ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/JSON-XS/XS.pm
(Generate patch)

Comparing JSON-XS/XS.pm (file contents):
Revision 1.115 by root, Tue Feb 17 23:29:38 2009 UTC vs.
Revision 1.134 by root, Mon Feb 21 15:38:06 2011 UTC

64so, and even documents what "correct" means. 64so, and even documents what "correct" means.
65 65
66=item * round-trip integrity 66=item * round-trip integrity
67 67
68When you serialise a perl data structure using only data types supported 68When you serialise a perl data structure using only data types supported
69by JSON, the deserialised data structure is identical on the Perl level. 69by JSON and Perl, the deserialised data structure is identical on the Perl
70(e.g. the string "2.0" doesn't suddenly become "2" just because it looks 70level. (e.g. the string "2.0" doesn't suddenly become "2" just because
71like a number). There minor I<are> exceptions to this, read the MAPPING 71it looks like a number). There I<are> minor exceptions to this, read the
72section below to learn about those. 72MAPPING section below to learn about those.
73 73
74=item * strict checking of JSON correctness 74=item * strict checking of JSON correctness
75 75
76There is no guessing, no generating of illegal JSON texts by default, 76There is no guessing, no generating of illegal JSON texts by default,
77and only JSON is accepted as input by default (the latter is a security 77and only JSON is accepted as input by default (the latter is a security
99 99
100=cut 100=cut
101 101
102package JSON::XS; 102package JSON::XS;
103 103
104no warnings; 104use common::sense;
105use strict;
106 105
107our $VERSION = '2.232'; 106our $VERSION = '2.3';
108our @ISA = qw(Exporter); 107our @ISA = qw(Exporter);
109 108
110our @EXPORT = qw(encode_json decode_json to_json from_json); 109our @EXPORT = qw(encode_json decode_json to_json from_json);
111 110
112sub to_json($) { 111sub to_json($) {
441the same JSON text (given the same overall settings). If it is disabled, 440the same JSON text (given the same overall settings). If it is disabled,
442the same hash might be encoded differently even if contains the same data, 441the same hash might be encoded differently even if contains the same data,
443as key-value pairs have no inherent ordering in Perl. 442as key-value pairs have no inherent ordering in Perl.
444 443
445This setting has no effect when decoding JSON texts. 444This setting has no effect when decoding JSON texts.
445
446This setting has currently no effect on tied hashes.
446 447
447=item $json = $json->allow_nonref ([$enable]) 448=item $json = $json->allow_nonref ([$enable])
448 449
449=item $enabled = $json->get_allow_nonref 450=item $enabled = $json->get_allow_nonref
450 451
712calls). 713calls).
713 714
714JSON::XS will only attempt to parse the JSON text once it is sure it 715JSON::XS will only attempt to parse the JSON text once it is sure it
715has enough text to get a decisive result, using a very simple but 716has enough text to get a decisive result, using a very simple but
716truly incremental parser. This means that it sometimes won't stop as 717truly incremental parser. This means that it sometimes won't stop as
717early as the full parser, for example, it doesn't detect parenthese 718early as the full parser, for example, it doesn't detect mismatched
718mismatches. The only thing it guarantees is that it starts decoding as 719parentheses. The only thing it guarantees is that it starts decoding as
719soon as a syntactically valid JSON text has been seen. This means you need 720soon as a syntactically valid JSON text has been seen. This means you need
720to set resource limits (e.g. C<max_size>) to ensure the parser will stop 721to set resource limits (e.g. C<max_size>) to ensure the parser will stop
721parsing in the presence if syntax errors. 722parsing in the presence if syntax errors.
722 723
723The following methods implement this incremental parser. 724The following methods implement this incremental parser.
749otherwise. For this to work, there must be no separators between the JSON 750otherwise. For this to work, there must be no separators between the JSON
750objects or arrays, instead they must be concatenated back-to-back. If 751objects or arrays, instead they must be concatenated back-to-back. If
751an error occurs, an exception will be raised as in the scalar context 752an error occurs, an exception will be raised as in the scalar context
752case. Note that in this case, any previously-parsed JSON texts will be 753case. Note that in this case, any previously-parsed JSON texts will be
753lost. 754lost.
755
756Example: Parse some JSON arrays/objects in a given string and return
757them.
758
759 my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]");
754 760
755=item $lvalue_string = $json->incr_text 761=item $lvalue_string = $json->incr_text
756 762
757This method returns the currently stored JSON fragment as an lvalue, that 763This method returns the currently stored JSON fragment as an lvalue, that
758is, you can manipulate it. This I<only> works when a preceding call to 764is, you can manipulate it. This I<only> works when a preceding call to
988Numbers containing a fractional or exponential part will always be 994Numbers containing a fractional or exponential part will always be
989represented as numeric (floating point) values, possibly at a loss of 995represented as numeric (floating point) values, possibly at a loss of
990precision (in which case you might lose perfect roundtripping ability, but 996precision (in which case you might lose perfect roundtripping ability, but
991the JSON number will still be re-encoded as a JSON number). 997the JSON number will still be re-encoded as a JSON number).
992 998
999Note that precision is not accuracy - binary floating point values cannot
1000represent most decimal fractions exactly, and when converting from and to
1001floating point, JSON::XS only guarantees precision up to but not including
1002the leats significant bit.
1003
993=item true, false 1004=item true, false
994 1005
995These JSON atoms become C<JSON::XS::true> and C<JSON::XS::false>, 1006These JSON atoms become C<JSON::XS::true> and C<JSON::XS::false>,
996respectively. They are overloaded to act almost exactly like the numbers 1007respectively. They are overloaded to act almost exactly like the numbers
997C<1> and C<0>. You can check whether a scalar is a JSON boolean by using 1008C<1> and C<0>. You can check whether a scalar is a JSON boolean by using
1084 1095
1085You can not currently force the type in other, less obscure, ways. Tell me 1096You can not currently force the type in other, less obscure, ways. Tell me
1086if you need this capability (but don't forget to explain why it's needed 1097if you need this capability (but don't forget to explain why it's needed
1087:). 1098:).
1088 1099
1100Note that numerical precision has the same meaning as under Perl (so
1101binary to decimal conversion follows the same rules as in Perl, which
1102can differ to other languages). Also, your perl interpreter might expose
1103extensions to the floating point numbers of your platform, such as
1104infinities or NaN's - these cannot be represented in JSON, and it is an
1105error to pass those in.
1106
1089=back 1107=back
1090 1108
1091 1109
1092=head1 ENCODING/CODESET FLAG NOTES 1110=head1 ENCODING/CODESET FLAG NOTES
1093 1111
1209 use JSON::XS; 1227 use JSON::XS;
1210 1228
1211 print encode_json [chr 0x2028]; 1229 print encode_json [chr 0x2028];
1212 1230
1213The right fix for this is to use a proper JSON parser in your javascript 1231The right fix for this is to use a proper JSON parser in your javascript
1214programs, and not rely on C<eval>. 1232programs, and not rely on C<eval> (see for example Douglas Crockford's
1233F<json2.js> parser).
1215 1234
1216If this is not an option, you can, as a stop-gap measure, simply encode to 1235If this is not an option, you can, as a stop-gap measure, simply encode to
1217ASCII-only JSON: 1236ASCII-only JSON:
1218 1237
1219 use JSON::XS; 1238 use JSON::XS;
1220 1239
1221 print JSON::XS->new->ascii->encode ([chr 0x2028]); 1240 print JSON::XS->new->ascii->encode ([chr 0x2028]);
1222 1241
1223And if you are concerned about the size of the resulting JSON text, you 1242Note that this will enlarge the resulting JSON text quite a bit if you
1224can run some regexes to only escape U+2028 and U+2029: 1243have many non-ASCII characters. You might be tempted to run some regexes
1244to only escape U+2028 and U+2029, e.g.:
1225 1245
1226 use JSON::XS; 1246 # DO NOT USE THIS!
1227
1228 my $json = JSON::XS->new->utf8->encode ([chr 0x2028]); 1247 my $json = JSON::XS->new->utf8->encode ([chr 0x2028]);
1229 $json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028 1248 $json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028
1230 $json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029 1249 $json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029
1231 print $json; 1250 print $json;
1232 1251
1233This works because U+2028/U+2029 are not allowed outside of strings and 1252Note that I<this is a bad idea>: the above only works for U+2028 and
1234are not used for syntax, so replacing them unconditionally just works. 1253U+2029 and thus only for fully ECMAscript-compliant parsers. Many existing
1235 1254javascript implementations, however, have issues with other characters as
1236Note, however, that fixing the broken JSON parser is better than working 1255well - using C<eval> naively simply I<will> cause problems.
1237around it in every other generator. The above regexes should work well in
1238other languages, as long as they operate on UTF-8. It is equally valid to
1239replace all occurences of U+2028/2029 directly by their \\u-escaped forms
1240in unicode texts, so they can simply be used to fix any parsers relying on
1241C<eval> by first applying the regexes on the encoded texts.
1242 1256
1243Another problem is that some javascript implementations reserve 1257Another problem is that some javascript implementations reserve
1244some property names for their own purposes (which probably makes 1258some property names for their own purposes (which probably makes
1245them non-ECMAscript-compliant). For example, Iceweasel reserves the 1259them non-ECMAscript-compliant). For example, Iceweasel reserves the
1246C<__proto__> property name for it's own purposes. 1260C<__proto__> property name for its own purposes.
1247 1261
1248If that is a problem, you could parse try to filter the resulting JSON 1262If that is a problem, you could parse try to filter the resulting JSON
1249output for these property strings, e.g.: 1263output for these property strings, e.g.:
1250 1264
1251 $json =~ s/"__proto__"\s*:/"__proto__renamed":/g; 1265 $json =~ s/"__proto__"\s*:/"__proto__renamed":/g;
1271 my $yaml = $to_yaml->encode ($ref) . "\n"; 1285 my $yaml = $to_yaml->encode ($ref) . "\n";
1272 1286
1273This will I<usually> generate JSON texts that also parse as valid 1287This will I<usually> generate JSON texts that also parse as valid
1274YAML. Please note that YAML has hardcoded limits on (simple) object key 1288YAML. Please note that YAML has hardcoded limits on (simple) object key
1275lengths that JSON doesn't have and also has different and incompatible 1289lengths that JSON doesn't have and also has different and incompatible
1276unicode handling, so you should make sure that your hash keys are 1290unicode character escape syntax, so you should make sure that your hash
1277noticeably shorter than the 1024 "stream characters" YAML allows and that 1291keys are noticeably shorter than the 1024 "stream characters" YAML allows
1278you do not have characters with codepoint values outside the Unicode BMP 1292and that you do not have characters with codepoint values outside the
1279(basic multilingual page). YAML also does not allow C<\/> sequences in 1293Unicode BMP (basic multilingual page). YAML also does not allow C<\/>
1280strings (which JSON::XS does not I<currently> generate, but other JSON 1294sequences in strings (which JSON::XS does not I<currently> generate, but
1281generators might). 1295other JSON generators might).
1282 1296
1283There might be other incompatibilities that I am not aware of (or the YAML 1297There might be other incompatibilities that I am not aware of (or the YAML
1284specification has been changed yet again - it does so quite often). In 1298specification has been changed yet again - it does so quite often). In
1285general you should not try to generate YAML with a JSON generator or vice 1299general you should not try to generate YAML with a JSON generator or vice
1286versa, or try to parse JSON with a YAML parser or vice versa: chances are 1300versa, or try to parse JSON with a YAML parser or vice versa: chances are
1305that difficult or long) and finally make YAML compatible to it, and 1319that difficult or long) and finally make YAML compatible to it, and
1306educating users about the changes, instead of spreading lies about the 1320educating users about the changes, instead of spreading lies about the
1307real compatibility for many I<years> and trying to silence people who 1321real compatibility for many I<years> and trying to silence people who
1308point out that it isn't true. 1322point out that it isn't true.
1309 1323
1324Addendum/2009: the YAML 1.2 spec is still incomaptible with JSON, even
1325though the incompatibilities have been documented (and are known to
1326Brian) for many years and the spec makes explicit claims that YAML is a
1327superset of JSON. It would be so easy to fix, but apparently, bullying and
1328corrupting userdata is so much easier.
1329
1310=back 1330=back
1311 1331
1312 1332
1313=head2 SPEED 1333=head2 SPEED
1314 1334
1321a very short single-line JSON string (also available at 1341a very short single-line JSON string (also available at
1322L<http://dist.schmorp.de/misc/json/short.json>). 1342L<http://dist.schmorp.de/misc/json/short.json>).
1323 1343
1324 {"method": "handleMessage", "params": ["user1", 1344 {"method": "handleMessage", "params": ["user1",
1325 "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7, 1345 "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7,
1326 true, false]} 1346 1, 0]}
1327 1347
1328It shows the number of encodes/decodes per second (JSON::XS uses 1348It shows the number of encodes/decodes per second (JSON::XS uses
1329the functional interface, while JSON::XS/2 uses the OO interface 1349the functional interface, while JSON::XS/2 uses the OO interface
1330with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables 1350with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables
1331shrink). Higher is better: 1351shrink. JSON::DWIW/DS uses the deserialise function, while JSON::DWIW::FJ
1352uses the from_json method). Higher is better:
1332 1353
1333 module | encode | decode | 1354 module | encode | decode |
1334 -----------|------------|------------| 1355 --------------|------------|------------|
1335 JSON 1.x | 4990.842 | 4088.813 | 1356 JSON::DWIW/DS | 86302.551 | 102300.098 |
1336 JSON::DWIW | 51653.990 | 71575.154 | 1357 JSON::DWIW/FJ | 86302.551 | 75983.768 |
1337 JSON::PC | 65948.176 | 74631.744 | 1358 JSON::PP | 15827.562 | 6638.658 |
1338 JSON::PP | 8931.652 | 3817.168 | 1359 JSON::Syck | 63358.066 | 47662.545 |
1339 JSON::Syck | 24877.248 | 27776.848 | 1360 JSON::XS | 511500.488 | 511500.488 |
1340 JSON::XS | 388361.481 | 227951.304 | 1361 JSON::XS/2 | 291271.111 | 388361.481 |
1341 JSON::XS/2 | 227951.304 | 218453.333 | 1362 JSON::XS/3 | 361577.931 | 361577.931 |
1342 JSON::XS/3 | 338250.323 | 218453.333 | 1363 Storable | 66788.280 | 265462.278 |
1343 Storable | 16500.016 | 135300.129 |
1344 -----------+------------+------------+ 1364 --------------+------------+------------+
1345 1365
1346That is, JSON::XS is about five times faster than JSON::DWIW on encoding, 1366That is, JSON::XS is almost six times faster than JSON::DWIW on encoding,
1347about three times faster on decoding, and over forty times faster 1367about five times faster on decoding, and over thirty to seventy times
1348than JSON, even with pretty-printing and key sorting. It also compares 1368faster than JSON's pure perl implementation. It also compares favourably
1349favourably to Storable for small amounts of data. 1369to Storable for small amounts of data.
1350 1370
1351Using a longer test string (roughly 18KB, generated from Yahoo! Locals 1371Using a longer test string (roughly 18KB, generated from Yahoo! Locals
1352search API (L<http://dist.schmorp.de/misc/json/long.json>). 1372search API (L<http://dist.schmorp.de/misc/json/long.json>).
1353 1373
1354 module | encode | decode | 1374 module | encode | decode |
1355 -----------|------------|------------| 1375 --------------|------------|------------|
1356 JSON 1.x | 55.260 | 34.971 | 1376 JSON::DWIW/DS | 1647.927 | 2673.916 |
1357 JSON::DWIW | 825.228 | 1082.513 | 1377 JSON::DWIW/FJ | 1630.249 | 2596.128 |
1358 JSON::PC | 3571.444 | 2394.829 |
1359 JSON::PP | 210.987 | 32.574 | 1378 JSON::PP | 400.640 | 62.311 |
1360 JSON::Syck | 552.551 | 787.544 | 1379 JSON::Syck | 1481.040 | 1524.869 |
1361 JSON::XS | 5780.463 | 4854.519 | 1380 JSON::XS | 20661.596 | 9541.183 |
1362 JSON::XS/2 | 3869.998 | 4798.975 | 1381 JSON::XS/2 | 10683.403 | 9416.938 |
1363 JSON::XS/3 | 5862.880 | 4798.975 | 1382 JSON::XS/3 | 20661.596 | 9400.054 |
1364 Storable | 4445.002 | 5235.027 | 1383 Storable | 19765.806 | 10000.725 |
1365 -----------+------------+------------+ 1384 --------------+------------+------------+
1366 1385
1367Again, JSON::XS leads by far (except for Storable which non-surprisingly 1386Again, JSON::XS leads by far (except for Storable which non-surprisingly
1368decodes faster). 1387decodes a bit faster).
1369 1388
1370On large strings containing lots of high Unicode characters, some modules 1389On large strings containing lots of high Unicode characters, some modules
1371(such as JSON::PC) seem to decode faster than JSON::XS, but the result 1390(such as JSON::PC) seem to decode faster than JSON::XS, but the result
1372will be broken due to missing (or wrong) Unicode handling. Others refuse 1391will be broken due to missing (or wrong) Unicode handling. Others refuse
1373to decode or encode properly, so it was impossible to prepare a fair 1392to decode or encode properly, so it was impossible to prepare a fair
1409information you might want to make sure that exceptions thrown by JSON::XS 1428information you might want to make sure that exceptions thrown by JSON::XS
1410will not end up in front of untrusted eyes. 1429will not end up in front of untrusted eyes.
1411 1430
1412If you are using JSON::XS to return packets to consumption 1431If you are using JSON::XS to return packets to consumption
1413by JavaScript scripts in a browser you should have a look at 1432by JavaScript scripts in a browser you should have a look at
1414L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether 1433L<http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> to
1415you are vulnerable to some common attack vectors (which really are browser 1434see whether you are vulnerable to some common attack vectors (which really
1416design bugs, but it is still you who will have to deal with it, as major 1435are browser design bugs, but it is still you who will have to deal with
1417browser developers care only for features, not about getting security 1436it, as major browser developers care only for features, not about getting
1418right). 1437security right).
1419 1438
1420 1439
1421=head1 THREADS 1440=head1 THREADS
1422 1441
1423This module is I<not> guaranteed to be thread safe and there are no 1442This module is I<not> guaranteed to be thread safe and there are no

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines