|
|
1 | =encoding utf-8 |
|
|
2 | |
1 | =head1 NAME |
3 | =head1 NAME |
2 | |
4 | |
3 | JSON::XS - JSON serialising/deserialising, done correctly and fast |
5 | JSON::XS - JSON serialising/deserialising, done correctly and fast |
4 | |
6 | |
5 | JSON::XS - 正しくて高速な JSON シリアライザ/デシリアライザ |
7 | JSON::XS - 正しくて高速な JSON シリアライザ/デシリアライザ |
… | |
… | |
10 | use JSON::XS; |
12 | use JSON::XS; |
11 | |
13 | |
12 | # exported functions, they croak on error |
14 | # exported functions, they croak on error |
13 | # and expect/generate UTF-8 |
15 | # and expect/generate UTF-8 |
14 | |
16 | |
15 | $utf8_encoded_json_text = to_json $perl_hash_or_arrayref; |
17 | $utf8_encoded_json_text = encode_json $perl_hash_or_arrayref; |
16 | $perl_hash_or_arrayref = from_json $utf8_encoded_json_text; |
18 | $perl_hash_or_arrayref = decode_json $utf8_encoded_json_text; |
17 | |
19 | |
18 | # OO-interface |
20 | # OO-interface |
19 | |
21 | |
20 | $coder = JSON::XS->new->ascii->pretty->allow_nonref; |
22 | $coder = JSON::XS->new->ascii->pretty->allow_nonref; |
21 | $pretty_printed_unencoded = $coder->encode ($perl_scalar); |
23 | $pretty_printed_unencoded = $coder->encode ($perl_scalar); |
22 | $perl_scalar = $coder->decode ($unicode_json_text); |
24 | $perl_scalar = $coder->decode ($unicode_json_text); |
23 | |
25 | |
|
|
26 | # Note that JSON version 2.0 and above will automatically use JSON::XS |
|
|
27 | # if available, at virtually no speed overhead either, so you should |
|
|
28 | # be able to just: |
|
|
29 | |
|
|
30 | use JSON; |
|
|
31 | |
|
|
32 | # and do the same things, except that you have a pure-perl fallback now. |
|
|
33 | |
24 | =head1 DESCRIPTION |
34 | =head1 DESCRIPTION |
25 | |
35 | |
26 | This module converts Perl data structures to JSON and vice versa. Its |
36 | This module converts Perl data structures to JSON and vice versa. Its |
27 | primary goal is to be I<correct> and its secondary goal is to be |
37 | primary goal is to be I<correct> and its secondary goal is to be |
28 | I<fast>. To reach the latter goal it was written in C. |
38 | I<fast>. To reach the latter goal it was written in C. |
|
|
39 | |
|
|
40 | Beginning with version 2.0 of the JSON module, when both JSON and |
|
|
41 | JSON::XS are installed, then JSON will fall back on JSON::XS (this can be |
|
|
42 | overriden) with no overhead due to emulation (by inheritign constructor |
|
|
43 | and methods). If JSON::XS is not available, it will fall back to the |
|
|
44 | compatible JSON::PP module as backend, so using JSON instead of JSON::XS |
|
|
45 | gives you a portable JSON API that can be fast when you need and doesn't |
|
|
46 | require a C compiler when that is a problem. |
29 | |
47 | |
30 | As this is the n-th-something JSON module on CPAN, what was the reason |
48 | As this is the n-th-something JSON module on CPAN, what was the reason |
31 | to write yet another JSON module? While it seems there are many JSON |
49 | to write yet another JSON module? While it seems there are many JSON |
32 | modules, none of them correctly handle all corner cases, and in most cases |
50 | modules, none of them correctly handle all corner cases, and in most cases |
33 | their maintainers are unresponsive, gone missing, or not listening to bug |
51 | their maintainers are unresponsive, gone missing, or not listening to bug |
… | |
… | |
42 | |
60 | |
43 | =over 4 |
61 | =over 4 |
44 | |
62 | |
45 | =item * correct Unicode handling |
63 | =item * correct Unicode handling |
46 | |
64 | |
47 | This module knows how to handle Unicode, and even documents how and when |
65 | This module knows how to handle Unicode, documents how and when it does |
48 | it does so. |
66 | so, and even documents what "correct" means. |
49 | |
67 | |
50 | =item * round-trip integrity |
68 | =item * round-trip integrity |
51 | |
69 | |
52 | When you serialise a perl data structure using only datatypes supported |
70 | When you serialise a perl data structure using only datatypes supported |
53 | by JSON, the deserialised data structure is identical on the Perl level. |
71 | by JSON, the deserialised data structure is identical on the Perl level. |
54 | (e.g. the string "2.0" doesn't suddenly become "2" just because it looks |
72 | (e.g. the string "2.0" doesn't suddenly become "2" just because it looks |
55 | like a number). |
73 | like a number). There minor I<are> exceptions to this, read the MAPPING |
|
|
74 | section below to learn about those. |
56 | |
75 | |
57 | =item * strict checking of JSON correctness |
76 | =item * strict checking of JSON correctness |
58 | |
77 | |
59 | There is no guessing, no generating of illegal JSON texts by default, |
78 | There is no guessing, no generating of illegal JSON texts by default, |
60 | and only JSON is accepted as input by default (the latter is a security |
79 | and only JSON is accepted as input by default (the latter is a security |
61 | feature). |
80 | feature). |
62 | |
81 | |
63 | =item * fast |
82 | =item * fast |
64 | |
83 | |
65 | Compared to other JSON modules, this module compares favourably in terms |
84 | Compared to other JSON modules and other serialisers such as Storable, |
66 | of speed, too. |
85 | this module usually compares favourably in terms of speed, too. |
67 | |
86 | |
68 | =item * simple to use |
87 | =item * simple to use |
69 | |
88 | |
70 | This module has both a simple functional interface as well as an OO |
89 | This module has both a simple functional interface as well as an objetc |
71 | interface. |
90 | oriented interface interface. |
72 | |
91 | |
73 | =item * reasonably versatile output formats |
92 | =item * reasonably versatile output formats |
74 | |
93 | |
75 | You can choose between the most compact guaranteed single-line format |
94 | You can choose between the most compact guaranteed-single-line format |
76 | possible (nice for simple line-based protocols), a pure-ascii format |
95 | possible (nice for simple line-based protocols), a pure-ascii format |
77 | (for when your transport is not 8-bit clean, still supports the whole |
96 | (for when your transport is not 8-bit clean, still supports the whole |
78 | Unicode range), or a pretty-printed format (for when you want to read that |
97 | Unicode range), or a pretty-printed format (for when you want to read that |
79 | stuff). Or you can combine those features in whatever way you like. |
98 | stuff). Or you can combine those features in whatever way you like. |
80 | |
99 | |
… | |
… | |
84 | |
103 | |
85 | package JSON::XS; |
104 | package JSON::XS; |
86 | |
105 | |
87 | use strict; |
106 | use strict; |
88 | |
107 | |
89 | our $VERSION = '1.53'; |
108 | our $VERSION = '2.01'; |
90 | our @ISA = qw(Exporter); |
109 | our @ISA = qw(Exporter); |
91 | |
110 | |
92 | our @EXPORT = qw(to_json from_json); |
111 | our @EXPORT = qw(encode_json decode_json to_json from_json); |
|
|
112 | |
|
|
113 | sub to_json($) { |
|
|
114 | require Carp; |
|
|
115 | Carp::croak ("JSON::XS::to_json has been renamed to encode_json, either downgrade to pre-2.0 versions of JSON::XS or rename the call"); |
|
|
116 | } |
|
|
117 | |
|
|
118 | sub from_json($) { |
|
|
119 | require Carp; |
|
|
120 | Carp::croak ("JSON::XS::from_json has been renamed to decode_json, either downgrade to pre-2.0 versions of JSON::XS or rename the call"); |
|
|
121 | } |
93 | |
122 | |
94 | use Exporter; |
123 | use Exporter; |
95 | use XSLoader; |
124 | use XSLoader; |
96 | |
125 | |
97 | =head1 FUNCTIONAL INTERFACE |
126 | =head1 FUNCTIONAL INTERFACE |
… | |
… | |
99 | The following convenience methods are provided by this module. They are |
128 | The following convenience methods are provided by this module. They are |
100 | exported by default: |
129 | exported by default: |
101 | |
130 | |
102 | =over 4 |
131 | =over 4 |
103 | |
132 | |
104 | =item $json_text = to_json $perl_scalar |
133 | =item $json_text = encode_json $perl_scalar |
105 | |
134 | |
106 | Converts the given Perl data structure to a UTF-8 encoded, binary string |
135 | Converts the given Perl data structure to a UTF-8 encoded, binary string |
107 | (that is, the string contains octets only). Croaks on error. |
136 | (that is, the string contains octets only). Croaks on error. |
108 | |
137 | |
109 | This function call is functionally identical to: |
138 | This function call is functionally identical to: |
110 | |
139 | |
111 | $json_text = JSON::XS->new->utf8->encode ($perl_scalar) |
140 | $json_text = JSON::XS->new->utf8->encode ($perl_scalar) |
112 | |
141 | |
113 | except being faster. |
142 | except being faster. |
114 | |
143 | |
115 | =item $perl_scalar = from_json $json_text |
144 | =item $perl_scalar = decode_json $json_text |
116 | |
145 | |
117 | The opposite of C<to_json>: expects an UTF-8 (binary) string and tries |
146 | The opposite of C<encode_json>: expects an UTF-8 (binary) string and tries |
118 | to parse that as an UTF-8 encoded JSON text, returning the resulting |
147 | to parse that as an UTF-8 encoded JSON text, returning the resulting |
119 | reference. Croaks on error. |
148 | reference. Croaks on error. |
120 | |
149 | |
121 | This function call is functionally identical to: |
150 | This function call is functionally identical to: |
122 | |
151 | |
… | |
… | |
148 | This enables you to store Unicode characters as single characters in a |
177 | This enables you to store Unicode characters as single characters in a |
149 | Perl string - very natural. |
178 | Perl string - very natural. |
150 | |
179 | |
151 | =item 2. Perl does I<not> associate an encoding with your strings. |
180 | =item 2. Perl does I<not> associate an encoding with your strings. |
152 | |
181 | |
153 | Unless you force it to, e.g. when matching it against a regex, or printing |
182 | ... until you force it to, e.g. when matching it against a regex, or |
154 | the scalar to a file, in which case Perl either interprets your string as |
183 | printing the scalar to a file, in which case Perl either interprets your |
155 | locale-encoded text, octets/binary, or as Unicode, depending on various |
184 | string as locale-encoded text, octets/binary, or as Unicode, depending |
156 | settings. In no case is an encoding stored together with your data, it is |
185 | on various settings. In no case is an encoding stored together with your |
157 | I<use> that decides encoding, not any magical metadata. |
186 | data, it is I<use> that decides encoding, not any magical meta data. |
158 | |
187 | |
159 | =item 3. The internal utf-8 flag has no meaning with regards to the |
188 | =item 3. The internal utf-8 flag has no meaning with regards to the |
160 | encoding of your string. |
189 | encoding of your string. |
161 | |
190 | |
162 | Just ignore that flag unless you debug a Perl bug, a module written in |
191 | Just ignore that flag unless you debug a Perl bug, a module written in |
… | |
… | |
201 | |
230 | |
202 | my $json = JSON::XS->new->utf8->space_after->encode ({a => [1,2]}) |
231 | my $json = JSON::XS->new->utf8->space_after->encode ({a => [1,2]}) |
203 | => {"a": [1, 2]} |
232 | => {"a": [1, 2]} |
204 | |
233 | |
205 | =item $json = $json->ascii ([$enable]) |
234 | =item $json = $json->ascii ([$enable]) |
|
|
235 | |
|
|
236 | =item $enabled = $json->get_ascii |
206 | |
237 | |
207 | If C<$enable> is true (or missing), then the C<encode> method will not |
238 | If C<$enable> is true (or missing), then the C<encode> method will not |
208 | generate characters outside the code range C<0..127> (which is ASCII). Any |
239 | generate characters outside the code range C<0..127> (which is ASCII). Any |
209 | Unicode characters outside that range will be escaped using either a |
240 | Unicode characters outside that range will be escaped using either a |
210 | single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL escape sequence, |
241 | single \uXXXX (BMP characters) or a double \uHHHH\uLLLLL escape sequence, |
… | |
… | |
223 | JSON::XS->new->ascii (1)->encode ([chr 0x10401]) |
254 | JSON::XS->new->ascii (1)->encode ([chr 0x10401]) |
224 | => ["\ud801\udc01"] |
255 | => ["\ud801\udc01"] |
225 | |
256 | |
226 | =item $json = $json->latin1 ([$enable]) |
257 | =item $json = $json->latin1 ([$enable]) |
227 | |
258 | |
|
|
259 | =item $enabled = $json->get_latin1 |
|
|
260 | |
228 | If C<$enable> is true (or missing), then the C<encode> method will encode |
261 | If C<$enable> is true (or missing), then the C<encode> method will encode |
229 | the resulting JSON text as latin1 (or iso-8859-1), escaping any characters |
262 | the resulting JSON text as latin1 (or iso-8859-1), escaping any characters |
230 | outside the code range C<0..255>. The resulting string can be treated as a |
263 | outside the code range C<0..255>. The resulting string can be treated as a |
231 | latin1-encoded JSON text or a native Unicode string. The C<decode> method |
264 | latin1-encoded JSON text or a native Unicode string. The C<decode> method |
232 | will not be affected in any way by this flag, as C<decode> by default |
265 | will not be affected in any way by this flag, as C<decode> by default |
… | |
… | |
245 | |
278 | |
246 | JSON::XS->new->latin1->encode (["\x{89}\x{abc}"] |
279 | JSON::XS->new->latin1->encode (["\x{89}\x{abc}"] |
247 | => ["\x{89}\\u0abc"] # (perl syntax, U+abc escaped, U+89 not) |
280 | => ["\x{89}\\u0abc"] # (perl syntax, U+abc escaped, U+89 not) |
248 | |
281 | |
249 | =item $json = $json->utf8 ([$enable]) |
282 | =item $json = $json->utf8 ([$enable]) |
|
|
283 | |
|
|
284 | =item $enabled = $json->get_utf8 |
250 | |
285 | |
251 | If C<$enable> is true (or missing), then the C<encode> method will encode |
286 | If C<$enable> is true (or missing), then the C<encode> method will encode |
252 | the JSON result into UTF-8, as required by many protocols, while the |
287 | the JSON result into UTF-8, as required by many protocols, while the |
253 | C<decode> method expects to be handled an UTF-8-encoded string. Please |
288 | C<decode> method expects to be handled an UTF-8-encoded string. Please |
254 | note that UTF-8-encoded strings do not contain any characters outside the |
289 | note that UTF-8-encoded strings do not contain any characters outside the |
… | |
… | |
288 | ] |
323 | ] |
289 | } |
324 | } |
290 | |
325 | |
291 | =item $json = $json->indent ([$enable]) |
326 | =item $json = $json->indent ([$enable]) |
292 | |
327 | |
|
|
328 | =item $enabled = $json->get_indent |
|
|
329 | |
293 | If C<$enable> is true (or missing), then the C<encode> method will use a multiline |
330 | If C<$enable> is true (or missing), then the C<encode> method will use a multiline |
294 | format as output, putting every array member or object/hash key-value pair |
331 | format as output, putting every array member or object/hash key-value pair |
295 | into its own line, indenting them properly. |
332 | into its own line, indenting them properly. |
296 | |
333 | |
297 | If C<$enable> is false, no newlines or indenting will be produced, and the |
334 | If C<$enable> is false, no newlines or indenting will be produced, and the |
… | |
… | |
299 | |
336 | |
300 | This setting has no effect when decoding JSON texts. |
337 | This setting has no effect when decoding JSON texts. |
301 | |
338 | |
302 | =item $json = $json->space_before ([$enable]) |
339 | =item $json = $json->space_before ([$enable]) |
303 | |
340 | |
|
|
341 | =item $enabled = $json->get_space_before |
|
|
342 | |
304 | If C<$enable> is true (or missing), then the C<encode> method will add an extra |
343 | If C<$enable> is true (or missing), then the C<encode> method will add an extra |
305 | optional space before the C<:> separating keys from values in JSON objects. |
344 | optional space before the C<:> separating keys from values in JSON objects. |
306 | |
345 | |
307 | If C<$enable> is false, then the C<encode> method will not add any extra |
346 | If C<$enable> is false, then the C<encode> method will not add any extra |
308 | space at those places. |
347 | space at those places. |
… | |
… | |
313 | Example, space_before enabled, space_after and indent disabled: |
352 | Example, space_before enabled, space_after and indent disabled: |
314 | |
353 | |
315 | {"key" :"value"} |
354 | {"key" :"value"} |
316 | |
355 | |
317 | =item $json = $json->space_after ([$enable]) |
356 | =item $json = $json->space_after ([$enable]) |
|
|
357 | |
|
|
358 | =item $enabled = $json->get_space_after |
318 | |
359 | |
319 | If C<$enable> is true (or missing), then the C<encode> method will add an extra |
360 | If C<$enable> is true (or missing), then the C<encode> method will add an extra |
320 | optional space after the C<:> separating keys from values in JSON objects |
361 | optional space after the C<:> separating keys from values in JSON objects |
321 | and extra whitespace after the C<,> separating key-value pairs and array |
362 | and extra whitespace after the C<,> separating key-value pairs and array |
322 | members. |
363 | members. |
… | |
… | |
329 | Example, space_before and indent disabled, space_after enabled: |
370 | Example, space_before and indent disabled, space_after enabled: |
330 | |
371 | |
331 | {"key": "value"} |
372 | {"key": "value"} |
332 | |
373 | |
333 | =item $json = $json->relaxed ([$enable]) |
374 | =item $json = $json->relaxed ([$enable]) |
|
|
375 | |
|
|
376 | =item $enabled = $json->get_relaxed |
334 | |
377 | |
335 | If C<$enable> is true (or missing), then C<decode> will accept some |
378 | If C<$enable> is true (or missing), then C<decode> will accept some |
336 | extensions to normal JSON syntax (see below). C<encode> will not be |
379 | extensions to normal JSON syntax (see below). C<encode> will not be |
337 | affected in anyway. I<Be aware that this option makes you accept invalid |
380 | affected in anyway. I<Be aware that this option makes you accept invalid |
338 | JSON texts as if they were valid!>. I suggest only to use this option to |
381 | JSON texts as if they were valid!>. I suggest only to use this option to |
… | |
… | |
375 | |
418 | |
376 | =back |
419 | =back |
377 | |
420 | |
378 | =item $json = $json->canonical ([$enable]) |
421 | =item $json = $json->canonical ([$enable]) |
379 | |
422 | |
|
|
423 | =item $enabled = $json->get_canonical |
|
|
424 | |
380 | If C<$enable> is true (or missing), then the C<encode> method will output JSON objects |
425 | If C<$enable> is true (or missing), then the C<encode> method will output JSON objects |
381 | by sorting their keys. This is adding a comparatively high overhead. |
426 | by sorting their keys. This is adding a comparatively high overhead. |
382 | |
427 | |
383 | If C<$enable> is false, then the C<encode> method will output key-value |
428 | If C<$enable> is false, then the C<encode> method will output key-value |
384 | pairs in the order Perl stores them (which will likely change between runs |
429 | pairs in the order Perl stores them (which will likely change between runs |
… | |
… | |
391 | |
436 | |
392 | This setting has no effect when decoding JSON texts. |
437 | This setting has no effect when decoding JSON texts. |
393 | |
438 | |
394 | =item $json = $json->allow_nonref ([$enable]) |
439 | =item $json = $json->allow_nonref ([$enable]) |
395 | |
440 | |
|
|
441 | =item $enabled = $json->get_allow_nonref |
|
|
442 | |
396 | If C<$enable> is true (or missing), then the C<encode> method can convert a |
443 | If C<$enable> is true (or missing), then the C<encode> method can convert a |
397 | non-reference into its corresponding string, number or null JSON value, |
444 | non-reference into its corresponding string, number or null JSON value, |
398 | which is an extension to RFC4627. Likewise, C<decode> will accept those JSON |
445 | which is an extension to RFC4627. Likewise, C<decode> will accept those JSON |
399 | values instead of croaking. |
446 | values instead of croaking. |
400 | |
447 | |
… | |
… | |
409 | JSON::XS->new->allow_nonref->encode ("Hello, World!") |
456 | JSON::XS->new->allow_nonref->encode ("Hello, World!") |
410 | => "Hello, World!" |
457 | => "Hello, World!" |
411 | |
458 | |
412 | =item $json = $json->allow_blessed ([$enable]) |
459 | =item $json = $json->allow_blessed ([$enable]) |
413 | |
460 | |
|
|
461 | =item $enabled = $json->get_allow_blessed |
|
|
462 | |
414 | If C<$enable> is true (or missing), then the C<encode> method will not |
463 | If C<$enable> is true (or missing), then the C<encode> method will not |
415 | barf when it encounters a blessed reference. Instead, the value of the |
464 | barf when it encounters a blessed reference. Instead, the value of the |
416 | B<convert_blessed> option will decide whether C<null> (C<convert_blessed> |
465 | B<convert_blessed> option will decide whether C<null> (C<convert_blessed> |
417 | disabled or no C<to_json> method found) or a representation of the |
466 | disabled or no C<TO_JSON> method found) or a representation of the |
418 | object (C<convert_blessed> enabled and C<to_json> method found) is being |
467 | object (C<convert_blessed> enabled and C<TO_JSON> method found) is being |
419 | encoded. Has no effect on C<decode>. |
468 | encoded. Has no effect on C<decode>. |
420 | |
469 | |
421 | If C<$enable> is false (the default), then C<encode> will throw an |
470 | If C<$enable> is false (the default), then C<encode> will throw an |
422 | exception when it encounters a blessed object. |
471 | exception when it encounters a blessed object. |
423 | |
472 | |
424 | =item $json = $json->convert_blessed ([$enable]) |
473 | =item $json = $json->convert_blessed ([$enable]) |
|
|
474 | |
|
|
475 | =item $enabled = $json->get_convert_blessed |
425 | |
476 | |
426 | If C<$enable> is true (or missing), then C<encode>, upon encountering a |
477 | If C<$enable> is true (or missing), then C<encode>, upon encountering a |
427 | blessed object, will check for the availability of the C<TO_JSON> method |
478 | blessed object, will check for the availability of the C<TO_JSON> method |
428 | on the object's class. If found, it will be called in scalar context |
479 | on the object's class. If found, it will be called in scalar context |
429 | and the resulting scalar will be encoded instead of the object. If no |
480 | and the resulting scalar will be encoded instead of the object. If no |
… | |
… | |
433 | The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON> |
484 | The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON> |
434 | returns other blessed objects, those will be handled in the same |
485 | returns other blessed objects, those will be handled in the same |
435 | way. C<TO_JSON> must take care of not causing an endless recursion cycle |
486 | way. C<TO_JSON> must take care of not causing an endless recursion cycle |
436 | (== crash) in this case. The name of C<TO_JSON> was chosen because other |
487 | (== crash) in this case. The name of C<TO_JSON> was chosen because other |
437 | methods called by the Perl core (== not by the user of the object) are |
488 | methods called by the Perl core (== not by the user of the object) are |
438 | usually in upper case letters and to avoid collisions with the C<to_json> |
489 | usually in upper case letters and to avoid collisions with any C<to_json> |
439 | function. |
490 | function or method. |
440 | |
491 | |
441 | This setting does not yet influence C<decode> in any way, but in the |
492 | This setting does not yet influence C<decode> in any way, but in the |
442 | future, global hooks might get installed that influence C<decode> and are |
493 | future, global hooks might get installed that influence C<decode> and are |
443 | enabled by this setting. |
494 | enabled by this setting. |
444 | |
495 | |
… | |
… | |
520 | |
571 | |
521 | { __widget__ => $self->{id} } |
572 | { __widget__ => $self->{id} } |
522 | } |
573 | } |
523 | |
574 | |
524 | =item $json = $json->shrink ([$enable]) |
575 | =item $json = $json->shrink ([$enable]) |
|
|
576 | |
|
|
577 | =item $enabled = $json->get_shrink |
525 | |
578 | |
526 | Perl usually over-allocates memory a bit when allocating space for |
579 | Perl usually over-allocates memory a bit when allocating space for |
527 | strings. This flag optionally resizes strings generated by either |
580 | strings. This flag optionally resizes strings generated by either |
528 | C<encode> or C<decode> to their minimum size possible. This can save |
581 | C<encode> or C<decode> to their minimum size possible. This can save |
529 | memory when your JSON texts are either very very long or you have many |
582 | memory when your JSON texts are either very very long or you have many |
… | |
… | |
547 | strings that look like integers or floats into integers or floats |
600 | strings that look like integers or floats into integers or floats |
548 | internally (there is no difference on the Perl level), saving space. |
601 | internally (there is no difference on the Perl level), saving space. |
549 | |
602 | |
550 | =item $json = $json->max_depth ([$maximum_nesting_depth]) |
603 | =item $json = $json->max_depth ([$maximum_nesting_depth]) |
551 | |
604 | |
|
|
605 | =item $max_depth = $json->get_max_depth |
|
|
606 | |
552 | Sets the maximum nesting level (default C<512>) accepted while encoding |
607 | Sets the maximum nesting level (default C<512>) accepted while encoding |
553 | or decoding. If the JSON text or Perl data structure has an equal or |
608 | or decoding. If the JSON text or Perl data structure has an equal or |
554 | higher nesting level then this limit, then the encoder and decoder will |
609 | higher nesting level then this limit, then the encoder and decoder will |
555 | stop and croak at that point. |
610 | stop and croak at that point. |
556 | |
611 | |
… | |
… | |
567 | used, which is rarely useful. |
622 | used, which is rarely useful. |
568 | |
623 | |
569 | See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
624 | See SECURITY CONSIDERATIONS, below, for more info on why this is useful. |
570 | |
625 | |
571 | =item $json = $json->max_size ([$maximum_string_size]) |
626 | =item $json = $json->max_size ([$maximum_string_size]) |
|
|
627 | |
|
|
628 | =item $max_size = $json->get_max_size |
572 | |
629 | |
573 | Set the maximum length a JSON text may have (in bytes) where decoding is |
630 | Set the maximum length a JSON text may have (in bytes) where decoding is |
574 | being attempted. The default is C<0>, meaning no limit. When C<decode> |
631 | being attempted. The default is C<0>, meaning no limit. When C<decode> |
575 | is called on a string longer then this number of characters it will not |
632 | is called on a string longer then this number of characters it will not |
576 | attempt to decode the string but throw an exception. This setting has no |
633 | attempt to decode the string but throw an exception. This setting has no |
… | |
… | |
652 | |
709 | |
653 | A JSON number becomes either an integer, numeric (floating point) or |
710 | A JSON number becomes either an integer, numeric (floating point) or |
654 | string scalar in perl, depending on its range and any fractional parts. On |
711 | string scalar in perl, depending on its range and any fractional parts. On |
655 | the Perl level, there is no difference between those as Perl handles all |
712 | the Perl level, there is no difference between those as Perl handles all |
656 | the conversion details, but an integer may take slightly less memory and |
713 | the conversion details, but an integer may take slightly less memory and |
657 | might represent more values exactly than (floating point) numbers. |
714 | might represent more values exactly than floating point numbers. |
658 | |
715 | |
659 | If the number consists of digits only, JSON::XS will try to represent |
716 | If the number consists of digits only, JSON::XS will try to represent |
660 | it as an integer value. If that fails, it will try to represent it as |
717 | it as an integer value. If that fails, it will try to represent it as |
661 | a numeric (floating point) value if that is possible without loss of |
718 | a numeric (floating point) value if that is possible without loss of |
662 | precision. Otherwise it will preserve the number as a string value. |
719 | precision. Otherwise it will preserve the number as a string value (in |
|
|
720 | which case you lose roundtripping ability, as the JSON number will be |
|
|
721 | re-encoded toa JSON string). |
663 | |
722 | |
664 | Numbers containing a fractional or exponential part will always be |
723 | Numbers containing a fractional or exponential part will always be |
665 | represented as numeric (floating point) values, possibly at a loss of |
724 | represented as numeric (floating point) values, possibly at a loss of |
666 | precision. |
725 | precision (in which case you might lose perfect roundtripping ability, but |
667 | |
726 | the JSON number will still be re-encoded as a JSON number). |
668 | This might create round-tripping problems as numbers might become strings, |
|
|
669 | but as Perl is typeless there is no other way to do it. |
|
|
670 | |
727 | |
671 | =item true, false |
728 | =item true, false |
672 | |
729 | |
673 | These JSON atoms become C<JSON::XS::true> and C<JSON::XS::false>, |
730 | These JSON atoms become C<JSON::XS::true> and C<JSON::XS::false>, |
674 | respectively. They are overloaded to act almost exactly like the numbers |
731 | respectively. They are overloaded to act almost exactly like the numbers |
… | |
… | |
711 | Other unblessed references are generally not allowed and will cause an |
768 | Other unblessed references are generally not allowed and will cause an |
712 | exception to be thrown, except for references to the integers C<0> and |
769 | exception to be thrown, except for references to the integers C<0> and |
713 | C<1>, which get turned into C<false> and C<true> atoms in JSON. You can |
770 | C<1>, which get turned into C<false> and C<true> atoms in JSON. You can |
714 | also use C<JSON::XS::false> and C<JSON::XS::true> to improve readability. |
771 | also use C<JSON::XS::false> and C<JSON::XS::true> to improve readability. |
715 | |
772 | |
716 | to_json [\0,JSON::XS::true] # yields [false,true] |
773 | encode_json [\0,JSON::XS::true] # yields [false,true] |
717 | |
774 | |
718 | =item JSON::XS::true, JSON::XS::false |
775 | =item JSON::XS::true, JSON::XS::false |
719 | |
776 | |
720 | These special values become JSON true and JSON false values, |
777 | These special values become JSON true and JSON false values, |
721 | respectively. You can also use C<\1> and C<\0> directly if you want. |
778 | respectively. You can also use C<\1> and C<\0> directly if you want. |
722 | |
779 | |
723 | =item blessed objects |
780 | =item blessed objects |
724 | |
781 | |
725 | Blessed objects are not allowed. JSON::XS currently tries to encode their |
782 | Blessed objects are not directly representable in JSON. See the |
726 | underlying representation (hash- or arrayref), but this behaviour might |
783 | C<allow_blessed> and C<convert_blessed> methods on various options on |
727 | change in future versions. |
784 | how to deal with this: basically, you can choose between throwing an |
|
|
785 | exception, encoding the reference as if it weren't blessed, or provide |
|
|
786 | your own serialiser method. |
728 | |
787 | |
729 | =item simple scalars |
788 | =item simple scalars |
730 | |
789 | |
731 | Simple Perl scalars (any scalar that is not a reference) are the most |
790 | Simple Perl scalars (any scalar that is not a reference) are the most |
732 | difficult objects to encode: JSON::XS will encode undefined scalars as |
791 | difficult objects to encode: JSON::XS will encode undefined scalars as |
733 | JSON null value, scalars that have last been used in a string context |
792 | JSON C<null> values, scalars that have last been used in a string context |
734 | before encoding as JSON strings and anything else as number value: |
793 | before encoding as JSON strings, and anything else as number value: |
735 | |
794 | |
736 | # dump as number |
795 | # dump as number |
737 | to_json [2] # yields [2] |
796 | encode_json [2] # yields [2] |
738 | to_json [-3.0e17] # yields [-3e+17] |
797 | encode_json [-3.0e17] # yields [-3e+17] |
739 | my $value = 5; to_json [$value] # yields [5] |
798 | my $value = 5; encode_json [$value] # yields [5] |
740 | |
799 | |
741 | # used as string, so dump as string |
800 | # used as string, so dump as string |
742 | print $value; |
801 | print $value; |
743 | to_json [$value] # yields ["5"] |
802 | encode_json [$value] # yields ["5"] |
744 | |
803 | |
745 | # undef becomes null |
804 | # undef becomes null |
746 | to_json [undef] # yields [null] |
805 | encode_json [undef] # yields [null] |
747 | |
806 | |
748 | You can force the type to be a JSON string by stringifying it: |
807 | You can force the type to be a JSON string by stringifying it: |
749 | |
808 | |
750 | my $x = 3.1; # some variable containing a number |
809 | my $x = 3.1; # some variable containing a number |
751 | "$x"; # stringified |
810 | "$x"; # stringified |
… | |
… | |
757 | my $x = "3"; # some variable containing a string |
816 | my $x = "3"; # some variable containing a string |
758 | $x += 0; # numify it, ensuring it will be dumped as a number |
817 | $x += 0; # numify it, ensuring it will be dumped as a number |
759 | $x *= 1; # same thing, the choice is yours. |
818 | $x *= 1; # same thing, the choice is yours. |
760 | |
819 | |
761 | You can not currently force the type in other, less obscure, ways. Tell me |
820 | You can not currently force the type in other, less obscure, ways. Tell me |
762 | if you need this capability. |
821 | if you need this capability (but don't forget to explain why its needed |
|
|
822 | :). |
|
|
823 | |
|
|
824 | =back |
|
|
825 | |
|
|
826 | |
|
|
827 | =head1 ENCODING/CODESET FLAG NOTES |
|
|
828 | |
|
|
829 | The interested reader might have seen a number of flags that signify |
|
|
830 | encodings or codesets - C<utf8>, C<latin1> and C<ascii>. There seems to be |
|
|
831 | some confusion on what these do, so here is a short comparison: |
|
|
832 | |
|
|
833 | C<utf8> controls wether the JSON text created by C<encode> (and expected |
|
|
834 | by C<decode>) is UTF-8 encoded or not, while C<latin1> and C<ascii> only |
|
|
835 | control wether C<encode> escapes character values outside their respective |
|
|
836 | codeset range. Neither of these flags conflict with each other, although |
|
|
837 | some combinations make less sense than others. |
|
|
838 | |
|
|
839 | Care has been taken to make all flags symmetrical with respect to |
|
|
840 | C<encode> and C<decode>, that is, texts encoded with any combination of |
|
|
841 | these flag values will be correctly decoded when the same flags are used |
|
|
842 | - in general, if you use different flag settings while encoding vs. when |
|
|
843 | decoding you likely have a bug somewhere. |
|
|
844 | |
|
|
845 | Below comes a verbose discussion of these flags. Note that a "codeset" is |
|
|
846 | simply an abstract set of character-codepoint pairs, while an encoding |
|
|
847 | takes those codepoint numbers and I<encodes> them, in our case into |
|
|
848 | octets. Unicode is (among other things) a codeset, UTF-8 is an encoding, |
|
|
849 | and ISO-8859-1 (= latin 1) and ASCII are both codesets I<and> encodings at |
|
|
850 | the same time, which can be confusing. |
|
|
851 | |
|
|
852 | =over 4 |
|
|
853 | |
|
|
854 | =item C<utf8> flag disabled |
|
|
855 | |
|
|
856 | When C<utf8> is disabled (the default), then C<encode>/C<decode> generate |
|
|
857 | and expect Unicode strings, that is, characters with high ordinal Unicode |
|
|
858 | values (> 255) will be encoded as such characters, and likewise such |
|
|
859 | characters are decoded as-is, no canges to them will be done, except |
|
|
860 | "(re-)interpreting" them as Unicode codepoints or Unicode characters, |
|
|
861 | respectively (to Perl, these are the same thing in strings unless you do |
|
|
862 | funny/weird/dumb stuff). |
|
|
863 | |
|
|
864 | This is useful when you want to do the encoding yourself (e.g. when you |
|
|
865 | want to have UTF-16 encoded JSON texts) or when some other layer does |
|
|
866 | the encoding for you (for example, when printing to a terminal using a |
|
|
867 | filehandle that transparently encodes to UTF-8 you certainly do NOT want |
|
|
868 | to UTF-8 encode your data first and have Perl encode it another time). |
|
|
869 | |
|
|
870 | =item C<utf8> flag enabled |
|
|
871 | |
|
|
872 | If the C<utf8>-flag is enabled, C<encode>/C<decode> will encode all |
|
|
873 | characters using the corresponding UTF-8 multi-byte sequence, and will |
|
|
874 | expect your input strings to be encoded as UTF-8, that is, no "character" |
|
|
875 | of the input string must have any value > 255, as UTF-8 does not allow |
|
|
876 | that. |
|
|
877 | |
|
|
878 | The C<utf8> flag therefore switches between two modes: disabled means you |
|
|
879 | will get a Unicode string in Perl, enabled means you get an UTF-8 encoded |
|
|
880 | octet/binary string in Perl. |
|
|
881 | |
|
|
882 | =item C<latin1> or C<ascii> flags enabled |
|
|
883 | |
|
|
884 | With C<latin1> (or C<ascii>) enabled, C<encode> will escape characters |
|
|
885 | with ordinal values > 255 (> 127 with C<ascii>) and encode the remaining |
|
|
886 | characters as specified by the C<utf8> flag. |
|
|
887 | |
|
|
888 | If C<utf8> is disabled, then the result is also correctly encoded in those |
|
|
889 | character sets (as both are proper subsets of Unicode, meaning that a |
|
|
890 | Unicode string with all character values < 256 is the same thing as a |
|
|
891 | ISO-8859-1 string, and a Unicode string with all character values < 128 is |
|
|
892 | the same thing as an ASCII string in Perl). |
|
|
893 | |
|
|
894 | If C<utf8> is enabled, you still get a correct UTF-8-encoded string, |
|
|
895 | regardless of these flags, just some more characters will be escaped using |
|
|
896 | C<\uXXXX> then before. |
|
|
897 | |
|
|
898 | Note that ISO-8859-1-I<encoded> strings are not compatible with UTF-8 |
|
|
899 | encoding, while ASCII-encoded strings are. That is because the ISO-8859-1 |
|
|
900 | encoding is NOT a subset of UTF-8 (despite the ISO-8859-1 I<codeset> being |
|
|
901 | a subset of Unicode), while ASCII is. |
|
|
902 | |
|
|
903 | Surprisingly, C<decode> will ignore these flags and so treat all input |
|
|
904 | values as governed by the C<utf8> flag. If it is disabled, this allows you |
|
|
905 | to decode ISO-8859-1- and ASCII-encoded strings, as both strict subsets of |
|
|
906 | Unicode. If it is enabled, you can correctly decode UTF-8 encoded strings. |
|
|
907 | |
|
|
908 | So neither C<latin1> nor C<ascii> are incompatible with the C<utf8> flag - |
|
|
909 | they only govern when the JSON output engine escapes a character or not. |
|
|
910 | |
|
|
911 | The main use for C<latin1> is to relatively efficiently store binary data |
|
|
912 | as JSON, at the expense of breaking compatibility with most JSON decoders. |
|
|
913 | |
|
|
914 | The main use for C<ascii> is to force the output to not contain characters |
|
|
915 | with values > 127, which means you can interpret the resulting string |
|
|
916 | as UTF-8, ISO-8859-1, ASCII, KOI8-R or most about any character set and |
|
|
917 | 8-bit-encoding, and still get the same data structure back. This is useful |
|
|
918 | when your channel for JSON transfer is not 8-bit clean or the encoding |
|
|
919 | might be mangled in between (e.g. in mail), and works because ASCII is a |
|
|
920 | proper subset of most 8-bit and multibyte encodings in use in the world. |
763 | |
921 | |
764 | =back |
922 | =back |
765 | |
923 | |
766 | |
924 | |
767 | =head1 COMPARISON |
925 | =head1 COMPARISON |
… | |
… | |
771 | problems (or pleasures) I encountered with various existing JSON modules, |
929 | problems (or pleasures) I encountered with various existing JSON modules, |
772 | followed by some benchmark values. JSON::XS was designed not to suffer |
930 | followed by some benchmark values. JSON::XS was designed not to suffer |
773 | from any of these problems or limitations. |
931 | from any of these problems or limitations. |
774 | |
932 | |
775 | =over 4 |
933 | =over 4 |
|
|
934 | |
|
|
935 | =item JSON 2.xx |
|
|
936 | |
|
|
937 | A marvellous piece of engineering, this module either uses JSON::XS |
|
|
938 | directly when available (so will be 100% compatible with it, including |
|
|
939 | speed), or it uses JSON::PP, which is basically JSON::XS translated to |
|
|
940 | Pure Perl, which should be 100% compatible with JSON::XS, just a bit |
|
|
941 | slower. |
|
|
942 | |
|
|
943 | You cannot really lose by using this module, especially as it tries very |
|
|
944 | hard to work even with ancient Perl versions, while JSON::XS does not. |
776 | |
945 | |
777 | =item JSON 1.07 |
946 | =item JSON 1.07 |
778 | |
947 | |
779 | Slow (but very portable, as it is written in pure Perl). |
948 | Slow (but very portable, as it is written in pure Perl). |
780 | |
949 | |
… | |
… | |
851 | =back |
1020 | =back |
852 | |
1021 | |
853 | |
1022 | |
854 | =head2 JSON and YAML |
1023 | =head2 JSON and YAML |
855 | |
1024 | |
856 | You often hear that JSON is a subset (or a close subset) of YAML. This is, |
1025 | You often hear that JSON is a subset of YAML. This is, however, a mass |
857 | however, a mass hysteria and very far from the truth. In general, there is |
1026 | hysteria(*) and very far from the truth. In general, there is no way to |
858 | no way to configure JSON::XS to output a data structure as valid YAML. |
1027 | configure JSON::XS to output a data structure as valid YAML that works for |
|
|
1028 | all cases. |
859 | |
1029 | |
860 | If you really must use JSON::XS to generate YAML, you should use this |
1030 | If you really must use JSON::XS to generate YAML, you should use this |
861 | algorithm (subject to change in future versions): |
1031 | algorithm (subject to change in future versions): |
862 | |
1032 | |
863 | my $to_yaml = JSON::XS->new->utf8->space_after (1); |
1033 | my $to_yaml = JSON::XS->new->utf8->space_after (1); |
864 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
1034 | my $yaml = $to_yaml->encode ($ref) . "\n"; |
865 | |
1035 | |
866 | This will usually generate JSON texts that also parse as valid |
1036 | This will I<usually> generate JSON texts that also parse as valid |
867 | YAML. Please note that YAML has hardcoded limits on (simple) object key |
1037 | YAML. Please note that YAML has hardcoded limits on (simple) object key |
868 | lengths that JSON doesn't have, so you should make sure that your hash |
1038 | lengths that JSON doesn't have and also has different and incompatible |
|
|
1039 | unicode handling, so you should make sure that your hash keys are |
869 | keys are noticeably shorter than the 1024 characters YAML allows. |
1040 | noticeably shorter than the 1024 "stream characters" YAML allows and that |
|
|
1041 | you do not have codepoints with values outside the Unicode BMP (basic |
|
|
1042 | multilingual page). YAML also does not allow C<\/> sequences in strings |
|
|
1043 | (which JSON::XS does not I<currently> generate). |
870 | |
1044 | |
871 | There might be other incompatibilities that I am not aware of. In general |
1045 | There might be other incompatibilities that I am not aware of (or the YAML |
|
|
1046 | specification has been changed yet again - it does so quite often). In |
872 | you should not try to generate YAML with a JSON generator or vice versa, |
1047 | general you should not try to generate YAML with a JSON generator or vice |
873 | or try to parse JSON with a YAML parser or vice versa: chances are high |
1048 | versa, or try to parse JSON with a YAML parser or vice versa: chances are |
874 | that you will run into severe interoperability problems. |
1049 | high that you will run into severe interoperability problems when you |
|
|
1050 | least expect it. |
|
|
1051 | |
|
|
1052 | =over 4 |
|
|
1053 | |
|
|
1054 | =item (*) |
|
|
1055 | |
|
|
1056 | This is spread actively by the YAML team, however. For many years now they |
|
|
1057 | claim YAML were a superset of JSON, even when proven otherwise. |
|
|
1058 | |
|
|
1059 | Even the author of this manpage was at some point accused of providing |
|
|
1060 | "incorrect" information, despite the evidence presented (claims ranged |
|
|
1061 | from "your documentation contains inaccurate and negative statements about |
|
|
1062 | YAML" (the only negative comment is this footnote, and it didn't exist |
|
|
1063 | back then; the question on which claims were inaccurate was never answered |
|
|
1064 | etc.) to "the YAML spec is not up-to-date" (the *real* and supposedly |
|
|
1065 | JSON-compatible spec is apparently not currently publicly available) |
|
|
1066 | to actual requests to replace this section by *incorrect* information, |
|
|
1067 | suppressing information about the real problem). |
|
|
1068 | |
|
|
1069 | So whenever you are told that YAML was a superset of JSON, first check |
|
|
1070 | wether it is really true (it might be when you check it, but it certainly |
|
|
1071 | was not true when this was written). I would much prefer if the YAML team |
|
|
1072 | would spent their time on actually making JSON compatibility a truth |
|
|
1073 | (JSON, after all, has a very small and simple specification) instead of |
|
|
1074 | trying to lobby/force people into reporting untruths. |
|
|
1075 | |
|
|
1076 | =back |
875 | |
1077 | |
876 | |
1078 | |
877 | =head2 SPEED |
1079 | =head2 SPEED |
878 | |
1080 | |
879 | It seems that JSON::XS is surprisingly fast, as shown in the following |
1081 | It seems that JSON::XS is surprisingly fast, as shown in the following |
… | |
… | |
892 | with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables |
1094 | with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables |
893 | shrink). Higher is better: |
1095 | shrink). Higher is better: |
894 | |
1096 | |
895 | module | encode | decode | |
1097 | module | encode | decode | |
896 | -----------|------------|------------| |
1098 | -----------|------------|------------| |
897 | JSON | 4990.842 | 4088.813 | |
1099 | JSON 1.x | 4990.842 | 4088.813 | |
898 | JSON::DWIW | 51653.990 | 71575.154 | |
1100 | JSON::DWIW | 51653.990 | 71575.154 | |
899 | JSON::PC | 65948.176 | 74631.744 | |
1101 | JSON::PC | 65948.176 | 74631.744 | |
900 | JSON::PP | 8931.652 | 3817.168 | |
1102 | JSON::PP | 8931.652 | 3817.168 | |
901 | JSON::Syck | 24877.248 | 27776.848 | |
1103 | JSON::Syck | 24877.248 | 27776.848 | |
902 | JSON::XS | 388361.481 | 227951.304 | |
1104 | JSON::XS | 388361.481 | 227951.304 | |
… | |
… | |
913 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
1115 | Using a longer test string (roughly 18KB, generated from Yahoo! Locals |
914 | search API (http://nanoref.com/yahooapis/mgPdGg): |
1116 | search API (http://nanoref.com/yahooapis/mgPdGg): |
915 | |
1117 | |
916 | module | encode | decode | |
1118 | module | encode | decode | |
917 | -----------|------------|------------| |
1119 | -----------|------------|------------| |
918 | JSON | 55.260 | 34.971 | |
1120 | JSON 1.x | 55.260 | 34.971 | |
919 | JSON::DWIW | 825.228 | 1082.513 | |
1121 | JSON::DWIW | 825.228 | 1082.513 | |
920 | JSON::PC | 3571.444 | 2394.829 | |
1122 | JSON::PC | 3571.444 | 2394.829 | |
921 | JSON::PP | 210.987 | 32.574 | |
1123 | JSON::PP | 210.987 | 32.574 | |
922 | JSON::Syck | 552.551 | 787.544 | |
1124 | JSON::Syck | 552.551 | 787.544 | |
923 | JSON::XS | 5780.463 | 4854.519 | |
1125 | JSON::XS | 5780.463 | 4854.519 | |
… | |
… | |
956 | |
1158 | |
957 | Third, JSON::XS recurses using the C stack when decoding objects and |
1159 | Third, JSON::XS recurses using the C stack when decoding objects and |
958 | arrays. The C stack is a limited resource: for instance, on my amd64 |
1160 | arrays. The C stack is a limited resource: for instance, on my amd64 |
959 | machine with 8MB of stack size I can decode around 180k nested arrays but |
1161 | machine with 8MB of stack size I can decode around 180k nested arrays but |
960 | only 14k nested JSON objects (due to perl itself recursing deeply on croak |
1162 | only 14k nested JSON objects (due to perl itself recursing deeply on croak |
961 | to free the temporary). If that is exceeded, the program crashes. to be |
1163 | to free the temporary). If that is exceeded, the program crashes. To be |
962 | conservative, the default nesting limit is set to 512. If your process |
1164 | conservative, the default nesting limit is set to 512. If your process |
963 | has a smaller stack, you should adjust this setting accordingly with the |
1165 | has a smaller stack, you should adjust this setting accordingly with the |
964 | C<max_depth> method. |
1166 | C<max_depth> method. |
965 | |
1167 | |
966 | And last but least, something else could bomb you that I forgot to think |
1168 | Something else could bomb you, too, that I forgot to think of. In that |
967 | of. In that case, you get to keep the pieces. I am always open for hints, |
1169 | case, you get to keep the pieces. I am always open for hints, though... |
968 | though... |
1170 | |
|
|
1171 | Also keep in mind that JSON::XS might leak contents of your Perl data |
|
|
1172 | structures in its error messages, so when you serialise sensitive |
|
|
1173 | information you might want to make sure that exceptions thrown by JSON::XS |
|
|
1174 | will not end up in front of untrusted eyes. |
969 | |
1175 | |
970 | If you are using JSON::XS to return packets to consumption |
1176 | If you are using JSON::XS to return packets to consumption |
971 | by JavaScript scripts in a browser you should have a look at |
1177 | by JavaScript scripts in a browser you should have a look at |
972 | L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
1178 | L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
973 | you are vulnerable to some common attack vectors (which really are browser |
1179 | you are vulnerable to some common attack vectors (which really are browser |
974 | design bugs, but it is still you who will have to deal with it, as major |
1180 | design bugs, but it is still you who will have to deal with it, as major |
975 | browser developers care only for features, not about doing security |
1181 | browser developers care only for features, not about getting security |
976 | right). |
1182 | right). |
977 | |
1183 | |
978 | |
1184 | |
979 | =head1 THREADS |
1185 | =head1 THREADS |
980 | |
1186 | |