--- JSON-XS/XS.pm 2013/10/29 00:06:40 1.145 +++ JSON-XS/XS.pm 2014/03/02 22:09:38 1.154 @@ -103,7 +103,7 @@ use common::sense; -our $VERSION = '3.0'; +our $VERSION = 3.01; our @ISA = qw(Exporter); our @EXPORT = qw(encode_json decode_json); @@ -469,26 +469,28 @@ =item $enabled = $json->get_allow_blessed +See L for details. + If C<$enable> is true (or missing), then the C method will not -barf when it encounters a blessed reference. Instead, the value of the -B option will decide whether C (C -disabled or no C method found) or a representation of the -object (C enabled and C method found) is being -encoded. Has no effect on C. +barf when it encounters a blessed reference that it cannot convert +otherwise. Instead, a JSON C value is encoded instead of the object. If C<$enable> is false (the default), then C will throw an -exception when it encounters a blessed object. +exception when it encounters a blessed object that it cannot convert +otherwise. + +This setting has no effect on C. =item $json = $json->convert_blessed ([$enable]) =item $enabled = $json->get_convert_blessed +See L for details. + If C<$enable> is true (or missing), then C, upon encountering a blessed object, will check for the availability of the C method -on the object's class. If found, it will be called in scalar context -and the resulting scalar will be encoded instead of the object. If no -C method is found, the value of C will decide what -to do. +on the object's class. If found, it will be called in scalar context and +the resulting scalar will be encoded instead of the object. The C method may safely call die if it wants. If C returns other blessed objects, those will be handled in the same @@ -498,12 +500,28 @@ usually in upper case letters and to avoid collisions with any C function or method. -This setting does not yet influence C in any way, but in the -future, global hooks might get installed that influence C and are -enabled by this setting. +If C<$enable> is false (the default), then C will not consider +this type of conversion. + +This setting has no effect on C. + +=item $json = $json->allow_tags ([$enable]) -If C<$enable> is false, then the C setting will decide what -to do when a blessed object is found. +=item $enabled = $json->allow_tags + +See L for details. + +If C<$enable> is true (or missing), then C, upon encountering a +blessed object, will check for the availability of the C method on +the object's class. If found, it will be used to serialise the object into +a nonstandard tagged JSON value (that JSON decoders cannot decode). + +It also causes C to parse such tagged JSON values and deserialise +them via a call to the C method. + +If C<$enable> is false (the default), then C will not consider +this type of conversion, and tagged JSON values will cause a parse error +in C, as if tags were not part of the grammar. =item $json = $json->filter_json_object ([$coderef->($hashref)]) @@ -1001,7 +1019,7 @@ I must be a perl package/class name encoded as a JSON string, and the I must be a JSON array encoding optional constructor arguments. -See "OBJECT SERIALISATION", below, for details. +See L, below, for details. =back @@ -1050,7 +1068,7 @@ =item blessed objects Blessed objects are not directly representable in JSON, but C -allows various ways of handling objects. See "OBJECT SERIALISATION", +allows various ways of handling objects. See L, below, for details. =item simple scalars @@ -1113,7 +1131,7 @@ =over 4 -=item 1. C is enabled and object has a C method. +=item 1. C is enabled and the object has a C method. In this case, C uses the L object serialisation protocol to create a tagged JSON value, using a nonstandard @@ -1129,6 +1147,12 @@ ("classname")[FREEZE return values...] +e.g.: + + ("URI")["http://www.google.com/"] + ("MyDate")[2013,10,29] + ("ImageData::JPEG")["Z3...VlCg=="] + For example, the hypothetical C C method might use the objects C and C members to encode the object: @@ -1138,7 +1162,7 @@ ($self->{type}, $self->{id}) } -=item 2. C is enabled and object has a C method. +=item 2. C is enabled and the object has a C method. In this case, the C method of the object is invoked in scalar context. It must return a single scalar that can be directly encoded into @@ -1178,8 +1202,9 @@ error will result (as if tagged values were not part of the grammar). If C is enabled, C will look up the C method -of the package/classname used during serialisation. If there is no such -method, the decoding will fail with an error. +of the package/classname used during serialisation (it will not attempt +to load the package as a Perl module). If there is no such method, the +decoding will fail with an error. Otherwise, the C method is invoked with the classname as first argument, the constant string C as second argument, and all the @@ -1538,6 +1563,83 @@ such as L and L. +=head1 INTEROPERABILITY WITH OTHER JSON DECODERS + +As long as you only serialise data that can be directly expressed in JSON, +C is incapable of generating invalid JSON output (modulo bugs, +but C has found more bugs in the official JSON testsuite (1) +than the official JSON testsuite has found in C (0)). + +When you have trouble decoding JSON generated by this module using other +decoders, then it is very likely that you have an encoding mismatch or the +other decoder is broken. + +When decoding, C is strict by default and will likely catch all +errors. There are currently two settings that change this: C +makes C accept (but not generate) some non-standard extensions, +and C will allow you to encode and decode Perl objects, at the +cost of not outputting valid JSON anymore. + +=head2 TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS + +When you use C to use the extended (and also nonstandard and +invalid) JSON syntax for serialised objects, and you still want to decode +the generated When you want to serialise objects, you can run a regex +to replace the tagged syntax by standard JSON arrays (it only works for +"normal" packagesnames without comma, newlines or single colons). First, +the readable Perl version: + + # if your FREEZE methods return no values, you need this replace first: + $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx; + + # this works for non-empty constructor arg lists: + $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx; + +And here is a less readable version that is easy to adapt to other +languages: + + $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g; + +Here is an ECMAScript version (same regex): + + json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,"); + +Since this syntax converts to standard JSON arrays, it might be hard to +distinguish serialised objects from normal arrays. You can prepend a +"magic number" as first array element to reduce chances of a collision: + + $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g; + +And after decoding the JSON text, you could walk the data +structure looking for arrays with a first element of +C. + +The same approach can be used to create the tagged format with another +encoder. First, you create an array with the magic string as first member, +the classname as second, and constructor arguments last, encode it as part +of your JSON structure, and then: + + $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g; + +Again, this has some limitations - the magic string must not be encoded +with character escapes, and the constructor arguments must be non-empty. + + +=head1 RFC7158 + +Since this module was written, Google has written a new JSON RFC, RFC +7158. Unfortunately, this RFC breaks compatibility with both the original +JSON specification on www.json.org and RFC4627. + +As far as I can see, you can get partial compatibility when parsing by +using C<< ->allow_nonref >>. However, consider thew security implications +of doing so. + +I haven't decided yet whether to break compatibility with RFC4627 by +default (and potentially leave applications insecure), or change the +default to follow RFC7158. + + =head1 THREADS This module is I guaranteed to be thread safe and there are no