… | |
… | |
85 | |
85 | |
86 | package JSON::XS; |
86 | package JSON::XS; |
87 | |
87 | |
88 | use strict; |
88 | use strict; |
89 | |
89 | |
90 | our $VERSION = '1.3'; |
90 | our $VERSION = '1.4'; |
91 | our @ISA = qw(Exporter); |
91 | our @ISA = qw(Exporter); |
92 | |
92 | |
93 | our @EXPORT = qw(to_json from_json objToJson jsonToObj); |
93 | our @EXPORT = qw(to_json from_json objToJson jsonToObj); |
94 | |
94 | |
95 | use Exporter; |
95 | use Exporter; |
… | |
… | |
315 | Example, encode a Perl scalar as JSON value with enabled C<allow_nonref>, |
315 | Example, encode a Perl scalar as JSON value with enabled C<allow_nonref>, |
316 | resulting in an invalid JSON text: |
316 | resulting in an invalid JSON text: |
317 | |
317 | |
318 | JSON::XS->new->allow_nonref->encode ("Hello, World!") |
318 | JSON::XS->new->allow_nonref->encode ("Hello, World!") |
319 | => "Hello, World!" |
319 | => "Hello, World!" |
|
|
320 | |
|
|
321 | =item $json = $json->allow_blessed ([$enable]) |
|
|
322 | |
|
|
323 | If C<$enable> is true (or missing), then the C<encode> method will not |
|
|
324 | barf when it encounters a blessed reference. Instead, the value of the |
|
|
325 | B<convert_blessed> option will decide wether C<null> (C<convert_blessed> |
|
|
326 | disabled or no C<to_json> method found) or a representation of the |
|
|
327 | object (C<convert_blessed> enabled and C<to_json> method found) is being |
|
|
328 | encoded. Has no effect on C<decode>. |
|
|
329 | |
|
|
330 | If C<$enable> is false (the default), then C<encode> will throw an |
|
|
331 | exception when it encounters a blessed object. |
|
|
332 | |
|
|
333 | =item $json = $json->convert_blessed ([$enable]) |
|
|
334 | |
|
|
335 | If C<$enable> is true (or missing), then C<encode>, upon encountering a |
|
|
336 | blessed object, will check for the availability of the C<TO_JSON> method |
|
|
337 | on the object's class. If found, it will be called in scalar context |
|
|
338 | and the resulting scalar will be encoded instead of the object. If no |
|
|
339 | C<TO_JSON> method is found, the value of C<allow_blessed> will decide what |
|
|
340 | to do. |
|
|
341 | |
|
|
342 | The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON> |
|
|
343 | returns other blessed objects, those will be handled in the same |
|
|
344 | way. C<TO_JSON> must take care of not causing an endless recursion cycle |
|
|
345 | (== crash) in this case. The name of C<TO_JSON> was chosen because other |
|
|
346 | methods called by the Perl core (== not by the user of the object) are |
|
|
347 | usually in upper case letters and to avoid collisions with the C<to_json> |
|
|
348 | function. |
|
|
349 | |
|
|
350 | This setting does not yet influence C<decode> in any way, but in the |
|
|
351 | future, global hooks might get installed that influence C<decode> and are |
|
|
352 | enabled by this setting. |
|
|
353 | |
|
|
354 | If C<$enable> is false, then the C<allow_blessed> setting will decide what |
|
|
355 | to do when a blessed object is found. |
320 | |
356 | |
321 | =item $json = $json->shrink ([$enable]) |
357 | =item $json = $json->shrink ([$enable]) |
322 | |
358 | |
323 | Perl usually over-allocates memory a bit when allocating space for |
359 | Perl usually over-allocates memory a bit when allocating space for |
324 | strings. This flag optionally resizes strings generated by either |
360 | strings. This flag optionally resizes strings generated by either |
… | |
… | |
357 | given character in a string. |
393 | given character in a string. |
358 | |
394 | |
359 | Setting the maximum depth to one disallows any nesting, so that ensures |
395 | Setting the maximum depth to one disallows any nesting, so that ensures |
360 | that the object is only a single hash/object or array. |
396 | that the object is only a single hash/object or array. |
361 | |
397 | |
362 | The argument to C<max_depth> will be rounded up to the next nearest power |
398 | The argument to C<max_depth> will be rounded up to the next highest power |
363 | of two. |
399 | of two. If no argument is given, the highest possible setting will be |
|
|
400 | used, which is rarely useful. |
|
|
401 | |
|
|
402 | See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
|
|
403 | |
|
|
404 | =item $json = $json->max_size ([$maximum_string_size]) |
|
|
405 | |
|
|
406 | Set the maximum length a JSON text may have (in bytes) where decoding is |
|
|
407 | being attempted. The default is C<0>, meaning no limit. When C<decode> |
|
|
408 | is called on a string longer then this number of characters it will not |
|
|
409 | attempt to decode the string but throw an exception. This setting has no |
|
|
410 | effect on C<encode> (yet). |
|
|
411 | |
|
|
412 | The argument to C<max_size> will be rounded up to the next B<highest> |
|
|
413 | power of two (so may be more than requested). If no argument is given, the |
|
|
414 | limit check will be deactivated (same as when C<0> is specified). |
364 | |
415 | |
365 | See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
416 | See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
366 | |
417 | |
367 | =item $json_text = $json->encode ($perl_scalar) |
418 | =item $json_text = $json->encode ($perl_scalar) |
368 | |
419 | |
… | |
… | |
716 | Second, you need to avoid resource-starving attacks. That means you should |
767 | Second, you need to avoid resource-starving attacks. That means you should |
717 | limit the size of JSON texts you accept, or make sure then when your |
768 | limit the size of JSON texts you accept, or make sure then when your |
718 | resources run out, thats just fine (e.g. by using a separate process that |
769 | resources run out, thats just fine (e.g. by using a separate process that |
719 | can crash safely). The size of a JSON text in octets or characters is |
770 | can crash safely). The size of a JSON text in octets or characters is |
720 | usually a good indication of the size of the resources required to decode |
771 | usually a good indication of the size of the resources required to decode |
721 | it into a Perl structure. |
772 | it into a Perl structure. While JSON::XS can check the size of the JSON |
|
|
773 | text, it might be too late when you already have it in memory, so you |
|
|
774 | might want to check the size before you accept the string. |
722 | |
775 | |
723 | Third, JSON::XS recurses using the C stack when decoding objects and |
776 | Third, JSON::XS recurses using the C stack when decoding objects and |
724 | arrays. The C stack is a limited resource: for instance, on my amd64 |
777 | arrays. The C stack is a limited resource: for instance, on my amd64 |
725 | machine with 8MB of stack size I can decode around 180k nested arrays but |
778 | machine with 8MB of stack size I can decode around 180k nested arrays but |
726 | only 14k nested JSON objects (due to perl itself recursing deeply on croak |
779 | only 14k nested JSON objects (due to perl itself recursing deeply on croak |
… | |
… | |
757 | sub true() { $true } |
810 | sub true() { $true } |
758 | sub false() { $false } |
811 | sub false() { $false } |
759 | |
812 | |
760 | sub is_bool($) { |
813 | sub is_bool($) { |
761 | UNIVERSAL::isa $_[0], "JSON::XS::Boolean" |
814 | UNIVERSAL::isa $_[0], "JSON::XS::Boolean" |
762 | or UNIVERSAL::isa $_[0], "JSON::Literal" |
815 | # or UNIVERSAL::isa $_[0], "JSON::Literal" |
763 | } |
816 | } |
764 | |
817 | |
765 | XSLoader::load "JSON::XS", $VERSION; |
818 | XSLoader::load "JSON::XS", $VERSION; |
766 | |
819 | |
767 | package JSON::XS::Boolean; |
820 | package JSON::XS::Boolean; |