ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/JSON-XS/XS.pm
(Generate patch)

Comparing JSON-XS/XS.pm (file contents):
Revision 1.110 by root, Sun Jul 20 17:55:19 2008 UTC vs.
Revision 1.167 by root, Tue Aug 28 16:16:17 2018 UTC

40Beginning with version 2.0 of the JSON module, when both JSON and 40Beginning with version 2.0 of the JSON module, when both JSON and
41JSON::XS are installed, then JSON will fall back on JSON::XS (this can be 41JSON::XS are installed, then JSON will fall back on JSON::XS (this can be
42overridden) with no overhead due to emulation (by inheriting constructor 42overridden) with no overhead due to emulation (by inheriting constructor
43and methods). If JSON::XS is not available, it will fall back to the 43and methods). If JSON::XS is not available, it will fall back to the
44compatible JSON::PP module as backend, so using JSON instead of JSON::XS 44compatible JSON::PP module as backend, so using JSON instead of JSON::XS
45gives you a portable JSON API that can be fast when you need and doesn't 45gives you a portable JSON API that can be fast when you need it and
46require a C compiler when that is a problem. 46doesn't require a C compiler when that is a problem.
47 47
48As this is the n-th-something JSON module on CPAN, what was the reason 48As this is the n-th-something JSON module on CPAN, what was the reason
49to write yet another JSON module? While it seems there are many JSON 49to write yet another JSON module? While it seems there are many JSON
50modules, none of them correctly handle all corner cases, and in most cases 50modules, none of them correctly handle all corner cases, and in most cases
51their maintainers are unresponsive, gone missing, or not listening to bug 51their maintainers are unresponsive, gone missing, or not listening to bug
52reports for other reasons. 52reports for other reasons.
53 53
54See COMPARISON, below, for a comparison to some other JSON modules.
55
56See MAPPING, below, on how JSON::XS maps perl values to JSON values and 54See MAPPING, below, on how JSON::XS maps perl values to JSON values and
57vice versa. 55vice versa.
58 56
59=head2 FEATURES 57=head2 FEATURES
60 58
66so, and even documents what "correct" means. 64so, and even documents what "correct" means.
67 65
68=item * round-trip integrity 66=item * round-trip integrity
69 67
70When you serialise a perl data structure using only data types supported 68When you serialise a perl data structure using only data types supported
71by JSON, the deserialised data structure is identical on the Perl level. 69by JSON and Perl, the deserialised data structure is identical on the Perl
72(e.g. the string "2.0" doesn't suddenly become "2" just because it looks 70level. (e.g. the string "2.0" doesn't suddenly become "2" just because
73like a number). There minor I<are> exceptions to this, read the MAPPING 71it looks like a number). There I<are> minor exceptions to this, read the
74section below to learn about those. 72MAPPING section below to learn about those.
75 73
76=item * strict checking of JSON correctness 74=item * strict checking of JSON correctness
77 75
78There is no guessing, no generating of illegal JSON texts by default, 76There is no guessing, no generating of illegal JSON texts by default,
79and only JSON is accepted as input by default (the latter is a security 77and only JSON is accepted as input by default (the latter is a security
85this module usually compares favourably in terms of speed, too. 83this module usually compares favourably in terms of speed, too.
86 84
87=item * simple to use 85=item * simple to use
88 86
89This module has both a simple functional interface as well as an object 87This module has both a simple functional interface as well as an object
90oriented interface interface. 88oriented interface.
91 89
92=item * reasonably versatile output formats 90=item * reasonably versatile output formats
93 91
94You can choose between the most compact guaranteed-single-line format 92You can choose between the most compact guaranteed-single-line format
95possible (nice for simple line-based protocols), a pure-ASCII format 93possible (nice for simple line-based protocols), a pure-ASCII format
101 99
102=cut 100=cut
103 101
104package JSON::XS; 102package JSON::XS;
105 103
106no warnings; 104use common::sense;
107use strict;
108 105
109our $VERSION = '2.2222'; 106our $VERSION = 3.04;
110our @ISA = qw(Exporter); 107our @ISA = qw(Exporter);
111 108
112our @EXPORT = qw(encode_json decode_json to_json from_json); 109our @EXPORT = qw(encode_json decode_json);
113
114sub to_json($) {
115 require Carp;
116 Carp::croak ("JSON::XS::to_json has been renamed to encode_json, either downgrade to pre-2.0 versions of JSON::XS or rename the call");
117}
118
119sub from_json($) {
120 require Carp;
121 Carp::croak ("JSON::XS::from_json has been renamed to decode_json, either downgrade to pre-2.0 versions of JSON::XS or rename the call");
122}
123 110
124use Exporter; 111use Exporter;
125use XSLoader; 112use XSLoader;
126 113
114use Types::Serialiser ();
115
127=head1 FUNCTIONAL INTERFACE 116=head1 FUNCTIONAL INTERFACE
128 117
129The following convenience methods are provided by this module. They are 118The following convenience methods are provided by this module. They are
130exported by default: 119exported by default:
131 120
142 131
143Except being faster. 132Except being faster.
144 133
145=item $perl_scalar = decode_json $json_text 134=item $perl_scalar = decode_json $json_text
146 135
147The opposite of C<encode_json>: expects an UTF-8 (binary) string and tries 136The opposite of C<encode_json>: expects a UTF-8 (binary) string and tries
148to parse that as an UTF-8 encoded JSON text, returning the resulting 137to parse that as a UTF-8 encoded JSON text, returning the resulting
149reference. Croaks on error. 138reference. Croaks on error.
150 139
151This function call is functionally identical to: 140This function call is functionally identical to:
152 141
153 $perl_scalar = JSON::XS->new->utf8->decode ($json_text) 142 $perl_scalar = JSON::XS->new->utf8->decode ($json_text)
154 143
155Except being faster. 144Except being faster.
156
157=item $is_boolean = JSON::XS::is_bool $scalar
158
159Returns true if the passed scalar represents either JSON::XS::true or
160JSON::XS::false, two constants that act like C<1> and C<0>, respectively
161and are used to represent JSON C<true> and C<false> values in Perl.
162
163See MAPPING, below, for more information on how JSON values are mapped to
164Perl.
165 145
166=back 146=back
167 147
168 148
169=head1 A FEW NOTES ON UNICODE AND PERL 149=head1 A FEW NOTES ON UNICODE AND PERL
290 270
291=item $enabled = $json->get_utf8 271=item $enabled = $json->get_utf8
292 272
293If C<$enable> is true (or missing), then the C<encode> method will encode 273If C<$enable> is true (or missing), then the C<encode> method will encode
294the JSON result into UTF-8, as required by many protocols, while the 274the JSON result into UTF-8, as required by many protocols, while the
295C<decode> method expects to be handled an UTF-8-encoded string. Please 275C<decode> method expects to be handed a UTF-8-encoded string. Please
296note that UTF-8-encoded strings do not contain any characters outside the 276note that UTF-8-encoded strings do not contain any characters outside the
297range C<0..255>, they are thus useful for bytewise/binary I/O. In future 277range C<0..255>, they are thus useful for bytewise/binary I/O. In future
298versions, enabling this option might enable autodetection of the UTF-16 278versions, enabling this option might enable autodetection of the UTF-16
299and UTF-32 encoding families, as described in RFC4627. 279and UTF-32 encoding families, as described in RFC4627.
300 280
385 365
386=item $enabled = $json->get_relaxed 366=item $enabled = $json->get_relaxed
387 367
388If C<$enable> is true (or missing), then C<decode> will accept some 368If C<$enable> is true (or missing), then C<decode> will accept some
389extensions to normal JSON syntax (see below). C<encode> will not be 369extensions to normal JSON syntax (see below). C<encode> will not be
390affected in anyway. I<Be aware that this option makes you accept invalid 370affected in any way. I<Be aware that this option makes you accept invalid
391JSON texts as if they were valid!>. I suggest only to use this option to 371JSON texts as if they were valid!>. I suggest only to use this option to
392parse application-specific files written by humans (configuration files, 372parse application-specific files written by humans (configuration files,
393resource files etc.) 373resource files etc.)
394 374
395If C<$enable> is false (the default), then C<decode> will only accept 375If C<$enable> is false (the default), then C<decode> will only accept
424 [ 404 [
425 1, # this comment not allowed in JSON 405 1, # this comment not allowed in JSON
426 # neither this one... 406 # neither this one...
427 ] 407 ]
428 408
409=item * literal ASCII TAB characters in strings
410
411Literal ASCII TAB characters are now allowed in strings (and treated as
412C<\t>).
413
414 [
415 "Hello\tWorld",
416 "Hello<TAB>World", # literal <TAB> would not normally be allowed
417 ]
418
429=back 419=back
430 420
431=item $json = $json->canonical ([$enable]) 421=item $json = $json->canonical ([$enable])
432 422
433=item $enabled = $json->get_canonical 423=item $enabled = $json->get_canonical
435If C<$enable> is true (or missing), then the C<encode> method will output JSON objects 425If C<$enable> is true (or missing), then the C<encode> method will output JSON objects
436by sorting their keys. This is adding a comparatively high overhead. 426by sorting their keys. This is adding a comparatively high overhead.
437 427
438If C<$enable> is false, then the C<encode> method will output key-value 428If C<$enable> is false, then the C<encode> method will output key-value
439pairs in the order Perl stores them (which will likely change between runs 429pairs in the order Perl stores them (which will likely change between runs
440of the same script). 430of the same script, and can change even within the same run from 5.18
431onwards).
441 432
442This option is useful if you want the same data structure to be encoded as 433This option is useful if you want the same data structure to be encoded as
443the same JSON text (given the same overall settings). If it is disabled, 434the same JSON text (given the same overall settings). If it is disabled,
444the same hash might be encoded differently even if contains the same data, 435the same hash might be encoded differently even if contains the same data,
445as key-value pairs have no inherent ordering in Perl. 436as key-value pairs have no inherent ordering in Perl.
446 437
447This setting has no effect when decoding JSON texts. 438This setting has no effect when decoding JSON texts.
439
440This setting has currently no effect on tied hashes.
448 441
449=item $json = $json->allow_nonref ([$enable]) 442=item $json = $json->allow_nonref ([$enable])
450 443
451=item $enabled = $json->get_allow_nonref 444=item $enabled = $json->get_allow_nonref
452 445
484 477
485=item $json = $json->allow_blessed ([$enable]) 478=item $json = $json->allow_blessed ([$enable])
486 479
487=item $enabled = $json->get_allow_blessed 480=item $enabled = $json->get_allow_blessed
488 481
482See L<OBJECT SERIALISATION> for details.
483
489If C<$enable> is true (or missing), then the C<encode> method will not 484If C<$enable> is true (or missing), then the C<encode> method will not
490barf when it encounters a blessed reference. Instead, the value of the 485barf when it encounters a blessed reference that it cannot convert
491B<convert_blessed> option will decide whether C<null> (C<convert_blessed> 486otherwise. Instead, a JSON C<null> value is encoded instead of the object.
492disabled or no C<TO_JSON> method found) or a representation of the
493object (C<convert_blessed> enabled and C<TO_JSON> method found) is being
494encoded. Has no effect on C<decode>.
495 487
496If C<$enable> is false (the default), then C<encode> will throw an 488If C<$enable> is false (the default), then C<encode> will throw an
497exception when it encounters a blessed object. 489exception when it encounters a blessed object that it cannot convert
490otherwise.
491
492This setting has no effect on C<decode>.
498 493
499=item $json = $json->convert_blessed ([$enable]) 494=item $json = $json->convert_blessed ([$enable])
500 495
501=item $enabled = $json->get_convert_blessed 496=item $enabled = $json->get_convert_blessed
497
498See L<OBJECT SERIALISATION> for details.
502 499
503If C<$enable> is true (or missing), then C<encode>, upon encountering a 500If C<$enable> is true (or missing), then C<encode>, upon encountering a
504blessed object, will check for the availability of the C<TO_JSON> method 501blessed object, will check for the availability of the C<TO_JSON> method
505on the object's class. If found, it will be called in scalar context 502on the object's class. If found, it will be called in scalar context and
506and the resulting scalar will be encoded instead of the object. If no 503the resulting scalar will be encoded instead of the object.
507C<TO_JSON> method is found, the value of C<allow_blessed> will decide what
508to do.
509 504
510The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON> 505The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON>
511returns other blessed objects, those will be handled in the same 506returns other blessed objects, those will be handled in the same
512way. C<TO_JSON> must take care of not causing an endless recursion cycle 507way. C<TO_JSON> must take care of not causing an endless recursion cycle
513(== crash) in this case. The name of C<TO_JSON> was chosen because other 508(== crash) in this case. The name of C<TO_JSON> was chosen because other
514methods called by the Perl core (== not by the user of the object) are 509methods called by the Perl core (== not by the user of the object) are
515usually in upper case letters and to avoid collisions with any C<to_json> 510usually in upper case letters and to avoid collisions with any C<to_json>
516function or method. 511function or method.
517 512
518This setting does not yet influence C<decode> in any way, but in the 513If C<$enable> is false (the default), then C<encode> will not consider
519future, global hooks might get installed that influence C<decode> and are 514this type of conversion.
520enabled by this setting.
521 515
522If C<$enable> is false, then the C<allow_blessed> setting will decide what 516This setting has no effect on C<decode>.
523to do when a blessed object is found. 517
518=item $json = $json->allow_tags ([$enable])
519
520=item $enabled = $json->allow_tags
521
522See L<OBJECT SERIALISATION> for details.
523
524If C<$enable> is true (or missing), then C<encode>, upon encountering a
525blessed object, will check for the availability of the C<FREEZE> method on
526the object's class. If found, it will be used to serialise the object into
527a nonstandard tagged JSON value (that JSON decoders cannot decode).
528
529It also causes C<decode> to parse such tagged JSON values and deserialise
530them via a call to the C<THAW> method.
531
532If C<$enable> is false (the default), then C<encode> will not consider
533this type of conversion, and tagged JSON values will cause a parse error
534in C<decode>, as if tags were not part of the grammar.
524 535
525=item $json = $json->filter_json_object ([$coderef->($hashref)]) 536=item $json = $json->filter_json_object ([$coderef->($hashref)])
526 537
527When C<$coderef> is specified, it will be called from C<decode> each 538When C<$coderef> is specified, it will be called from C<decode> each
528time it decodes a JSON object. The only argument is a reference to the 539time it decodes a JSON object. The only argument is a reference to the
667 678
668See SECURITY CONSIDERATIONS, below, for more info on why this is useful. 679See SECURITY CONSIDERATIONS, below, for more info on why this is useful.
669 680
670=item $json_text = $json->encode ($perl_scalar) 681=item $json_text = $json->encode ($perl_scalar)
671 682
672Converts the given Perl data structure (a simple scalar or a reference 683Converts the given Perl value or data structure to its JSON
673to a hash or array) to its JSON representation. Simple scalars will be 684representation. Croaks on error.
674converted into JSON string or number sequences, while references to arrays
675become JSON arrays and references to hashes become JSON objects. Undefined
676Perl values (e.g. C<undef>) become JSON C<null> values. Neither C<true>
677nor C<false> values will be generated.
678 685
679=item $perl_scalar = $json->decode ($json_text) 686=item $perl_scalar = $json->decode ($json_text)
680 687
681The opposite of C<encode>: expects a JSON text and tries to parse it, 688The opposite of C<encode>: expects a JSON text and tries to parse it,
682returning the resulting simple scalar or reference. Croaks on error. 689returning the resulting simple scalar or reference. Croaks on error.
683
684JSON numbers and strings become simple Perl scalars. JSON arrays become
685Perl arrayrefs and JSON objects become Perl hashrefs. C<true> becomes
686C<1>, C<false> becomes C<0> and C<null> becomes C<undef>.
687 690
688=item ($perl_scalar, $characters) = $json->decode_prefix ($json_text) 691=item ($perl_scalar, $characters) = $json->decode_prefix ($json_text)
689 692
690This works like the C<decode> method, but instead of raising an exception 693This works like the C<decode> method, but instead of raising an exception
691when there is trailing garbage after the first JSON object, it will 694when there is trailing garbage after the first JSON object, it will
692silently stop parsing there and return the number of characters consumed 695silently stop parsing there and return the number of characters consumed
693so far. 696so far.
694 697
695This is useful if your JSON texts are not delimited by an outer protocol 698This is useful if your JSON texts are not delimited by an outer protocol
696(which is not the brightest thing to do in the first place) and you need
697to know where the JSON text ends. 699and you need to know where the JSON text ends.
698 700
699 JSON::XS->new->decode_prefix ("[1] the tail") 701 JSON::XS->new->decode_prefix ("[1] the tail")
700 => ([], 3) 702 => ([1], 3)
701 703
702=back 704=back
703 705
704 706
705=head1 INCREMENTAL PARSING 707=head1 INCREMENTAL PARSING
714calls). 716calls).
715 717
716JSON::XS will only attempt to parse the JSON text once it is sure it 718JSON::XS will only attempt to parse the JSON text once it is sure it
717has enough text to get a decisive result, using a very simple but 719has enough text to get a decisive result, using a very simple but
718truly incremental parser. This means that it sometimes won't stop as 720truly incremental parser. This means that it sometimes won't stop as
719early as the full parser, for example, it doesn't detect parenthese 721early as the full parser, for example, it doesn't detect mismatched
720mismatches. The only thing it guarantees is that it starts decoding as 722parentheses. The only thing it guarantees is that it starts decoding as
721soon as a syntactically valid JSON text has been seen. This means you need 723soon as a syntactically valid JSON text has been seen. This means you need
722to set resource limits (e.g. C<max_size>) to ensure the parser will stop 724to set resource limits (e.g. C<max_size>) to ensure the parser will stop
723parsing in the presence if syntax errors. 725parsing in the presence if syntax errors.
724 726
725The following methods implement this incremental parser. 727The following methods implement this incremental parser.
741 743
742If the method is called in scalar context, then it will try to extract 744If the method is called in scalar context, then it will try to extract
743exactly I<one> JSON object. If that is successful, it will return this 745exactly I<one> JSON object. If that is successful, it will return this
744object, otherwise it will return C<undef>. If there is a parse error, 746object, otherwise it will return C<undef>. If there is a parse error,
745this method will croak just as C<decode> would do (one can then use 747this method will croak just as C<decode> would do (one can then use
746C<incr_skip> to skip the errornous part). This is the most common way of 748C<incr_skip> to skip the erroneous part). This is the most common way of
747using the method. 749using the method.
748 750
749And finally, in list context, it will try to extract as many objects 751And finally, in list context, it will try to extract as many objects
750from the stream as it can find and return them, or the empty list 752from the stream as it can find and return them, or the empty list
751otherwise. For this to work, there must be no separators between the JSON 753otherwise. For this to work, there must be no separators (other than
752objects or arrays, instead they must be concatenated back-to-back. If 754whitespace) between the JSON objects or arrays, instead they must be
753an error occurs, an exception will be raised as in the scalar context 755concatenated back-to-back. If an error occurs, an exception will be
754case. Note that in this case, any previously-parsed JSON texts will be 756raised as in the scalar context case. Note that in this case, any
755lost. 757previously-parsed JSON texts will be lost.
758
759Example: Parse some JSON arrays/objects in a given string and return
760them.
761
762 my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]");
756 763
757=item $lvalue_string = $json->incr_text 764=item $lvalue_string = $json->incr_text
758 765
759This method returns the currently stored JSON fragment as an lvalue, that 766This method returns the currently stored JSON fragment as an lvalue, that
760is, you can manipulate it. This I<only> works when a preceding call to 767is, you can manipulate it. This I<only> works when a preceding call to
762all other circumstances you must not call this function (I mean it. 769all other circumstances you must not call this function (I mean it.
763although in simple tests it might actually work, it I<will> fail under 770although in simple tests it might actually work, it I<will> fail under
764real world conditions). As a special exception, you can also call this 771real world conditions). As a special exception, you can also call this
765method before having parsed anything. 772method before having parsed anything.
766 773
774That means you can only use this function to look at or manipulate text
775before or after complete JSON objects, not while the parser is in the
776middle of parsing a JSON object.
777
767This function is useful in two cases: a) finding the trailing text after a 778This function is useful in two cases: a) finding the trailing text after a
768JSON object or b) parsing multiple JSON objects separated by non-JSON text 779JSON object or b) parsing multiple JSON objects separated by non-JSON text
769(such as commas). 780(such as commas).
770 781
771=item $json->incr_skip 782=item $json->incr_skip
772 783
773This will reset the state of the incremental parser and will remove the 784This will reset the state of the incremental parser and will remove
774parsed text from the input buffer. This is useful after C<incr_parse> 785the parsed text from the input buffer so far. This is useful after
775died, in which case the input buffer and incremental parser state is left 786C<incr_parse> died, in which case the input buffer and incremental parser
776unchanged, to skip the text parsed so far and to reset the parse state. 787state is left unchanged, to skip the text parsed so far and to reset the
788parse state.
789
790The difference to C<incr_reset> is that only text until the parse error
791occurred is removed.
777 792
778=item $json->incr_reset 793=item $json->incr_reset
779 794
780This completely resets the incremental parser, that is, after this call, 795This completely resets the incremental parser, that is, after this call,
781it will be as if the parser had never parsed anything. 796it will be as if the parser had never parsed anything.
782 797
783This is useful if you want ot repeatedly parse JSON objects and want to 798This is useful if you want to repeatedly parse JSON objects and want to
784ignore any trailing data, which means you have to reset the parser after 799ignore any trailing data, which means you have to reset the parser after
785each successful decode. 800each successful decode.
786 801
787=back 802=back
788 803
789=head2 LIMITATIONS 804=head2 LIMITATIONS
790 805
791All options that affect decoding are supported, except 806All options that affect decoding are supported, except
792C<allow_nonref>. The reason for this is that it cannot be made to 807C<allow_nonref>. The reason for this is that it cannot be made to work
793work sensibly: JSON objects and arrays are self-delimited, i.e. you can concatenate 808sensibly: JSON objects and arrays are self-delimited, i.e. you can
794them back to back and still decode them perfectly. This does not hold true 809concatenate them back to back and still decode them perfectly. This does
795for JSON numbers, however. 810not hold true for JSON numbers, however.
796 811
797For example, is the string C<1> a single JSON number, or is it simply the 812For example, is the string C<1> a single JSON number, or is it simply the
798start of C<12>? Or is C<12> a single JSON number, or the concatenation 813start of C<12>? Or is C<12> a single JSON number, or the concatenation
799of C<1> and C<2>? In neither case you can tell, and this is why JSON::XS 814of C<1> and C<2>? In neither case you can tell, and this is why JSON::XS
800takes the conservative route and disallows this case. 815takes the conservative route and disallows this case.
979If the number consists of digits only, JSON::XS will try to represent 994If the number consists of digits only, JSON::XS will try to represent
980it as an integer value. If that fails, it will try to represent it as 995it as an integer value. If that fails, it will try to represent it as
981a numeric (floating point) value if that is possible without loss of 996a numeric (floating point) value if that is possible without loss of
982precision. Otherwise it will preserve the number as a string value (in 997precision. Otherwise it will preserve the number as a string value (in
983which case you lose roundtripping ability, as the JSON number will be 998which case you lose roundtripping ability, as the JSON number will be
984re-encoded toa JSON string). 999re-encoded to a JSON string).
985 1000
986Numbers containing a fractional or exponential part will always be 1001Numbers containing a fractional or exponential part will always be
987represented as numeric (floating point) values, possibly at a loss of 1002represented as numeric (floating point) values, possibly at a loss of
988precision (in which case you might lose perfect roundtripping ability, but 1003precision (in which case you might lose perfect roundtripping ability, but
989the JSON number will still be re-encoded as a JSON number). 1004the JSON number will still be re-encoded as a JSON number).
990 1005
1006Note that precision is not accuracy - binary floating point values cannot
1007represent most decimal fractions exactly, and when converting from and to
1008floating point, JSON::XS only guarantees precision up to but not including
1009the least significant bit.
1010
991=item true, false 1011=item true, false
992 1012
993These JSON atoms become C<JSON::XS::true> and C<JSON::XS::false>, 1013These JSON atoms become C<Types::Serialiser::true> and
994respectively. They are overloaded to act almost exactly like the numbers 1014C<Types::Serialiser::false>, respectively. They are overloaded to act
995C<1> and C<0>. You can check whether a scalar is a JSON boolean by using 1015almost exactly like the numbers C<1> and C<0>. You can check whether
996the C<JSON::XS::is_bool> function. 1016a scalar is a JSON boolean by using the C<Types::Serialiser::is_bool>
1017function (after C<use Types::Serialier>, of course).
997 1018
998=item null 1019=item null
999 1020
1000A JSON null atom becomes C<undef> in Perl. 1021A JSON null atom becomes C<undef> in Perl.
1022
1023=item shell-style comments (C<< # I<text> >>)
1024
1025As a nonstandard extension to the JSON syntax that is enabled by the
1026C<relaxed> setting, shell-style comments are allowed. They can start
1027anywhere outside strings and go till the end of the line.
1028
1029=item tagged values (C<< (I<tag>)I<value> >>).
1030
1031Another nonstandard extension to the JSON syntax, enabled with the
1032C<allow_tags> setting, are tagged values. In this implementation, the
1033I<tag> must be a perl package/class name encoded as a JSON string, and the
1034I<value> must be a JSON array encoding optional constructor arguments.
1035
1036See L<OBJECT SERIALISATION>, below, for details.
1001 1037
1002=back 1038=back
1003 1039
1004 1040
1005=head2 PERL -> JSON 1041=head2 PERL -> JSON
1010 1046
1011=over 4 1047=over 4
1012 1048
1013=item hash references 1049=item hash references
1014 1050
1015Perl hash references become JSON objects. As there is no inherent ordering 1051Perl hash references become JSON objects. As there is no inherent
1016in hash keys (or JSON objects), they will usually be encoded in a 1052ordering in hash keys (or JSON objects), they will usually be encoded
1017pseudo-random order that can change between runs of the same program but 1053in a pseudo-random order. JSON::XS can optionally sort the hash keys
1018stays generally the same within a single run of a program. JSON::XS can 1054(determined by the I<canonical> flag), so the same datastructure will
1019optionally sort the hash keys (determined by the I<canonical> flag), so 1055serialise to the same JSON text (given same settings and version of
1020the same datastructure will serialise to the same JSON text (given same 1056JSON::XS), but this incurs a runtime overhead and is only rarely useful,
1021settings and version of JSON::XS), but this incurs a runtime overhead 1057e.g. when you want to compare some JSON text against another for equality.
1022and is only rarely useful, e.g. when you want to compare some JSON text
1023against another for equality.
1024 1058
1025=item array references 1059=item array references
1026 1060
1027Perl array references become JSON arrays. 1061Perl array references become JSON arrays.
1028 1062
1029=item other references 1063=item other references
1030 1064
1031Other unblessed references are generally not allowed and will cause an 1065Other unblessed references are generally not allowed and will cause an
1032exception to be thrown, except for references to the integers C<0> and 1066exception to be thrown, except for references to the integers C<0> and
1033C<1>, which get turned into C<false> and C<true> atoms in JSON. You can 1067C<1>, which get turned into C<false> and C<true> atoms in JSON.
1034also use C<JSON::XS::false> and C<JSON::XS::true> to improve readability.
1035 1068
1069Since C<JSON::XS> uses the boolean model from L<Types::Serialiser>, you
1070can also C<use Types::Serialiser> and then use C<Types::Serialiser::false>
1071and C<Types::Serialiser::true> to improve readability.
1072
1073 use Types::Serialiser;
1036 encode_json [\0, JSON::XS::true] # yields [false,true] 1074 encode_json [\0, Types::Serialiser::true] # yields [false,true]
1037 1075
1038=item JSON::XS::true, JSON::XS::false 1076=item Types::Serialiser::true, Types::Serialiser::false
1039 1077
1040These special values become JSON true and JSON false values, 1078These special values from the L<Types::Serialiser> module become JSON true
1041respectively. You can also use C<\1> and C<\0> directly if you want. 1079and JSON false values, respectively. You can also use C<\1> and C<\0>
1080directly if you want.
1042 1081
1043=item blessed objects 1082=item blessed objects
1044 1083
1045Blessed objects are not directly representable in JSON. See the 1084Blessed objects are not directly representable in JSON, but C<JSON::XS>
1046C<allow_blessed> and C<convert_blessed> methods on various options on 1085allows various ways of handling objects. See L<OBJECT SERIALISATION>,
1047how to deal with this: basically, you can choose between throwing an 1086below, for details.
1048exception, encoding the reference as if it weren't blessed, or provide
1049your own serialiser method.
1050 1087
1051=item simple scalars 1088=item simple scalars
1052 1089
1053Simple Perl scalars (any scalar that is not a reference) are the most 1090Simple Perl scalars (any scalar that is not a reference) are the most
1054difficult objects to encode: JSON::XS will encode undefined scalars as 1091difficult objects to encode: JSON::XS will encode undefined scalars as
1082 1119
1083You can not currently force the type in other, less obscure, ways. Tell me 1120You can not currently force the type in other, less obscure, ways. Tell me
1084if you need this capability (but don't forget to explain why it's needed 1121if you need this capability (but don't forget to explain why it's needed
1085:). 1122:).
1086 1123
1124Note that numerical precision has the same meaning as under Perl (so
1125binary to decimal conversion follows the same rules as in Perl, which
1126can differ to other languages). Also, your perl interpreter might expose
1127extensions to the floating point numbers of your platform, such as
1128infinities or NaN's - these cannot be represented in JSON, and it is an
1129error to pass those in.
1130
1087=back 1131=back
1132
1133=head2 OBJECT SERIALISATION
1134
1135As JSON cannot directly represent Perl objects, you have to choose between
1136a pure JSON representation (without the ability to deserialise the object
1137automatically again), and a nonstandard extension to the JSON syntax,
1138tagged values.
1139
1140=head3 SERIALISATION
1141
1142What happens when C<JSON::XS> encounters a Perl object depends on the
1143C<allow_blessed>, C<convert_blessed> and C<allow_tags> settings, which are
1144used in this order:
1145
1146=over 4
1147
1148=item 1. C<allow_tags> is enabled and the object has a C<FREEZE> method.
1149
1150In this case, C<JSON::XS> uses the L<Types::Serialiser> object
1151serialisation protocol to create a tagged JSON value, using a nonstandard
1152extension to the JSON syntax.
1153
1154This works by invoking the C<FREEZE> method on the object, with the first
1155argument being the object to serialise, and the second argument being the
1156constant string C<JSON> to distinguish it from other serialisers.
1157
1158The C<FREEZE> method can return any number of values (i.e. zero or
1159more). These values and the paclkage/classname of the object will then be
1160encoded as a tagged JSON value in the following format:
1161
1162 ("classname")[FREEZE return values...]
1163
1164e.g.:
1165
1166 ("URI")["http://www.google.com/"]
1167 ("MyDate")[2013,10,29]
1168 ("ImageData::JPEG")["Z3...VlCg=="]
1169
1170For example, the hypothetical C<My::Object> C<FREEZE> method might use the
1171objects C<type> and C<id> members to encode the object:
1172
1173 sub My::Object::FREEZE {
1174 my ($self, $serialiser) = @_;
1175
1176 ($self->{type}, $self->{id})
1177 }
1178
1179=item 2. C<convert_blessed> is enabled and the object has a C<TO_JSON> method.
1180
1181In this case, the C<TO_JSON> method of the object is invoked in scalar
1182context. It must return a single scalar that can be directly encoded into
1183JSON. This scalar replaces the object in the JSON text.
1184
1185For example, the following C<TO_JSON> method will convert all L<URI>
1186objects to JSON strings when serialised. The fatc that these values
1187originally were L<URI> objects is lost.
1188
1189 sub URI::TO_JSON {
1190 my ($uri) = @_;
1191 $uri->as_string
1192 }
1193
1194=item 3. C<allow_blessed> is enabled.
1195
1196The object will be serialised as a JSON null value.
1197
1198=item 4. none of the above
1199
1200If none of the settings are enabled or the respective methods are missing,
1201C<JSON::XS> throws an exception.
1202
1203=back
1204
1205=head3 DESERIALISATION
1206
1207For deserialisation there are only two cases to consider: either
1208nonstandard tagging was used, in which case C<allow_tags> decides,
1209or objects cannot be automatically be deserialised, in which
1210case you can use postprocessing or the C<filter_json_object> or
1211C<filter_json_single_key_object> callbacks to get some real objects our of
1212your JSON.
1213
1214This section only considers the tagged value case: I a tagged JSON object
1215is encountered during decoding and C<allow_tags> is disabled, a parse
1216error will result (as if tagged values were not part of the grammar).
1217
1218If C<allow_tags> is enabled, C<JSON::XS> will look up the C<THAW> method
1219of the package/classname used during serialisation (it will not attempt
1220to load the package as a Perl module). If there is no such method, the
1221decoding will fail with an error.
1222
1223Otherwise, the C<THAW> method is invoked with the classname as first
1224argument, the constant string C<JSON> as second argument, and all the
1225values from the JSON array (the values originally returned by the
1226C<FREEZE> method) as remaining arguments.
1227
1228The method must then return the object. While technically you can return
1229any Perl scalar, you might have to enable the C<enable_nonref> setting to
1230make that work in all cases, so better return an actual blessed reference.
1231
1232As an example, let's implement a C<THAW> function that regenerates the
1233C<My::Object> from the C<FREEZE> example earlier:
1234
1235 sub My::Object::THAW {
1236 my ($class, $serialiser, $type, $id) = @_;
1237
1238 $class->new (type => $type, id => $id)
1239 }
1088 1240
1089 1241
1090=head1 ENCODING/CODESET FLAG NOTES 1242=head1 ENCODING/CODESET FLAG NOTES
1091 1243
1092The interested reader might have seen a number of flags that signify 1244The interested reader might have seen a number of flags that signify
1117=item C<utf8> flag disabled 1269=item C<utf8> flag disabled
1118 1270
1119When C<utf8> is disabled (the default), then C<encode>/C<decode> generate 1271When C<utf8> is disabled (the default), then C<encode>/C<decode> generate
1120and expect Unicode strings, that is, characters with high ordinal Unicode 1272and expect Unicode strings, that is, characters with high ordinal Unicode
1121values (> 255) will be encoded as such characters, and likewise such 1273values (> 255) will be encoded as such characters, and likewise such
1122characters are decoded as-is, no canges to them will be done, except 1274characters are decoded as-is, no changes to them will be done, except
1123"(re-)interpreting" them as Unicode codepoints or Unicode characters, 1275"(re-)interpreting" them as Unicode codepoints or Unicode characters,
1124respectively (to Perl, these are the same thing in strings unless you do 1276respectively (to Perl, these are the same thing in strings unless you do
1125funny/weird/dumb stuff). 1277funny/weird/dumb stuff).
1126 1278
1127This is useful when you want to do the encoding yourself (e.g. when you 1279This is useful when you want to do the encoding yourself (e.g. when you
1137expect your input strings to be encoded as UTF-8, that is, no "character" 1289expect your input strings to be encoded as UTF-8, that is, no "character"
1138of the input string must have any value > 255, as UTF-8 does not allow 1290of the input string must have any value > 255, as UTF-8 does not allow
1139that. 1291that.
1140 1292
1141The C<utf8> flag therefore switches between two modes: disabled means you 1293The C<utf8> flag therefore switches between two modes: disabled means you
1142will get a Unicode string in Perl, enabled means you get an UTF-8 encoded 1294will get a Unicode string in Perl, enabled means you get a UTF-8 encoded
1143octet/binary string in Perl. 1295octet/binary string in Perl.
1144 1296
1145=item C<latin1> or C<ascii> flags enabled 1297=item C<latin1> or C<ascii> flags enabled
1146 1298
1147With C<latin1> (or C<ascii>) enabled, C<encode> will escape characters 1299With C<latin1> (or C<ascii>) enabled, C<encode> will escape characters
1183proper subset of most 8-bit and multibyte encodings in use in the world. 1335proper subset of most 8-bit and multibyte encodings in use in the world.
1184 1336
1185=back 1337=back
1186 1338
1187 1339
1340=head2 JSON and ECMAscript
1341
1342JSON syntax is based on how literals are represented in javascript (the
1343not-standardised predecessor of ECMAscript) which is presumably why it is
1344called "JavaScript Object Notation".
1345
1346However, JSON is not a subset (and also not a superset of course) of
1347ECMAscript (the standard) or javascript (whatever browsers actually
1348implement).
1349
1350If you want to use javascript's C<eval> function to "parse" JSON, you
1351might run into parse errors for valid JSON texts, or the resulting data
1352structure might not be queryable:
1353
1354One of the problems is that U+2028 and U+2029 are valid characters inside
1355JSON strings, but are not allowed in ECMAscript string literals, so the
1356following Perl fragment will not output something that can be guaranteed
1357to be parsable by javascript's C<eval>:
1358
1359 use JSON::XS;
1360
1361 print encode_json [chr 0x2028];
1362
1363The right fix for this is to use a proper JSON parser in your javascript
1364programs, and not rely on C<eval> (see for example Douglas Crockford's
1365F<json2.js> parser).
1366
1367If this is not an option, you can, as a stop-gap measure, simply encode to
1368ASCII-only JSON:
1369
1370 use JSON::XS;
1371
1372 print JSON::XS->new->ascii->encode ([chr 0x2028]);
1373
1374Note that this will enlarge the resulting JSON text quite a bit if you
1375have many non-ASCII characters. You might be tempted to run some regexes
1376to only escape U+2028 and U+2029, e.g.:
1377
1378 # DO NOT USE THIS!
1379 my $json = JSON::XS->new->utf8->encode ([chr 0x2028]);
1380 $json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028
1381 $json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029
1382 print $json;
1383
1384Note that I<this is a bad idea>: the above only works for U+2028 and
1385U+2029 and thus only for fully ECMAscript-compliant parsers. Many existing
1386javascript implementations, however, have issues with other characters as
1387well - using C<eval> naively simply I<will> cause problems.
1388
1389Another problem is that some javascript implementations reserve
1390some property names for their own purposes (which probably makes
1391them non-ECMAscript-compliant). For example, Iceweasel reserves the
1392C<__proto__> property name for its own purposes.
1393
1394If that is a problem, you could parse try to filter the resulting JSON
1395output for these property strings, e.g.:
1396
1397 $json =~ s/"__proto__"\s*:/"__proto__renamed":/g;
1398
1399This works because C<__proto__> is not valid outside of strings, so every
1400occurrence of C<"__proto__"\s*:> must be a string used as property name.
1401
1402If you know of other incompatibilities, please let me know.
1403
1404
1188=head2 JSON and YAML 1405=head2 JSON and YAML
1189 1406
1190You often hear that JSON is a subset of YAML. This is, however, a mass 1407You often hear that JSON is a subset of YAML. This is, however, a mass
1191hysteria(*) and very far from the truth (as of the time of this writing), 1408hysteria(*) and very far from the truth (as of the time of this writing),
1192so let me state it clearly: I<in general, there is no way to configure 1409so let me state it clearly: I<in general, there is no way to configure
1200 my $yaml = $to_yaml->encode ($ref) . "\n"; 1417 my $yaml = $to_yaml->encode ($ref) . "\n";
1201 1418
1202This will I<usually> generate JSON texts that also parse as valid 1419This will I<usually> generate JSON texts that also parse as valid
1203YAML. Please note that YAML has hardcoded limits on (simple) object key 1420YAML. Please note that YAML has hardcoded limits on (simple) object key
1204lengths that JSON doesn't have and also has different and incompatible 1421lengths that JSON doesn't have and also has different and incompatible
1205unicode handling, so you should make sure that your hash keys are 1422unicode character escape syntax, so you should make sure that your hash
1206noticeably shorter than the 1024 "stream characters" YAML allows and that 1423keys are noticeably shorter than the 1024 "stream characters" YAML allows
1207you do not have characters with codepoint values outside the Unicode BMP 1424and that you do not have characters with codepoint values outside the
1208(basic multilingual page). YAML also does not allow C<\/> sequences in 1425Unicode BMP (basic multilingual page). YAML also does not allow C<\/>
1209strings (which JSON::XS does not I<currently> generate, but other JSON 1426sequences in strings (which JSON::XS does not I<currently> generate, but
1210generators might). 1427other JSON generators might).
1211 1428
1212There might be other incompatibilities that I am not aware of (or the YAML 1429There might be other incompatibilities that I am not aware of (or the YAML
1213specification has been changed yet again - it does so quite often). In 1430specification has been changed yet again - it does so quite often). In
1214general you should not try to generate YAML with a JSON generator or vice 1431general you should not try to generate YAML with a JSON generator or vice
1215versa, or try to parse JSON with a YAML parser or vice versa: chances are 1432versa, or try to parse JSON with a YAML parser or vice versa: chances are
1234that difficult or long) and finally make YAML compatible to it, and 1451that difficult or long) and finally make YAML compatible to it, and
1235educating users about the changes, instead of spreading lies about the 1452educating users about the changes, instead of spreading lies about the
1236real compatibility for many I<years> and trying to silence people who 1453real compatibility for many I<years> and trying to silence people who
1237point out that it isn't true. 1454point out that it isn't true.
1238 1455
1456Addendum/2009: the YAML 1.2 spec is still incompatible with JSON, even
1457though the incompatibilities have been documented (and are known to Brian)
1458for many years and the spec makes explicit claims that YAML is a superset
1459of JSON. It would be so easy to fix, but apparently, bullying people and
1460corrupting userdata is so much easier.
1461
1239=back 1462=back
1240 1463
1241 1464
1242=head2 SPEED 1465=head2 SPEED
1243 1466
1250a very short single-line JSON string (also available at 1473a very short single-line JSON string (also available at
1251L<http://dist.schmorp.de/misc/json/short.json>). 1474L<http://dist.schmorp.de/misc/json/short.json>).
1252 1475
1253 {"method": "handleMessage", "params": ["user1", 1476 {"method": "handleMessage", "params": ["user1",
1254 "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7, 1477 "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7,
1255 true, false]} 1478 1, 0]}
1256 1479
1257It shows the number of encodes/decodes per second (JSON::XS uses 1480It shows the number of encodes/decodes per second (JSON::XS uses
1258the functional interface, while JSON::XS/2 uses the OO interface 1481the functional interface, while JSON::XS/2 uses the OO interface
1259with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables 1482with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables
1260shrink). Higher is better: 1483shrink. JSON::DWIW/DS uses the deserialise function, while JSON::DWIW::FJ
1484uses the from_json method). Higher is better:
1261 1485
1262 module | encode | decode | 1486 module | encode | decode |
1263 -----------|------------|------------| 1487 --------------|------------|------------|
1264 JSON 1.x | 4990.842 | 4088.813 | 1488 JSON::DWIW/DS | 86302.551 | 102300.098 |
1265 JSON::DWIW | 51653.990 | 71575.154 | 1489 JSON::DWIW/FJ | 86302.551 | 75983.768 |
1266 JSON::PC | 65948.176 | 74631.744 | 1490 JSON::PP | 15827.562 | 6638.658 |
1267 JSON::PP | 8931.652 | 3817.168 | 1491 JSON::Syck | 63358.066 | 47662.545 |
1268 JSON::Syck | 24877.248 | 27776.848 | 1492 JSON::XS | 511500.488 | 511500.488 |
1269 JSON::XS | 388361.481 | 227951.304 | 1493 JSON::XS/2 | 291271.111 | 388361.481 |
1270 JSON::XS/2 | 227951.304 | 218453.333 | 1494 JSON::XS/3 | 361577.931 | 361577.931 |
1271 JSON::XS/3 | 338250.323 | 218453.333 | 1495 Storable | 66788.280 | 265462.278 |
1272 Storable | 16500.016 | 135300.129 |
1273 -----------+------------+------------+ 1496 --------------+------------+------------+
1274 1497
1275That is, JSON::XS is about five times faster than JSON::DWIW on encoding, 1498That is, JSON::XS is almost six times faster than JSON::DWIW on encoding,
1276about three times faster on decoding, and over forty times faster 1499about five times faster on decoding, and over thirty to seventy times
1277than JSON, even with pretty-printing and key sorting. It also compares 1500faster than JSON's pure perl implementation. It also compares favourably
1278favourably to Storable for small amounts of data. 1501to Storable for small amounts of data.
1279 1502
1280Using a longer test string (roughly 18KB, generated from Yahoo! Locals 1503Using a longer test string (roughly 18KB, generated from Yahoo! Locals
1281search API (L<http://dist.schmorp.de/misc/json/long.json>). 1504search API (L<http://dist.schmorp.de/misc/json/long.json>).
1282 1505
1283 module | encode | decode | 1506 module | encode | decode |
1284 -----------|------------|------------| 1507 --------------|------------|------------|
1285 JSON 1.x | 55.260 | 34.971 | 1508 JSON::DWIW/DS | 1647.927 | 2673.916 |
1286 JSON::DWIW | 825.228 | 1082.513 | 1509 JSON::DWIW/FJ | 1630.249 | 2596.128 |
1287 JSON::PC | 3571.444 | 2394.829 |
1288 JSON::PP | 210.987 | 32.574 | 1510 JSON::PP | 400.640 | 62.311 |
1289 JSON::Syck | 552.551 | 787.544 | 1511 JSON::Syck | 1481.040 | 1524.869 |
1290 JSON::XS | 5780.463 | 4854.519 | 1512 JSON::XS | 20661.596 | 9541.183 |
1291 JSON::XS/2 | 3869.998 | 4798.975 | 1513 JSON::XS/2 | 10683.403 | 9416.938 |
1292 JSON::XS/3 | 5862.880 | 4798.975 | 1514 JSON::XS/3 | 20661.596 | 9400.054 |
1293 Storable | 4445.002 | 5235.027 | 1515 Storable | 19765.806 | 10000.725 |
1294 -----------+------------+------------+ 1516 --------------+------------+------------+
1295 1517
1296Again, JSON::XS leads by far (except for Storable which non-surprisingly 1518Again, JSON::XS leads by far (except for Storable which non-surprisingly
1297decodes faster). 1519decodes a bit faster).
1298 1520
1299On large strings containing lots of high Unicode characters, some modules 1521On large strings containing lots of high Unicode characters, some modules
1300(such as JSON::PC) seem to decode faster than JSON::XS, but the result 1522(such as JSON::PC) seem to decode faster than JSON::XS, but the result
1301will be broken due to missing (or wrong) Unicode handling. Others refuse 1523will be broken due to missing (or wrong) Unicode handling. Others refuse
1302to decode or encode properly, so it was impossible to prepare a fair 1524to decode or encode properly, so it was impossible to prepare a fair
1338information you might want to make sure that exceptions thrown by JSON::XS 1560information you might want to make sure that exceptions thrown by JSON::XS
1339will not end up in front of untrusted eyes. 1561will not end up in front of untrusted eyes.
1340 1562
1341If you are using JSON::XS to return packets to consumption 1563If you are using JSON::XS to return packets to consumption
1342by JavaScript scripts in a browser you should have a look at 1564by JavaScript scripts in a browser you should have a look at
1343L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether 1565L<http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> to
1344you are vulnerable to some common attack vectors (which really are browser 1566see whether you are vulnerable to some common attack vectors (which really
1345design bugs, but it is still you who will have to deal with it, as major 1567are browser design bugs, but it is still you who will have to deal with
1346browser developers care only for features, not about getting security 1568it, as major browser developers care only for features, not about getting
1347right). 1569security right).
1348 1570
1349 1571
1572=head1 "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159)
1573
1574TL;DR: Due to security concerns, JSON::XS will not allow scalar data in
1575JSON texts by default - you need to create your own JSON::XS object and
1576enable C<allow_nonref>:
1577
1578
1579 my $json = JSON::XS->new->allow_nonref;
1580
1581 $text = $json->encode ($data);
1582 $data = $json->decode ($text);
1583
1584The long version: JSON being an important and supposedly stable format,
1585the IETF standardised it as RFC 4627 in 2006. Unfortunately, the inventor
1586of JSON, Dougles Crockford, unilaterally changed the definition of JSON in
1587javascript. Rather than create a fork, the IETF decided to standardise the
1588new syntax (apparently, so Iw as told, without finding it very amusing).
1589
1590The biggest difference between thed original JSON and the new JSON is that
1591the new JSON supports scalars (anything other than arrays and objects) at
1592the toplevel of a JSON text. While this is strictly backwards compatible
1593to older versions, it breaks a number of protocols that relied on sending
1594JSON back-to-back, and is a minor security concern.
1595
1596For example, imagine you have two banks communicating, and on one side,
1597trhe JSON coder gets upgraded. Two messages, such as C<10> and C<1000>
1598might then be confused to mean C<101000>, something that couldn't happen
1599in the original JSON, because niether of these messages would be valid
1600JSON.
1601
1602If one side accepts these messages, then an upgrade in the coder on either
1603side could result in this becoming exploitable.
1604
1605This module has always allowed these messages as an optional extension, by
1606default disabled. The security concerns are the reason why the default is
1607still disabled, but future versions might/will likely upgrade to the newer
1608RFC as default format, so you are advised to check your implementation
1609and/or override the default with C<< ->allow_nonref (0) >> to ensure that
1610future versions are safe.
1611
1612
1613=head1 INTEROPERABILITY WITH OTHER MODULES
1614
1615C<JSON::XS> uses the L<Types::Serialiser> module to provide boolean
1616constants. That means that the JSON true and false values will be
1617comaptible to true and false values of other modules that do the same,
1618such as L<JSON::PP> and L<CBOR::XS>.
1619
1620
1621=head1 INTEROPERABILITY WITH OTHER JSON DECODERS
1622
1623As long as you only serialise data that can be directly expressed in JSON,
1624C<JSON::XS> is incapable of generating invalid JSON output (modulo bugs,
1625but C<JSON::XS> has found more bugs in the official JSON testsuite (1)
1626than the official JSON testsuite has found in C<JSON::XS> (0)).
1627
1628When you have trouble decoding JSON generated by this module using other
1629decoders, then it is very likely that you have an encoding mismatch or the
1630other decoder is broken.
1631
1632When decoding, C<JSON::XS> is strict by default and will likely catch all
1633errors. There are currently two settings that change this: C<relaxed>
1634makes C<JSON::XS> accept (but not generate) some non-standard extensions,
1635and C<allow_tags> will allow you to encode and decode Perl objects, at the
1636cost of not outputting valid JSON anymore.
1637
1638=head2 TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS
1639
1640When you use C<allow_tags> to use the extended (and also nonstandard and
1641invalid) JSON syntax for serialised objects, and you still want to decode
1642the generated When you want to serialise objects, you can run a regex
1643to replace the tagged syntax by standard JSON arrays (it only works for
1644"normal" package names without comma, newlines or single colons). First,
1645the readable Perl version:
1646
1647 # if your FREEZE methods return no values, you need this replace first:
1648 $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx;
1649
1650 # this works for non-empty constructor arg lists:
1651 $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx;
1652
1653And here is a less readable version that is easy to adapt to other
1654languages:
1655
1656 $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g;
1657
1658Here is an ECMAScript version (same regex):
1659
1660 json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,");
1661
1662Since this syntax converts to standard JSON arrays, it might be hard to
1663distinguish serialised objects from normal arrays. You can prepend a
1664"magic number" as first array element to reduce chances of a collision:
1665
1666 $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g;
1667
1668And after decoding the JSON text, you could walk the data
1669structure looking for arrays with a first element of
1670C<XU1peReLzT4ggEllLanBYq4G9VzliwKF>.
1671
1672The same approach can be used to create the tagged format with another
1673encoder. First, you create an array with the magic string as first member,
1674the classname as second, and constructor arguments last, encode it as part
1675of your JSON structure, and then:
1676
1677 $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g;
1678
1679Again, this has some limitations - the magic string must not be encoded
1680with character escapes, and the constructor arguments must be non-empty.
1681
1682
1683=head1 RFC7159
1684
1685Since this module was written, Google has written a new JSON RFC, RFC 7159
1686(and RFC7158). Unfortunately, this RFC breaks compatibility with both the
1687original JSON specification on www.json.org and RFC4627.
1688
1689As far as I can see, you can get partial compatibility when parsing by
1690using C<< ->allow_nonref >>. However, consider the security implications
1691of doing so.
1692
1693I haven't decided yet when to break compatibility with RFC4627 by default
1694(and potentially leave applications insecure) and change the default to
1695follow RFC7159, but application authors are well advised to call C<<
1696->allow_nonref(0) >> even if this is the current default, if they cannot
1697handle non-reference values, in preparation for the day when the default
1698will change.
1699
1700
1350=head1 THREADS 1701=head1 (I-)THREADS
1351 1702
1352This module is I<not> guaranteed to be thread safe and there are no 1703This module is I<not> guaranteed to be ithread (or MULTIPLICITY-) safe
1353plans to change this until Perl gets thread support (as opposed to the 1704and there are no plans to change this. Note that perl's builtin so-called
1354horribly slow so-called "threads" which are simply slow and bloated 1705threads/ithreads are officially deprecated and should not be used.
1355process simulations - use fork, it's I<much> faster, cheaper, better).
1356 1706
1357(It might actually work, but you have been warned). 1707
1708=head1 THE PERILS OF SETLOCALE
1709
1710Sometimes people avoid the Perl locale support and directly call the
1711system's setlocale function with C<LC_ALL>.
1712
1713This breaks both perl and modules such as JSON::XS, as stringification of
1714numbers no longer works correctly (e.g. C<$x = 0.1; print "$x"+1> might
1715print C<1>, and JSON::XS might output illegal JSON as JSON::XS relies on
1716perl to stringify numbers).
1717
1718The solution is simple: don't call C<setlocale>, or use it for only those
1719categories you need, such as C<LC_MESSAGES> or C<LC_CTYPE>.
1720
1721If you need C<LC_NUMERIC>, you should enable it only around the code that
1722actually needs it (avoiding stringification of numbers), and restore it
1723afterwards.
1358 1724
1359 1725
1360=head1 BUGS 1726=head1 BUGS
1361 1727
1362While the goal of this module is to be correct, that unfortunately does 1728While the goal of this module is to be correct, that unfortunately does
1366Please refrain from using rt.cpan.org or any other bug reporting 1732Please refrain from using rt.cpan.org or any other bug reporting
1367service. I put the contact address into my modules for a reason. 1733service. I put the contact address into my modules for a reason.
1368 1734
1369=cut 1735=cut
1370 1736
1371our $true = do { bless \(my $dummy = 1), "JSON::XS::Boolean" }; 1737BEGIN {
1372our $false = do { bless \(my $dummy = 0), "JSON::XS::Boolean" }; 1738 *true = \$Types::Serialiser::true;
1739 *true = \&Types::Serialiser::true;
1740 *false = \$Types::Serialiser::false;
1741 *false = \&Types::Serialiser::false;
1742 *is_bool = \&Types::Serialiser::is_bool;
1373 1743
1374sub true() { $true } 1744 *JSON::XS::Boolean:: = *Types::Serialiser::Boolean::;
1375sub false() { $false }
1376
1377sub is_bool($) {
1378 UNIVERSAL::isa $_[0], "JSON::XS::Boolean"
1379# or UNIVERSAL::isa $_[0], "JSON::Literal"
1380} 1745}
1381 1746
1382XSLoader::load "JSON::XS", $VERSION; 1747XSLoader::load "JSON::XS", $VERSION;
1383
1384package JSON::XS::Boolean;
1385
1386use overload
1387 "0+" => sub { ${$_[0]} },
1388 "++" => sub { $_[0] = ${$_[0]} + 1 },
1389 "--" => sub { $_[0] = ${$_[0]} - 1 },
1390 fallback => 1;
1391
13921;
1393 1748
1394=head1 SEE ALSO 1749=head1 SEE ALSO
1395 1750
1396The F<json_xs> command line utility for quick experiments. 1751The F<json_xs> command line utility for quick experiments.
1397 1752
1400 Marc Lehmann <schmorp@schmorp.de> 1755 Marc Lehmann <schmorp@schmorp.de>
1401 http://home.schmorp.de/ 1756 http://home.schmorp.de/
1402 1757
1403=cut 1758=cut
1404 1759
17601
1761

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines