 | |
1365 | JSON::XS/3 | 20661.596 | 9400.054 | |
1295 | Storable | 4445.002 | 5235.027 | |
1366 | Storable | 19765.806 | 10000.725 | |
1296 | -----------+------------+------------+ |
1367 | --------------+------------+------------+ |
1297 | |
1368 | |
1298 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
1369 | Again, JSON::XS leads by far (except for Storable which non-surprisingly |
1299 | decodes faster). |
1370 | decodes a bit faster). |
1300 | |
1371 | |
1301 | On large strings containing lots of high Unicode characters, some modules |
1372 | On large strings containing lots of high Unicode characters, some modules |
1302 | (such as JSON::PC) seem to decode faster than JSON::XS, but the result |
1373 | (such as JSON::PC) seem to decode faster than JSON::XS, but the result |
1303 | will be broken due to missing (or wrong) Unicode handling. Others refuse |
1374 | will be broken due to missing (or wrong) Unicode handling. Others refuse |
1304 | to decode or encode properly, so it was impossible to prepare a fair |
1375 | to decode or encode properly, so it was impossible to prepare a fair |
… | |
… | |
1340 | information you might want to make sure that exceptions thrown by JSON::XS |
1411 | information you might want to make sure that exceptions thrown by JSON::XS |
1341 | will not end up in front of untrusted eyes. |
1412 | will not end up in front of untrusted eyes. |
1342 | |
1413 | |
1343 | If you are using JSON::XS to return packets to consumption |
1414 | If you are using JSON::XS to return packets to consumption |
1344 | by JavaScript scripts in a browser you should have a look at |
1415 | by JavaScript scripts in a browser you should have a look at |
1345 | L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
1416 | L<http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> to |
1346 | you are vulnerable to some common attack vectors (which really are browser |
1417 | see whether you are vulnerable to some common attack vectors (which really |
1347 | design bugs, but it is still you who will have to deal with it, as major |
1418 | are browser design bugs, but it is still you who will have to deal with |
1348 | browser developers care only for features, not about getting security |
1419 | it, as major browser developers care only for features, not about getting |
1349 | right). |
1420 | security right). |
1350 | |
1421 | |
1351 | |
1422 | |
1352 | =head1 THREADS |
1423 | =head1 THREADS |
1353 | |
1424 | |
1354 | This module is I<not> guaranteed to be thread safe and there are no |
1425 | This module is I<not> guaranteed to be thread safe and there are no |