| … | |
… | |
| 40 | Beginning with version 2.0 of the JSON module, when both JSON and |
40 | Beginning with version 2.0 of the JSON module, when both JSON and |
| 41 | JSON::XS are installed, then JSON will fall back on JSON::XS (this can be |
41 | JSON::XS are installed, then JSON will fall back on JSON::XS (this can be |
| 42 | overridden) with no overhead due to emulation (by inheriting constructor |
42 | overridden) with no overhead due to emulation (by inheriting constructor |
| 43 | and methods). If JSON::XS is not available, it will fall back to the |
43 | and methods). If JSON::XS is not available, it will fall back to the |
| 44 | compatible JSON::PP module as backend, so using JSON instead of JSON::XS |
44 | compatible JSON::PP module as backend, so using JSON instead of JSON::XS |
| 45 | gives you a portable JSON API that can be fast when you need and doesn't |
45 | gives you a portable JSON API that can be fast when you need it and |
| 46 | require a C compiler when that is a problem. |
46 | doesn't require a C compiler when that is a problem. |
| 47 | |
47 | |
| 48 | As this is the n-th-something JSON module on CPAN, what was the reason |
48 | As this is the n-th-something JSON module on CPAN, what was the reason |
| 49 | to write yet another JSON module? While it seems there are many JSON |
49 | to write yet another JSON module? While it seems there are many JSON |
| 50 | modules, none of them correctly handle all corner cases, and in most cases |
50 | modules, none of them correctly handle all corner cases, and in most cases |
| 51 | their maintainers are unresponsive, gone missing, or not listening to bug |
51 | their maintainers are unresponsive, gone missing, or not listening to bug |
| … | |
… | |
| 101 | |
101 | |
| 102 | package JSON::XS; |
102 | package JSON::XS; |
| 103 | |
103 | |
| 104 | use common::sense; |
104 | use common::sense; |
| 105 | |
105 | |
| 106 | our $VERSION = '3.0'; |
106 | our $VERSION = 3.04; |
| 107 | our @ISA = qw(Exporter); |
107 | our @ISA = qw(Exporter); |
| 108 | |
108 | |
| 109 | our @EXPORT = qw(encode_json decode_json); |
109 | our @EXPORT = qw(encode_json decode_json); |
| 110 | |
110 | |
| 111 | use Exporter; |
111 | use Exporter; |
| … | |
… | |
| 131 | |
131 | |
| 132 | Except being faster. |
132 | Except being faster. |
| 133 | |
133 | |
| 134 | =item $perl_scalar = decode_json $json_text |
134 | =item $perl_scalar = decode_json $json_text |
| 135 | |
135 | |
| 136 | The opposite of C<encode_json>: expects an UTF-8 (binary) string and tries |
136 | The opposite of C<encode_json>: expects a UTF-8 (binary) string and tries |
| 137 | to parse that as an UTF-8 encoded JSON text, returning the resulting |
137 | to parse that as a UTF-8 encoded JSON text, returning the resulting |
| 138 | reference. Croaks on error. |
138 | reference. Croaks on error. |
| 139 | |
139 | |
| 140 | This function call is functionally identical to: |
140 | This function call is functionally identical to: |
| 141 | |
141 | |
| 142 | $perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
142 | $perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
| … | |
… | |
| 270 | |
270 | |
| 271 | =item $enabled = $json->get_utf8 |
271 | =item $enabled = $json->get_utf8 |
| 272 | |
272 | |
| 273 | If C<$enable> is true (or missing), then the C<encode> method will encode |
273 | If C<$enable> is true (or missing), then the C<encode> method will encode |
| 274 | the JSON result into UTF-8, as required by many protocols, while the |
274 | the JSON result into UTF-8, as required by many protocols, while the |
| 275 | C<decode> method expects to be handled an UTF-8-encoded string. Please |
275 | C<decode> method expects to be handed a UTF-8-encoded string. Please |
| 276 | note that UTF-8-encoded strings do not contain any characters outside the |
276 | note that UTF-8-encoded strings do not contain any characters outside the |
| 277 | range C<0..255>, they are thus useful for bytewise/binary I/O. In future |
277 | range C<0..255>, they are thus useful for bytewise/binary I/O. In future |
| 278 | versions, enabling this option might enable autodetection of the UTF-16 |
278 | versions, enabling this option might enable autodetection of the UTF-16 |
| 279 | and UTF-32 encoding families, as described in RFC4627. |
279 | and UTF-32 encoding families, as described in RFC4627. |
| 280 | |
280 | |
| … | |
… | |
| 365 | |
365 | |
| 366 | =item $enabled = $json->get_relaxed |
366 | =item $enabled = $json->get_relaxed |
| 367 | |
367 | |
| 368 | If C<$enable> is true (or missing), then C<decode> will accept some |
368 | If C<$enable> is true (or missing), then C<decode> will accept some |
| 369 | extensions to normal JSON syntax (see below). C<encode> will not be |
369 | extensions to normal JSON syntax (see below). C<encode> will not be |
| 370 | affected in anyway. I<Be aware that this option makes you accept invalid |
370 | affected in any way. I<Be aware that this option makes you accept invalid |
| 371 | JSON texts as if they were valid!>. I suggest only to use this option to |
371 | JSON texts as if they were valid!>. I suggest only to use this option to |
| 372 | parse application-specific files written by humans (configuration files, |
372 | parse application-specific files written by humans (configuration files, |
| 373 | resource files etc.) |
373 | resource files etc.) |
| 374 | |
374 | |
| 375 | If C<$enable> is false (the default), then C<decode> will only accept |
375 | If C<$enable> is false (the default), then C<decode> will only accept |
| … | |
… | |
| 404 | [ |
404 | [ |
| 405 | 1, # this comment not allowed in JSON |
405 | 1, # this comment not allowed in JSON |
| 406 | # neither this one... |
406 | # neither this one... |
| 407 | ] |
407 | ] |
| 408 | |
408 | |
|
|
409 | =item * literal ASCII TAB characters in strings |
|
|
410 | |
|
|
411 | Literal ASCII TAB characters are now allowed in strings (and treated as |
|
|
412 | C<\t>). |
|
|
413 | |
|
|
414 | [ |
|
|
415 | "Hello\tWorld", |
|
|
416 | "Hello<TAB>World", # literal <TAB> would not normally be allowed |
|
|
417 | ] |
|
|
418 | |
| 409 | =back |
419 | =back |
| 410 | |
420 | |
| 411 | =item $json = $json->canonical ([$enable]) |
421 | =item $json = $json->canonical ([$enable]) |
| 412 | |
422 | |
| 413 | =item $enabled = $json->get_canonical |
423 | =item $enabled = $json->get_canonical |
| … | |
… | |
| 467 | |
477 | |
| 468 | =item $json = $json->allow_blessed ([$enable]) |
478 | =item $json = $json->allow_blessed ([$enable]) |
| 469 | |
479 | |
| 470 | =item $enabled = $json->get_allow_blessed |
480 | =item $enabled = $json->get_allow_blessed |
| 471 | |
481 | |
|
|
482 | See L<OBJECT SERIALISATION> for details. |
|
|
483 | |
| 472 | If C<$enable> is true (or missing), then the C<encode> method will not |
484 | If C<$enable> is true (or missing), then the C<encode> method will not |
| 473 | barf when it encounters a blessed reference. Instead, the value of the |
485 | barf when it encounters a blessed reference that it cannot convert |
| 474 | B<convert_blessed> option will decide whether C<null> (C<convert_blessed> |
486 | otherwise. Instead, a JSON C<null> value is encoded instead of the object. |
| 475 | disabled or no C<TO_JSON> method found) or a representation of the |
|
|
| 476 | object (C<convert_blessed> enabled and C<TO_JSON> method found) is being |
|
|
| 477 | encoded. Has no effect on C<decode>. |
|
|
| 478 | |
487 | |
| 479 | If C<$enable> is false (the default), then C<encode> will throw an |
488 | If C<$enable> is false (the default), then C<encode> will throw an |
| 480 | exception when it encounters a blessed object. |
489 | exception when it encounters a blessed object that it cannot convert |
|
|
490 | otherwise. |
|
|
491 | |
|
|
492 | This setting has no effect on C<decode>. |
| 481 | |
493 | |
| 482 | =item $json = $json->convert_blessed ([$enable]) |
494 | =item $json = $json->convert_blessed ([$enable]) |
| 483 | |
495 | |
| 484 | =item $enabled = $json->get_convert_blessed |
496 | =item $enabled = $json->get_convert_blessed |
|
|
497 | |
|
|
498 | See L<OBJECT SERIALISATION> for details. |
| 485 | |
499 | |
| 486 | If C<$enable> is true (or missing), then C<encode>, upon encountering a |
500 | If C<$enable> is true (or missing), then C<encode>, upon encountering a |
| 487 | blessed object, will check for the availability of the C<TO_JSON> method |
501 | blessed object, will check for the availability of the C<TO_JSON> method |
| 488 | on the object's class. If found, it will be called in scalar context |
502 | on the object's class. If found, it will be called in scalar context and |
| 489 | and the resulting scalar will be encoded instead of the object. If no |
503 | the resulting scalar will be encoded instead of the object. |
| 490 | C<TO_JSON> method is found, the value of C<allow_blessed> will decide what |
|
|
| 491 | to do. |
|
|
| 492 | |
504 | |
| 493 | The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON> |
505 | The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON> |
| 494 | returns other blessed objects, those will be handled in the same |
506 | returns other blessed objects, those will be handled in the same |
| 495 | way. C<TO_JSON> must take care of not causing an endless recursion cycle |
507 | way. C<TO_JSON> must take care of not causing an endless recursion cycle |
| 496 | (== crash) in this case. The name of C<TO_JSON> was chosen because other |
508 | (== crash) in this case. The name of C<TO_JSON> was chosen because other |
| 497 | methods called by the Perl core (== not by the user of the object) are |
509 | methods called by the Perl core (== not by the user of the object) are |
| 498 | usually in upper case letters and to avoid collisions with any C<to_json> |
510 | usually in upper case letters and to avoid collisions with any C<to_json> |
| 499 | function or method. |
511 | function or method. |
| 500 | |
512 | |
| 501 | This setting does not yet influence C<decode> in any way, but in the |
513 | If C<$enable> is false (the default), then C<encode> will not consider |
| 502 | future, global hooks might get installed that influence C<decode> and are |
514 | this type of conversion. |
| 503 | enabled by this setting. |
|
|
| 504 | |
515 | |
| 505 | If C<$enable> is false, then the C<allow_blessed> setting will decide what |
516 | This setting has no effect on C<decode>. |
| 506 | to do when a blessed object is found. |
517 | |
|
|
518 | =item $json = $json->allow_tags ([$enable]) |
|
|
519 | |
|
|
520 | =item $enabled = $json->allow_tags |
|
|
521 | |
|
|
522 | See L<OBJECT SERIALISATION> for details. |
|
|
523 | |
|
|
524 | If C<$enable> is true (or missing), then C<encode>, upon encountering a |
|
|
525 | blessed object, will check for the availability of the C<FREEZE> method on |
|
|
526 | the object's class. If found, it will be used to serialise the object into |
|
|
527 | a nonstandard tagged JSON value (that JSON decoders cannot decode). |
|
|
528 | |
|
|
529 | It also causes C<decode> to parse such tagged JSON values and deserialise |
|
|
530 | them via a call to the C<THAW> method. |
|
|
531 | |
|
|
532 | If C<$enable> is false (the default), then C<encode> will not consider |
|
|
533 | this type of conversion, and tagged JSON values will cause a parse error |
|
|
534 | in C<decode>, as if tags were not part of the grammar. |
| 507 | |
535 | |
| 508 | =item $json = $json->filter_json_object ([$coderef->($hashref)]) |
536 | =item $json = $json->filter_json_object ([$coderef->($hashref)]) |
| 509 | |
537 | |
| 510 | When C<$coderef> is specified, it will be called from C<decode> each |
538 | When C<$coderef> is specified, it will be called from C<decode> each |
| 511 | time it decodes a JSON object. The only argument is a reference to the |
539 | time it decodes a JSON object. The only argument is a reference to the |
| … | |
… | |
| 669 | |
697 | |
| 670 | This is useful if your JSON texts are not delimited by an outer protocol |
698 | This is useful if your JSON texts are not delimited by an outer protocol |
| 671 | and you need to know where the JSON text ends. |
699 | and you need to know where the JSON text ends. |
| 672 | |
700 | |
| 673 | JSON::XS->new->decode_prefix ("[1] the tail") |
701 | JSON::XS->new->decode_prefix ("[1] the tail") |
| 674 | => ([], 3) |
702 | => ([1], 3) |
| 675 | |
703 | |
| 676 | =back |
704 | =back |
| 677 | |
705 | |
| 678 | |
706 | |
| 679 | =head1 INCREMENTAL PARSING |
707 | =head1 INCREMENTAL PARSING |
| … | |
… | |
| 720 | C<incr_skip> to skip the erroneous part). This is the most common way of |
748 | C<incr_skip> to skip the erroneous part). This is the most common way of |
| 721 | using the method. |
749 | using the method. |
| 722 | |
750 | |
| 723 | And finally, in list context, it will try to extract as many objects |
751 | And finally, in list context, it will try to extract as many objects |
| 724 | from the stream as it can find and return them, or the empty list |
752 | from the stream as it can find and return them, or the empty list |
| 725 | otherwise. For this to work, there must be no separators between the JSON |
753 | otherwise. For this to work, there must be no separators (other than |
| 726 | objects or arrays, instead they must be concatenated back-to-back. If |
754 | whitespace) between the JSON objects or arrays, instead they must be |
| 727 | an error occurs, an exception will be raised as in the scalar context |
755 | concatenated back-to-back. If an error occurs, an exception will be |
| 728 | case. Note that in this case, any previously-parsed JSON texts will be |
756 | raised as in the scalar context case. Note that in this case, any |
| 729 | lost. |
757 | previously-parsed JSON texts will be lost. |
| 730 | |
758 | |
| 731 | Example: Parse some JSON arrays/objects in a given string and return |
759 | Example: Parse some JSON arrays/objects in a given string and return |
| 732 | them. |
760 | them. |
| 733 | |
761 | |
| 734 | my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]"); |
762 | my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]"); |
| … | |
… | |
| 740 | C<incr_parse> in I<scalar context> successfully returned an object. Under |
768 | C<incr_parse> in I<scalar context> successfully returned an object. Under |
| 741 | all other circumstances you must not call this function (I mean it. |
769 | all other circumstances you must not call this function (I mean it. |
| 742 | although in simple tests it might actually work, it I<will> fail under |
770 | although in simple tests it might actually work, it I<will> fail under |
| 743 | real world conditions). As a special exception, you can also call this |
771 | real world conditions). As a special exception, you can also call this |
| 744 | method before having parsed anything. |
772 | method before having parsed anything. |
|
|
773 | |
|
|
774 | That means you can only use this function to look at or manipulate text |
|
|
775 | before or after complete JSON objects, not while the parser is in the |
|
|
776 | middle of parsing a JSON object. |
| 745 | |
777 | |
| 746 | This function is useful in two cases: a) finding the trailing text after a |
778 | This function is useful in two cases: a) finding the trailing text after a |
| 747 | JSON object or b) parsing multiple JSON objects separated by non-JSON text |
779 | JSON object or b) parsing multiple JSON objects separated by non-JSON text |
| 748 | (such as commas). |
780 | (such as commas). |
| 749 | |
781 | |
| … | |
… | |
| 999 | Another nonstandard extension to the JSON syntax, enabled with the |
1031 | Another nonstandard extension to the JSON syntax, enabled with the |
| 1000 | C<allow_tags> setting, are tagged values. In this implementation, the |
1032 | C<allow_tags> setting, are tagged values. In this implementation, the |
| 1001 | I<tag> must be a perl package/class name encoded as a JSON string, and the |
1033 | I<tag> must be a perl package/class name encoded as a JSON string, and the |
| 1002 | I<value> must be a JSON array encoding optional constructor arguments. |
1034 | I<value> must be a JSON array encoding optional constructor arguments. |
| 1003 | |
1035 | |
| 1004 | See "OBJECT SERIALISATION", below, for details. |
1036 | See L<OBJECT SERIALISATION>, below, for details. |
| 1005 | |
1037 | |
| 1006 | =back |
1038 | =back |
| 1007 | |
1039 | |
| 1008 | |
1040 | |
| 1009 | =head2 PERL -> JSON |
1041 | =head2 PERL -> JSON |
| … | |
… | |
| 1048 | directly if you want. |
1080 | directly if you want. |
| 1049 | |
1081 | |
| 1050 | =item blessed objects |
1082 | =item blessed objects |
| 1051 | |
1083 | |
| 1052 | Blessed objects are not directly representable in JSON, but C<JSON::XS> |
1084 | Blessed objects are not directly representable in JSON, but C<JSON::XS> |
| 1053 | allows various ways of handling objects. See "OBJECT SERIALISATION", |
1085 | allows various ways of handling objects. See L<OBJECT SERIALISATION>, |
| 1054 | below, for details. |
1086 | below, for details. |
| 1055 | |
1087 | |
| 1056 | =item simple scalars |
1088 | =item simple scalars |
| 1057 | |
1089 | |
| 1058 | Simple Perl scalars (any scalar that is not a reference) are the most |
1090 | Simple Perl scalars (any scalar that is not a reference) are the most |
| … | |
… | |
| 1111 | C<allow_blessed>, C<convert_blessed> and C<allow_tags> settings, which are |
1143 | C<allow_blessed>, C<convert_blessed> and C<allow_tags> settings, which are |
| 1112 | used in this order: |
1144 | used in this order: |
| 1113 | |
1145 | |
| 1114 | =over 4 |
1146 | =over 4 |
| 1115 | |
1147 | |
| 1116 | =item 1. C<allow_tags> is enabled and object has a C<FREEZE> method. |
1148 | =item 1. C<allow_tags> is enabled and the object has a C<FREEZE> method. |
| 1117 | |
1149 | |
| 1118 | In this case, C<JSON::XS> uses the L<Types::Serialiser> object |
1150 | In this case, C<JSON::XS> uses the L<Types::Serialiser> object |
| 1119 | serialisation protocol to create a tagged JSON value, using a nonstandard |
1151 | serialisation protocol to create a tagged JSON value, using a nonstandard |
| 1120 | extension to the JSON syntax. |
1152 | extension to the JSON syntax. |
| 1121 | |
1153 | |
| … | |
… | |
| 1127 | more). These values and the paclkage/classname of the object will then be |
1159 | more). These values and the paclkage/classname of the object will then be |
| 1128 | encoded as a tagged JSON value in the following format: |
1160 | encoded as a tagged JSON value in the following format: |
| 1129 | |
1161 | |
| 1130 | ("classname")[FREEZE return values...] |
1162 | ("classname")[FREEZE return values...] |
| 1131 | |
1163 | |
|
|
1164 | e.g.: |
|
|
1165 | |
|
|
1166 | ("URI")["http://www.google.com/"] |
|
|
1167 | ("MyDate")[2013,10,29] |
|
|
1168 | ("ImageData::JPEG")["Z3...VlCg=="] |
|
|
1169 | |
| 1132 | For example, the hypothetical C<My::Object> C<FREEZE> method might use the |
1170 | For example, the hypothetical C<My::Object> C<FREEZE> method might use the |
| 1133 | objects C<type> and C<id> members to encode the object: |
1171 | objects C<type> and C<id> members to encode the object: |
| 1134 | |
1172 | |
| 1135 | sub My::Object::FREEZE { |
1173 | sub My::Object::FREEZE { |
| 1136 | my ($self, $serialiser) = @_; |
1174 | my ($self, $serialiser) = @_; |
| 1137 | |
1175 | |
| 1138 | ($self->{type}, $self->{id}) |
1176 | ($self->{type}, $self->{id}) |
| 1139 | } |
1177 | } |
| 1140 | |
1178 | |
| 1141 | =item 2. C<convert_blessed> is enabled and object has a C<TO_JSON> method. |
1179 | =item 2. C<convert_blessed> is enabled and the object has a C<TO_JSON> method. |
| 1142 | |
1180 | |
| 1143 | In this case, the C<TO_JSON> method of the object is invoked in scalar |
1181 | In this case, the C<TO_JSON> method of the object is invoked in scalar |
| 1144 | context. It must return a single scalar that can be directly encoded into |
1182 | context. It must return a single scalar that can be directly encoded into |
| 1145 | JSON. This scalar replaces the object in the JSON text. |
1183 | JSON. This scalar replaces the object in the JSON text. |
| 1146 | |
1184 | |
| … | |
… | |
| 1176 | This section only considers the tagged value case: I a tagged JSON object |
1214 | This section only considers the tagged value case: I a tagged JSON object |
| 1177 | is encountered during decoding and C<allow_tags> is disabled, a parse |
1215 | is encountered during decoding and C<allow_tags> is disabled, a parse |
| 1178 | error will result (as if tagged values were not part of the grammar). |
1216 | error will result (as if tagged values were not part of the grammar). |
| 1179 | |
1217 | |
| 1180 | If C<allow_tags> is enabled, C<JSON::XS> will look up the C<THAW> method |
1218 | If C<allow_tags> is enabled, C<JSON::XS> will look up the C<THAW> method |
| 1181 | of the package/classname used during serialisation. If there is no such |
1219 | of the package/classname used during serialisation (it will not attempt |
|
|
1220 | to load the package as a Perl module). If there is no such method, the |
| 1182 | method, the decoding will fail with an error. |
1221 | decoding will fail with an error. |
| 1183 | |
1222 | |
| 1184 | Otherwise, the C<THAW> method is invoked with the classname as first |
1223 | Otherwise, the C<THAW> method is invoked with the classname as first |
| 1185 | argument, the constant string C<JSON> as second argument, and all the |
1224 | argument, the constant string C<JSON> as second argument, and all the |
| 1186 | values from the JSON array (the values originally returned by the |
1225 | values from the JSON array (the values originally returned by the |
| 1187 | C<FREEZE> method) as remaining arguments. |
1226 | C<FREEZE> method) as remaining arguments. |
| … | |
… | |
| 1250 | expect your input strings to be encoded as UTF-8, that is, no "character" |
1289 | expect your input strings to be encoded as UTF-8, that is, no "character" |
| 1251 | of the input string must have any value > 255, as UTF-8 does not allow |
1290 | of the input string must have any value > 255, as UTF-8 does not allow |
| 1252 | that. |
1291 | that. |
| 1253 | |
1292 | |
| 1254 | The C<utf8> flag therefore switches between two modes: disabled means you |
1293 | The C<utf8> flag therefore switches between two modes: disabled means you |
| 1255 | will get a Unicode string in Perl, enabled means you get an UTF-8 encoded |
1294 | will get a Unicode string in Perl, enabled means you get a UTF-8 encoded |
| 1256 | octet/binary string in Perl. |
1295 | octet/binary string in Perl. |
| 1257 | |
1296 | |
| 1258 | =item C<latin1> or C<ascii> flags enabled |
1297 | =item C<latin1> or C<ascii> flags enabled |
| 1259 | |
1298 | |
| 1260 | With C<latin1> (or C<ascii>) enabled, C<encode> will escape characters |
1299 | With C<latin1> (or C<ascii>) enabled, C<encode> will escape characters |
| … | |
… | |
| 1528 | are browser design bugs, but it is still you who will have to deal with |
1567 | are browser design bugs, but it is still you who will have to deal with |
| 1529 | it, as major browser developers care only for features, not about getting |
1568 | it, as major browser developers care only for features, not about getting |
| 1530 | security right). |
1569 | security right). |
| 1531 | |
1570 | |
| 1532 | |
1571 | |
|
|
1572 | =head1 "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159) |
|
|
1573 | |
|
|
1574 | TL;DR: Due to security concerns, JSON::XS will not allow scalar data in |
|
|
1575 | JSON texts by default - you need to create your own JSON::XS object and |
|
|
1576 | enable C<allow_nonref>: |
|
|
1577 | |
|
|
1578 | |
|
|
1579 | my $json = JSON::XS->new->allow_nonref; |
|
|
1580 | |
|
|
1581 | $text = $json->encode ($data); |
|
|
1582 | $data = $json->decode ($text); |
|
|
1583 | |
|
|
1584 | The long version: JSON being an important and supposedly stable format, |
|
|
1585 | the IETF standardised it as RFC 4627 in 2006. Unfortunately, the inventor |
|
|
1586 | of JSON, Dougles Crockford, unilaterally changed the definition of JSON in |
|
|
1587 | javascript. Rather than create a fork, the IETF decided to standardise the |
|
|
1588 | new syntax (apparently, so Iw as told, without finding it very amusing). |
|
|
1589 | |
|
|
1590 | The biggest difference between thed original JSON and the new JSON is that |
|
|
1591 | the new JSON supports scalars (anything other than arrays and objects) at |
|
|
1592 | the toplevel of a JSON text. While this is strictly backwards compatible |
|
|
1593 | to older versions, it breaks a number of protocols that relied on sending |
|
|
1594 | JSON back-to-back, and is a minor security concern. |
|
|
1595 | |
|
|
1596 | For example, imagine you have two banks communicating, and on one side, |
|
|
1597 | trhe JSON coder gets upgraded. Two messages, such as C<10> and C<1000> |
|
|
1598 | might then be confused to mean C<101000>, something that couldn't happen |
|
|
1599 | in the original JSON, because niether of these messages would be valid |
|
|
1600 | JSON. |
|
|
1601 | |
|
|
1602 | If one side accepts these messages, then an upgrade in the coder on either |
|
|
1603 | side could result in this becoming exploitable. |
|
|
1604 | |
|
|
1605 | This module has always allowed these messages as an optional extension, by |
|
|
1606 | default disabled. The security concerns are the reason why the default is |
|
|
1607 | still disabled, but future versions might/will likely upgrade to the newer |
|
|
1608 | RFC as default format, so you are advised to check your implementation |
|
|
1609 | and/or override the default with C<< ->allow_nonref (0) >> to ensure that |
|
|
1610 | future versions are safe. |
|
|
1611 | |
|
|
1612 | |
| 1533 | =head1 INTEROPERABILITY WITH OTHER MODULES |
1613 | =head1 INTEROPERABILITY WITH OTHER MODULES |
| 1534 | |
1614 | |
| 1535 | C<JSON::XS> uses the L<Types::Serialiser> module to provide boolean |
1615 | C<JSON::XS> uses the L<Types::Serialiser> module to provide boolean |
| 1536 | constants. That means that the JSON true and false values will be |
1616 | constants. That means that the JSON true and false values will be |
| 1537 | comaptible to true and false values of iother modules that do the same, |
1617 | comaptible to true and false values of other modules that do the same, |
| 1538 | such as L<JSON::PP> and L<CBOR::XS>. |
1618 | such as L<JSON::PP> and L<CBOR::XS>. |
| 1539 | |
1619 | |
| 1540 | |
1620 | |
|
|
1621 | =head1 INTEROPERABILITY WITH OTHER JSON DECODERS |
|
|
1622 | |
|
|
1623 | As long as you only serialise data that can be directly expressed in JSON, |
|
|
1624 | C<JSON::XS> is incapable of generating invalid JSON output (modulo bugs, |
|
|
1625 | but C<JSON::XS> has found more bugs in the official JSON testsuite (1) |
|
|
1626 | than the official JSON testsuite has found in C<JSON::XS> (0)). |
|
|
1627 | |
|
|
1628 | When you have trouble decoding JSON generated by this module using other |
|
|
1629 | decoders, then it is very likely that you have an encoding mismatch or the |
|
|
1630 | other decoder is broken. |
|
|
1631 | |
|
|
1632 | When decoding, C<JSON::XS> is strict by default and will likely catch all |
|
|
1633 | errors. There are currently two settings that change this: C<relaxed> |
|
|
1634 | makes C<JSON::XS> accept (but not generate) some non-standard extensions, |
|
|
1635 | and C<allow_tags> will allow you to encode and decode Perl objects, at the |
|
|
1636 | cost of not outputting valid JSON anymore. |
|
|
1637 | |
|
|
1638 | =head2 TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS |
|
|
1639 | |
|
|
1640 | When you use C<allow_tags> to use the extended (and also nonstandard and |
|
|
1641 | invalid) JSON syntax for serialised objects, and you still want to decode |
|
|
1642 | the generated When you want to serialise objects, you can run a regex |
|
|
1643 | to replace the tagged syntax by standard JSON arrays (it only works for |
|
|
1644 | "normal" package names without comma, newlines or single colons). First, |
|
|
1645 | the readable Perl version: |
|
|
1646 | |
|
|
1647 | # if your FREEZE methods return no values, you need this replace first: |
|
|
1648 | $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx; |
|
|
1649 | |
|
|
1650 | # this works for non-empty constructor arg lists: |
|
|
1651 | $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx; |
|
|
1652 | |
|
|
1653 | And here is a less readable version that is easy to adapt to other |
|
|
1654 | languages: |
|
|
1655 | |
|
|
1656 | $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g; |
|
|
1657 | |
|
|
1658 | Here is an ECMAScript version (same regex): |
|
|
1659 | |
|
|
1660 | json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,"); |
|
|
1661 | |
|
|
1662 | Since this syntax converts to standard JSON arrays, it might be hard to |
|
|
1663 | distinguish serialised objects from normal arrays. You can prepend a |
|
|
1664 | "magic number" as first array element to reduce chances of a collision: |
|
|
1665 | |
|
|
1666 | $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g; |
|
|
1667 | |
|
|
1668 | And after decoding the JSON text, you could walk the data |
|
|
1669 | structure looking for arrays with a first element of |
|
|
1670 | C<XU1peReLzT4ggEllLanBYq4G9VzliwKF>. |
|
|
1671 | |
|
|
1672 | The same approach can be used to create the tagged format with another |
|
|
1673 | encoder. First, you create an array with the magic string as first member, |
|
|
1674 | the classname as second, and constructor arguments last, encode it as part |
|
|
1675 | of your JSON structure, and then: |
|
|
1676 | |
|
|
1677 | $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g; |
|
|
1678 | |
|
|
1679 | Again, this has some limitations - the magic string must not be encoded |
|
|
1680 | with character escapes, and the constructor arguments must be non-empty. |
|
|
1681 | |
|
|
1682 | |
|
|
1683 | =head1 RFC7159 |
|
|
1684 | |
|
|
1685 | Since this module was written, Google has written a new JSON RFC, RFC 7159 |
|
|
1686 | (and RFC7158). Unfortunately, this RFC breaks compatibility with both the |
|
|
1687 | original JSON specification on www.json.org and RFC4627. |
|
|
1688 | |
|
|
1689 | As far as I can see, you can get partial compatibility when parsing by |
|
|
1690 | using C<< ->allow_nonref >>. However, consider the security implications |
|
|
1691 | of doing so. |
|
|
1692 | |
|
|
1693 | I haven't decided yet when to break compatibility with RFC4627 by default |
|
|
1694 | (and potentially leave applications insecure) and change the default to |
|
|
1695 | follow RFC7159, but application authors are well advised to call C<< |
|
|
1696 | ->allow_nonref(0) >> even if this is the current default, if they cannot |
|
|
1697 | handle non-reference values, in preparation for the day when the default |
|
|
1698 | will change. |
|
|
1699 | |
|
|
1700 | |
| 1541 | =head1 THREADS |
1701 | =head1 (I-)THREADS |
| 1542 | |
1702 | |
| 1543 | This module is I<not> guaranteed to be thread safe and there are no |
1703 | This module is I<not> guaranteed to be ithread (or MULTIPLICITY-) safe |
| 1544 | plans to change this until Perl gets thread support (as opposed to the |
1704 | and there are no plans to change this. Note that perl's builtin so-called |
| 1545 | horribly slow so-called "threads" which are simply slow and bloated |
1705 | threads/ithreads are officially deprecated and should not be used. |
| 1546 | process simulations - use fork, it's I<much> faster, cheaper, better). |
|
|
| 1547 | |
|
|
| 1548 | (It might actually work, but you have been warned). |
|
|
| 1549 | |
1706 | |
| 1550 | |
1707 | |
| 1551 | =head1 THE PERILS OF SETLOCALE |
1708 | =head1 THE PERILS OF SETLOCALE |
| 1552 | |
1709 | |
| 1553 | Sometimes people avoid the Perl locale support and directly call the |
1710 | Sometimes people avoid the Perl locale support and directly call the |
