… | |
… | |
35 | |
35 | |
36 | This module converts Perl data structures to JSON and vice versa. Its |
36 | This module converts Perl data structures to JSON and vice versa. Its |
37 | primary goal is to be I<correct> and its secondary goal is to be |
37 | primary goal is to be I<correct> and its secondary goal is to be |
38 | I<fast>. To reach the latter goal it was written in C. |
38 | I<fast>. To reach the latter goal it was written in C. |
39 | |
39 | |
40 | Beginning with version 2.0 of the JSON module, when both JSON and |
|
|
41 | JSON::XS are installed, then JSON will fall back on JSON::XS (this can be |
|
|
42 | overridden) with no overhead due to emulation (by inheriting constructor |
|
|
43 | and methods). If JSON::XS is not available, it will fall back to the |
|
|
44 | compatible JSON::PP module as backend, so using JSON instead of JSON::XS |
|
|
45 | gives you a portable JSON API that can be fast when you need and doesn't |
|
|
46 | require a C compiler when that is a problem. |
|
|
47 | |
|
|
48 | As this is the n-th-something JSON module on CPAN, what was the reason |
|
|
49 | to write yet another JSON module? While it seems there are many JSON |
|
|
50 | modules, none of them correctly handle all corner cases, and in most cases |
|
|
51 | their maintainers are unresponsive, gone missing, or not listening to bug |
|
|
52 | reports for other reasons. |
|
|
53 | |
|
|
54 | See MAPPING, below, on how JSON::XS maps perl values to JSON values and |
40 | See MAPPING, below, on how JSON::XS maps perl values to JSON values and |
55 | vice versa. |
41 | vice versa. |
56 | |
42 | |
57 | =head2 FEATURES |
43 | =head2 FEATURES |
58 | |
44 | |
59 | =over 4 |
45 | =over |
60 | |
46 | |
61 | =item * correct Unicode handling |
47 | =item * correct Unicode handling |
62 | |
48 | |
63 | This module knows how to handle Unicode, documents how and when it does |
49 | This module knows how to handle Unicode, documents how and when it does |
64 | so, and even documents what "correct" means. |
50 | so, and even documents what "correct" means. |
… | |
… | |
101 | |
87 | |
102 | package JSON::XS; |
88 | package JSON::XS; |
103 | |
89 | |
104 | use common::sense; |
90 | use common::sense; |
105 | |
91 | |
106 | our $VERSION = 3.02; |
92 | our $VERSION = '4.0'; |
107 | our @ISA = qw(Exporter); |
93 | our @ISA = qw(Exporter); |
108 | |
94 | |
109 | our @EXPORT = qw(encode_json decode_json); |
95 | our @EXPORT = qw(encode_json decode_json); |
110 | |
96 | |
111 | use Exporter; |
97 | use Exporter; |
… | |
… | |
116 | =head1 FUNCTIONAL INTERFACE |
102 | =head1 FUNCTIONAL INTERFACE |
117 | |
103 | |
118 | The following convenience methods are provided by this module. They are |
104 | The following convenience methods are provided by this module. They are |
119 | exported by default: |
105 | exported by default: |
120 | |
106 | |
121 | =over 4 |
107 | =over |
122 | |
108 | |
123 | =item $json_text = encode_json $perl_scalar |
109 | =item $json_text = encode_json $perl_scalar |
124 | |
110 | |
125 | Converts the given Perl data structure to a UTF-8 encoded, binary string |
111 | Converts the given Perl data structure to a UTF-8 encoded, binary string |
126 | (that is, the string contains octets only). Croaks on error. |
112 | (that is, the string contains octets only). Croaks on error. |
… | |
… | |
131 | |
117 | |
132 | Except being faster. |
118 | Except being faster. |
133 | |
119 | |
134 | =item $perl_scalar = decode_json $json_text |
120 | =item $perl_scalar = decode_json $json_text |
135 | |
121 | |
136 | The opposite of C<encode_json>: expects an UTF-8 (binary) string and tries |
122 | The opposite of C<encode_json>: expects a UTF-8 (binary) string and tries |
137 | to parse that as an UTF-8 encoded JSON text, returning the resulting |
123 | to parse that as a UTF-8 encoded JSON text, returning the resulting |
138 | reference. Croaks on error. |
124 | reference. Croaks on error. |
139 | |
125 | |
140 | This function call is functionally identical to: |
126 | This function call is functionally identical to: |
141 | |
127 | |
142 | $perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
128 | $perl_scalar = JSON::XS->new->utf8->decode ($json_text) |
… | |
… | |
149 | =head1 A FEW NOTES ON UNICODE AND PERL |
135 | =head1 A FEW NOTES ON UNICODE AND PERL |
150 | |
136 | |
151 | Since this often leads to confusion, here are a few very clear words on |
137 | Since this often leads to confusion, here are a few very clear words on |
152 | how Unicode works in Perl, modulo bugs. |
138 | how Unicode works in Perl, modulo bugs. |
153 | |
139 | |
154 | =over 4 |
140 | =over |
155 | |
141 | |
156 | =item 1. Perl strings can store characters with ordinal values > 255. |
142 | =item 1. Perl strings can store characters with ordinal values > 255. |
157 | |
143 | |
158 | This enables you to store Unicode characters as single characters in a |
144 | This enables you to store Unicode characters as single characters in a |
159 | Perl string - very natural. |
145 | Perl string - very natural. |
… | |
… | |
197 | =head1 OBJECT-ORIENTED INTERFACE |
183 | =head1 OBJECT-ORIENTED INTERFACE |
198 | |
184 | |
199 | The object oriented interface lets you configure your own encoding or |
185 | The object oriented interface lets you configure your own encoding or |
200 | decoding style, within the limits of supported formats. |
186 | decoding style, within the limits of supported formats. |
201 | |
187 | |
202 | =over 4 |
188 | =over |
203 | |
189 | |
204 | =item $json = new JSON::XS |
190 | =item $json = new JSON::XS |
205 | |
191 | |
206 | Creates a new JSON::XS object that can be used to de/encode JSON |
192 | Creates a new JSON::XS object that can be used to de/encode JSON |
207 | strings. All boolean flags described below are by default I<disabled>. |
193 | strings. All boolean flags described below are by default I<disabled> |
|
|
194 | (with the exception of C<allow_nonref>, which defaults to I<enabled> since |
|
|
195 | version C<4.0>). |
208 | |
196 | |
209 | The mutators for flags all return the JSON object again and thus calls can |
197 | The mutators for flags all return the JSON object again and thus calls can |
210 | be chained: |
198 | be chained: |
211 | |
199 | |
212 | my $json = JSON::XS->new->utf8->space_after->encode ({a => [1,2]}) |
200 | my $json = JSON::XS->new->utf8->space_after->encode ({a => [1,2]}) |
… | |
… | |
270 | |
258 | |
271 | =item $enabled = $json->get_utf8 |
259 | =item $enabled = $json->get_utf8 |
272 | |
260 | |
273 | If C<$enable> is true (or missing), then the C<encode> method will encode |
261 | If C<$enable> is true (or missing), then the C<encode> method will encode |
274 | the JSON result into UTF-8, as required by many protocols, while the |
262 | the JSON result into UTF-8, as required by many protocols, while the |
275 | C<decode> method expects to be handled an UTF-8-encoded string. Please |
263 | C<decode> method expects to be handed a UTF-8-encoded string. Please |
276 | note that UTF-8-encoded strings do not contain any characters outside the |
264 | note that UTF-8-encoded strings do not contain any characters outside the |
277 | range C<0..255>, they are thus useful for bytewise/binary I/O. In future |
265 | range C<0..255>, they are thus useful for bytewise/binary I/O. In future |
278 | versions, enabling this option might enable autodetection of the UTF-16 |
266 | versions, enabling this option might enable autodetection of the UTF-16 |
279 | and UTF-32 encoding families, as described in RFC4627. |
267 | and UTF-32 encoding families, as described in RFC4627. |
280 | |
268 | |
… | |
… | |
365 | |
353 | |
366 | =item $enabled = $json->get_relaxed |
354 | =item $enabled = $json->get_relaxed |
367 | |
355 | |
368 | If C<$enable> is true (or missing), then C<decode> will accept some |
356 | If C<$enable> is true (or missing), then C<decode> will accept some |
369 | extensions to normal JSON syntax (see below). C<encode> will not be |
357 | extensions to normal JSON syntax (see below). C<encode> will not be |
370 | affected in anyway. I<Be aware that this option makes you accept invalid |
358 | affected in any way. I<Be aware that this option makes you accept invalid |
371 | JSON texts as if they were valid!>. I suggest only to use this option to |
359 | JSON texts as if they were valid!>. I suggest only to use this option to |
372 | parse application-specific files written by humans (configuration files, |
360 | parse application-specific files written by humans (configuration files, |
373 | resource files etc.) |
361 | resource files etc.) |
374 | |
362 | |
375 | If C<$enable> is false (the default), then C<decode> will only accept |
363 | If C<$enable> is false (the default), then C<decode> will only accept |
376 | valid JSON texts. |
364 | valid JSON texts. |
377 | |
365 | |
378 | Currently accepted extensions are: |
366 | Currently accepted extensions are: |
379 | |
367 | |
380 | =over 4 |
368 | =over |
381 | |
369 | |
382 | =item * list items can have an end-comma |
370 | =item * list items can have an end-comma |
383 | |
371 | |
384 | JSON I<separates> array elements and key-value pairs with commas. This |
372 | JSON I<separates> array elements and key-value pairs with commas. This |
385 | can be annoying if you write JSON texts manually and want to be able to |
373 | can be annoying if you write JSON texts manually and want to be able to |
… | |
… | |
441 | |
429 | |
442 | =item $json = $json->allow_nonref ([$enable]) |
430 | =item $json = $json->allow_nonref ([$enable]) |
443 | |
431 | |
444 | =item $enabled = $json->get_allow_nonref |
432 | =item $enabled = $json->get_allow_nonref |
445 | |
433 | |
|
|
434 | Unlike other boolean options, this opotion is enabled by default beginning |
|
|
435 | with version C<4.0>. See L<SECURITY CONSIDERATIONS> for the gory details. |
|
|
436 | |
446 | If C<$enable> is true (or missing), then the C<encode> method can convert a |
437 | If C<$enable> is true (or missing), then the C<encode> method can convert a |
447 | non-reference into its corresponding string, number or null JSON value, |
438 | non-reference into its corresponding string, number or null JSON value, |
448 | which is an extension to RFC4627. Likewise, C<decode> will accept those JSON |
439 | which is an extension to RFC4627. Likewise, C<decode> will accept those JSON |
449 | values instead of croaking. |
440 | values instead of croaking. |
450 | |
441 | |
451 | If C<$enable> is false, then the C<encode> method will croak if it isn't |
442 | If C<$enable> is false, then the C<encode> method will croak if it isn't |
452 | passed an arrayref or hashref, as JSON texts must either be an object |
443 | passed an arrayref or hashref, as JSON texts must either be an object |
453 | or array. Likewise, C<decode> will croak if given something that is not a |
444 | or array. Likewise, C<decode> will croak if given something that is not a |
454 | JSON object or array. |
445 | JSON object or array. |
455 | |
446 | |
456 | Example, encode a Perl scalar as JSON value with enabled C<allow_nonref>, |
447 | Example, encode a Perl scalar as JSON value without enabled C<allow_nonref>, |
457 | resulting in an invalid JSON text: |
448 | resulting in an error: |
458 | |
449 | |
459 | JSON::XS->new->allow_nonref->encode ("Hello, World!") |
450 | JSON::XS->new->allow_nonref (0)->encode ("Hello, World!") |
460 | => "Hello, World!" |
451 | => hash- or arrayref expected... |
461 | |
452 | |
462 | =item $json = $json->allow_unknown ([$enable]) |
453 | =item $json = $json->allow_unknown ([$enable]) |
463 | |
454 | |
464 | =item $enabled = $json->get_allow_unknown |
455 | =item $enabled = $json->get_allow_unknown |
465 | |
456 | |
… | |
… | |
515 | |
506 | |
516 | This setting has no effect on C<decode>. |
507 | This setting has no effect on C<decode>. |
517 | |
508 | |
518 | =item $json = $json->allow_tags ([$enable]) |
509 | =item $json = $json->allow_tags ([$enable]) |
519 | |
510 | |
520 | =item $enabled = $json->allow_tags |
511 | =item $enabled = $json->get_allow_tags |
521 | |
512 | |
522 | See L<OBJECT SERIALISATION> for details. |
513 | See L<OBJECT SERIALISATION> for details. |
523 | |
514 | |
524 | If C<$enable> is true (or missing), then C<encode>, upon encountering a |
515 | If C<$enable> is true (or missing), then C<encode>, upon encountering a |
525 | blessed object, will check for the availability of the C<FREEZE> method on |
516 | blessed object, will check for the availability of the C<FREEZE> method on |
… | |
… | |
534 | in C<decode>, as if tags were not part of the grammar. |
525 | in C<decode>, as if tags were not part of the grammar. |
535 | |
526 | |
536 | =item $json = $json->filter_json_object ([$coderef->($hashref)]) |
527 | =item $json = $json->filter_json_object ([$coderef->($hashref)]) |
537 | |
528 | |
538 | When C<$coderef> is specified, it will be called from C<decode> each |
529 | When C<$coderef> is specified, it will be called from C<decode> each |
539 | time it decodes a JSON object. The only argument is a reference to the |
530 | time it decodes a JSON object. The only argument is a reference to |
540 | newly-created hash. If the code references returns a single scalar (which |
531 | the newly-created hash. If the code reference returns a single scalar |
541 | need not be a reference), this value (i.e. a copy of that scalar to avoid |
532 | (which need not be a reference), this value (or rather a copy of it) is |
542 | aliasing) is inserted into the deserialised data structure. If it returns |
533 | inserted into the deserialised data structure. If it returns an empty |
543 | an empty list (NOTE: I<not> C<undef>, which is a valid scalar), the |
534 | list (NOTE: I<not> C<undef>, which is a valid scalar), the original |
544 | original deserialised hash will be inserted. This setting can slow down |
535 | deserialised hash will be inserted. This setting can slow down decoding |
545 | decoding considerably. |
536 | considerably. |
546 | |
537 | |
547 | When C<$coderef> is omitted or undefined, any existing callback will |
538 | When C<$coderef> is omitted or undefined, any existing callback will |
548 | be removed and C<decode> will not change the deserialised hash in any |
539 | be removed and C<decode> will not change the deserialised hash in any |
549 | way. |
540 | way. |
550 | |
541 | |
… | |
… | |
724 | to set resource limits (e.g. C<max_size>) to ensure the parser will stop |
715 | to set resource limits (e.g. C<max_size>) to ensure the parser will stop |
725 | parsing in the presence if syntax errors. |
716 | parsing in the presence if syntax errors. |
726 | |
717 | |
727 | The following methods implement this incremental parser. |
718 | The following methods implement this incremental parser. |
728 | |
719 | |
729 | =over 4 |
720 | =over |
730 | |
721 | |
731 | =item [void, scalar or list context] = $json->incr_parse ([$string]) |
722 | =item [void, scalar or list context] = $json->incr_parse ([$string]) |
732 | |
723 | |
733 | This is the central parsing function. It can both append new text and |
724 | This is the central parsing function. It can both append new text and |
734 | extract objects from the stream accumulated so far (both of these |
725 | extract objects from the stream accumulated so far (both of these |
… | |
… | |
801 | |
792 | |
802 | =back |
793 | =back |
803 | |
794 | |
804 | =head2 LIMITATIONS |
795 | =head2 LIMITATIONS |
805 | |
796 | |
806 | All options that affect decoding are supported, except |
797 | The incremental parser is a non-exact parser: it works by gathering as |
807 | C<allow_nonref>. The reason for this is that it cannot be made to work |
798 | much text as possible that I<could> be a valid JSON text, followed by |
808 | sensibly: JSON objects and arrays are self-delimited, i.e. you can |
799 | trying to decode it. |
809 | concatenate them back to back and still decode them perfectly. This does |
|
|
810 | not hold true for JSON numbers, however. |
|
|
811 | |
800 | |
812 | For example, is the string C<1> a single JSON number, or is it simply the |
801 | That means it sometimes needs to read more data than strictly necessary to |
813 | start of C<12>? Or is C<12> a single JSON number, or the concatenation |
802 | diagnose an invalid JSON text. For example, after parsing the following |
814 | of C<1> and C<2>? In neither case you can tell, and this is why JSON::XS |
803 | fragment, the parser I<could> stop with an error, as this fragment |
815 | takes the conservative route and disallows this case. |
804 | I<cannot> be the beginning of a valid JSON text: |
|
|
805 | |
|
|
806 | [, |
|
|
807 | |
|
|
808 | In reality, hopwever, the parser might continue to read data until a |
|
|
809 | length limit is exceeded or it finds a closing bracket. |
816 | |
810 | |
817 | =head2 EXAMPLES |
811 | =head2 EXAMPLES |
818 | |
812 | |
819 | Some examples will make all this clearer. First, a simple example that |
813 | Some examples will make all this clearer. First, a simple example that |
820 | works similarly to C<decode_prefix>: We want to decode the JSON object at |
814 | works similarly to C<decode_prefix>: We want to decode the JSON object at |
… | |
… | |
964 | refers to the abstract Perl language itself. |
958 | refers to the abstract Perl language itself. |
965 | |
959 | |
966 | |
960 | |
967 | =head2 JSON -> PERL |
961 | =head2 JSON -> PERL |
968 | |
962 | |
969 | =over 4 |
963 | =over |
970 | |
964 | |
971 | =item object |
965 | =item object |
972 | |
966 | |
973 | A JSON object becomes a reference to a hash in Perl. No ordering of object |
967 | A JSON object becomes a reference to a hash in Perl. No ordering of object |
974 | keys is preserved (JSON does not preserve object key ordering itself). |
968 | keys is preserved (JSON does not preserve object key ordering itself). |
… | |
… | |
1042 | |
1036 | |
1043 | The mapping from Perl to JSON is slightly more difficult, as Perl is a |
1037 | The mapping from Perl to JSON is slightly more difficult, as Perl is a |
1044 | truly typeless language, so we can only guess which JSON type is meant by |
1038 | truly typeless language, so we can only guess which JSON type is meant by |
1045 | a Perl value. |
1039 | a Perl value. |
1046 | |
1040 | |
1047 | =over 4 |
1041 | =over |
1048 | |
1042 | |
1049 | =item hash references |
1043 | =item hash references |
1050 | |
1044 | |
1051 | Perl hash references become JSON objects. As there is no inherent |
1045 | Perl hash references become JSON objects. As there is no inherent |
1052 | ordering in hash keys (or JSON objects), they will usually be encoded |
1046 | ordering in hash keys (or JSON objects), they will usually be encoded |
… | |
… | |
1141 | |
1135 | |
1142 | What happens when C<JSON::XS> encounters a Perl object depends on the |
1136 | What happens when C<JSON::XS> encounters a Perl object depends on the |
1143 | C<allow_blessed>, C<convert_blessed> and C<allow_tags> settings, which are |
1137 | C<allow_blessed>, C<convert_blessed> and C<allow_tags> settings, which are |
1144 | used in this order: |
1138 | used in this order: |
1145 | |
1139 | |
1146 | =over 4 |
1140 | =over |
1147 | |
1141 | |
1148 | =item 1. C<allow_tags> is enabled and the object has a C<FREEZE> method. |
1142 | =item 1. C<allow_tags> is enabled and the object has a C<FREEZE> method. |
1149 | |
1143 | |
1150 | In this case, C<JSON::XS> uses the L<Types::Serialiser> object |
1144 | In this case, C<JSON::XS> uses the L<Types::Serialiser> object |
1151 | serialisation protocol to create a tagged JSON value, using a nonstandard |
1145 | serialisation protocol to create a tagged JSON value, using a nonstandard |
… | |
… | |
1262 | takes those codepoint numbers and I<encodes> them, in our case into |
1256 | takes those codepoint numbers and I<encodes> them, in our case into |
1263 | octets. Unicode is (among other things) a codeset, UTF-8 is an encoding, |
1257 | octets. Unicode is (among other things) a codeset, UTF-8 is an encoding, |
1264 | and ISO-8859-1 (= latin 1) and ASCII are both codesets I<and> encodings at |
1258 | and ISO-8859-1 (= latin 1) and ASCII are both codesets I<and> encodings at |
1265 | the same time, which can be confusing. |
1259 | the same time, which can be confusing. |
1266 | |
1260 | |
1267 | =over 4 |
1261 | =over |
1268 | |
1262 | |
1269 | =item C<utf8> flag disabled |
1263 | =item C<utf8> flag disabled |
1270 | |
1264 | |
1271 | When C<utf8> is disabled (the default), then C<encode>/C<decode> generate |
1265 | When C<utf8> is disabled (the default), then C<encode>/C<decode> generate |
1272 | and expect Unicode strings, that is, characters with high ordinal Unicode |
1266 | and expect Unicode strings, that is, characters with high ordinal Unicode |
… | |
… | |
1289 | expect your input strings to be encoded as UTF-8, that is, no "character" |
1283 | expect your input strings to be encoded as UTF-8, that is, no "character" |
1290 | of the input string must have any value > 255, as UTF-8 does not allow |
1284 | of the input string must have any value > 255, as UTF-8 does not allow |
1291 | that. |
1285 | that. |
1292 | |
1286 | |
1293 | The C<utf8> flag therefore switches between two modes: disabled means you |
1287 | The C<utf8> flag therefore switches between two modes: disabled means you |
1294 | will get a Unicode string in Perl, enabled means you get an UTF-8 encoded |
1288 | will get a Unicode string in Perl, enabled means you get a UTF-8 encoded |
1295 | octet/binary string in Perl. |
1289 | octet/binary string in Perl. |
1296 | |
1290 | |
1297 | =item C<latin1> or C<ascii> flags enabled |
1291 | =item C<latin1> or C<ascii> flags enabled |
1298 | |
1292 | |
1299 | With C<latin1> (or C<ascii>) enabled, C<encode> will escape characters |
1293 | With C<latin1> (or C<ascii>) enabled, C<encode> will escape characters |
… | |
… | |
1431 | general you should not try to generate YAML with a JSON generator or vice |
1425 | general you should not try to generate YAML with a JSON generator or vice |
1432 | versa, or try to parse JSON with a YAML parser or vice versa: chances are |
1426 | versa, or try to parse JSON with a YAML parser or vice versa: chances are |
1433 | high that you will run into severe interoperability problems when you |
1427 | high that you will run into severe interoperability problems when you |
1434 | least expect it. |
1428 | least expect it. |
1435 | |
1429 | |
1436 | =over 4 |
1430 | =over |
1437 | |
1431 | |
1438 | =item (*) |
1432 | =item (*) |
1439 | |
1433 | |
1440 | I have been pressured multiple times by Brian Ingerson (one of the |
1434 | I have been pressured multiple times by Brian Ingerson (one of the |
1441 | authors of the YAML specification) to remove this paragraph, despite him |
1435 | authors of the YAML specification) to remove this paragraph, despite him |
… | |
… | |
1567 | are browser design bugs, but it is still you who will have to deal with |
1561 | are browser design bugs, but it is still you who will have to deal with |
1568 | it, as major browser developers care only for features, not about getting |
1562 | it, as major browser developers care only for features, not about getting |
1569 | security right). |
1563 | security right). |
1570 | |
1564 | |
1571 | |
1565 | |
1572 | =head1 "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159) |
1566 | =head2 "OLD" VS. "NEW" JSON (RFC4627 VS. RFC7159) |
1573 | |
1567 | |
1574 | TL;DR: Due to security concerns, JSON::XS will not allow scalar data in |
1568 | JSON originally required JSON texts to represent an array or object - |
1575 | JSON texts by default - you need to create your own JSON::XS object and |
1569 | scalar values were explicitly not allowed. This has changed, and versions |
1576 | enable C<allow_nonref>: |
1570 | of JSON::XS beginning with C<4.0> reflect this by allowing scalar values |
|
|
1571 | by default. |
1577 | |
1572 | |
|
|
1573 | One reason why one might not want this is that this removes a fundamental |
|
|
1574 | property of JSON texts, namely that they are self-delimited and |
|
|
1575 | self-contained, or in other words, you could take any number of "old" |
|
|
1576 | JSON texts and paste them together, and the result would be unambiguously |
|
|
1577 | parseable: |
1578 | |
1578 | |
|
|
1579 | [1,3]{"k":5}[][null] # four JSON texts, without doubt |
|
|
1580 | |
|
|
1581 | By allowing scalars, this property is lost: in the following example, is |
|
|
1582 | this one JSON text (the number 12) or two JSON texts (the numbers 1 and |
|
|
1583 | 2): |
|
|
1584 | |
|
|
1585 | 12 # could be 12, or 1 and 2 |
|
|
1586 | |
|
|
1587 | Another lost property of "old" JSON is that no lookahead is required to |
|
|
1588 | know the end of a JSON text, i.e. the JSON text definitely ended at the |
|
|
1589 | last C<]> or C<}> character, there was no need to read extra characters. |
|
|
1590 | |
|
|
1591 | For example, a viable network protocol with "old" JSON was to simply |
|
|
1592 | exchange JSON texts without delimiter. For "new" JSON, you have to use a |
|
|
1593 | suitable delimiter (such as a newline) after every JSON text or ensure you |
|
|
1594 | never encode/decode scalar values. |
|
|
1595 | |
|
|
1596 | Most protocols do work by only transferring arrays or objects, and the |
|
|
1597 | easiest way to avoid problems with the "new" JSON definition is to |
|
|
1598 | explicitly disallow scalar values in your encoder and decoder: |
|
|
1599 | |
1579 | my $json = JSON::XS->new->allow_nonref; |
1600 | $json_coder = JSON::XS->new->allow_nonref (0) |
1580 | |
1601 | |
1581 | $text = $json->encode ($data); |
1602 | This is a somewhat unhappy situation, and the blame can fully be put on |
1582 | $data = $json->decode ($text); |
1603 | JSON's inmventor, Douglas Crockford, who unilaterally changed the format |
|
|
1604 | in 2006 without consulting the IETF, forcing the IETF to either fork the |
|
|
1605 | format or go with it (as I was told, the IETF wasn't amused). |
1583 | |
1606 | |
1584 | The long version: JSON being an important and supposedly stable format, |
|
|
1585 | the IETF standardised it as RFC 4627 in 2006. Unfortunately, the inventor |
|
|
1586 | of JSON, Dougles Crockford, unilaterally changed the definition of JSON in |
|
|
1587 | javascript. Rather than create a fork, the IETF decided to standardise the |
|
|
1588 | new syntax (apparently, so Iw as told, without finding it very amusing). |
|
|
1589 | |
1607 | |
1590 | The biggest difference between thed original JSON and the new JSON is that |
1608 | =head1 RELATIONSHIP WITH I-JSON |
1591 | the new JSON supports scalars (anything other than arrays and objects) at |
|
|
1592 | the toplevel of a JSON text. While this is strictly backwards compatible |
|
|
1593 | to older versions, it breaks a number of protocols that relied on sending |
|
|
1594 | JSON back-to-back, and is a minor security concern. |
|
|
1595 | |
1609 | |
1596 | For example, imagine you have two banks communicating, and on one side, |
1610 | JSON is a somewhat sloppily-defined format - it carries around obvious |
1597 | trhe JSON coder gets upgraded. Two messages, such as C<10> and C<1000> |
1611 | Javascript baggage, such as not really defining number range, probably |
1598 | might then be confused to mean C<101000>, something that couldn't happen |
1612 | because Javascript only has one type of numbers: IEEE 64 bit floats |
1599 | in the original JSON, because niether of these messages would be valid |
1613 | ("binary64"). |
1600 | JSON. |
|
|
1601 | |
1614 | |
1602 | If one side accepts these messages, then an upgrade in the coder on either |
1615 | For this reaosn, RFC7493 defines "Internet JSON", which is a restricted |
1603 | side could result in this becoming exploitable. |
1616 | subset of JSON that is supposedly more interoperable on the internet. |
1604 | |
1617 | |
1605 | This module has always allowed these messages as an optional extension, by |
1618 | While C<JSON::XS> does not offer specific support for I-JSON, it of course |
1606 | default disabled. The security concerns are the reason why the default is |
1619 | accepts valid I-JSON and by default implements some of the limitations |
1607 | still disabled, but future versions might/will likely upgrade to the newer |
1620 | of I-JSON, such as parsing numbers as perl numbers, which are usually a |
1608 | RFC as default format, so you are advised to check your implementation |
1621 | superset of binary64 numbers. |
1609 | and/or override the default with C<< ->allow_nonref (0) >> to ensure that |
1622 | |
1610 | future versions are safe. |
1623 | To generate I-JSON, follow these rules: |
|
|
1624 | |
|
|
1625 | =over |
|
|
1626 | |
|
|
1627 | =item * always generate UTF-8 |
|
|
1628 | |
|
|
1629 | I-JSON must be encoded in UTF-8, the default for C<encode_json>. |
|
|
1630 | |
|
|
1631 | =item * numbers should be within IEEE 754 binary64 range |
|
|
1632 | |
|
|
1633 | Basically all existing perl installations use binary64 to represent |
|
|
1634 | floating point numbers, so all you need to do is to avoid large integers. |
|
|
1635 | |
|
|
1636 | =item * objects must not have duplicate keys |
|
|
1637 | |
|
|
1638 | This is trivially done, as C<JSON::XS> does not allow duplicate keys. |
|
|
1639 | |
|
|
1640 | =item * do not generate scalar JSON texts, use C<< ->allow_nonref (0) >> |
|
|
1641 | |
|
|
1642 | I-JSON strongly requests you to only encode arrays and objects into JSON. |
|
|
1643 | |
|
|
1644 | =item * times should be strings in ISO 8601 format |
|
|
1645 | |
|
|
1646 | There are a myriad of modules on CPAN dealing with ISO 8601 - search for |
|
|
1647 | C<ISO8601> on CPAN and use one. |
|
|
1648 | |
|
|
1649 | =item * encode binary data as base64 |
|
|
1650 | |
|
|
1651 | While it's tempting to just dump binary data as a string (and let |
|
|
1652 | C<JSON::XS> do the escaping), for I-JSON, it's I<recommended> to encode |
|
|
1653 | binary data as base64. |
|
|
1654 | |
|
|
1655 | =back |
|
|
1656 | |
|
|
1657 | There are some other considerations - read RFC7493 for the details if |
|
|
1658 | interested. |
1611 | |
1659 | |
1612 | |
1660 | |
1613 | =head1 INTEROPERABILITY WITH OTHER MODULES |
1661 | =head1 INTEROPERABILITY WITH OTHER MODULES |
1614 | |
1662 | |
1615 | C<JSON::XS> uses the L<Types::Serialiser> module to provide boolean |
1663 | C<JSON::XS> uses the L<Types::Serialiser> module to provide boolean |
… | |
… | |
1678 | |
1726 | |
1679 | Again, this has some limitations - the magic string must not be encoded |
1727 | Again, this has some limitations - the magic string must not be encoded |
1680 | with character escapes, and the constructor arguments must be non-empty. |
1728 | with character escapes, and the constructor arguments must be non-empty. |
1681 | |
1729 | |
1682 | |
1730 | |
1683 | =head1 RFC7159 |
|
|
1684 | |
|
|
1685 | Since this module was written, Google has written a new JSON RFC, RFC 7159 |
|
|
1686 | (and RFC7158). Unfortunately, this RFC breaks compatibility with both the |
|
|
1687 | original JSON specification on www.json.org and RFC4627. |
|
|
1688 | |
|
|
1689 | As far as I can see, you can get partial compatibility when parsing by |
|
|
1690 | using C<< ->allow_nonref >>. However, consider the security implications |
|
|
1691 | of doing so. |
|
|
1692 | |
|
|
1693 | I haven't decided yet when to break compatibility with RFC4627 by default |
|
|
1694 | (and potentially leave applications insecure) and change the default to |
|
|
1695 | follow RFC7159, but application authors are well advised to call C<< |
|
|
1696 | ->allow_nonref(0) >> even if this is the current default, if they cannot |
|
|
1697 | handle non-reference values, in preparation for the day when the default |
|
|
1698 | will change. |
|
|
1699 | |
|
|
1700 | |
|
|
1701 | =head1 THREADS |
1731 | =head1 (I-)THREADS |
1702 | |
1732 | |
1703 | This module is I<not> guaranteed to be thread safe and there are no |
1733 | This module is I<not> guaranteed to be ithread (or MULTIPLICITY-) safe |
1704 | plans to change this until Perl gets thread support (as opposed to the |
1734 | and there are no plans to change this. Note that perl's builtin so-called |
1705 | horribly slow so-called "threads" which are simply slow and bloated |
1735 | threads/ithreads are officially deprecated and should not be used. |
1706 | process simulations - use fork, it's I<much> faster, cheaper, better). |
|
|
1707 | |
|
|
1708 | (It might actually work, but you have been warned). |
|
|
1709 | |
1736 | |
1710 | |
1737 | |
1711 | =head1 THE PERILS OF SETLOCALE |
1738 | =head1 THE PERILS OF SETLOCALE |
1712 | |
1739 | |
1713 | Sometimes people avoid the Perl locale support and directly call the |
1740 | Sometimes people avoid the Perl locale support and directly call the |
… | |
… | |
1722 | categories you need, such as C<LC_MESSAGES> or C<LC_CTYPE>. |
1749 | categories you need, such as C<LC_MESSAGES> or C<LC_CTYPE>. |
1723 | |
1750 | |
1724 | If you need C<LC_NUMERIC>, you should enable it only around the code that |
1751 | If you need C<LC_NUMERIC>, you should enable it only around the code that |
1725 | actually needs it (avoiding stringification of numbers), and restore it |
1752 | actually needs it (avoiding stringification of numbers), and restore it |
1726 | afterwards. |
1753 | afterwards. |
|
|
1754 | |
|
|
1755 | |
|
|
1756 | =head1 SOME HISTORY |
|
|
1757 | |
|
|
1758 | At the time this module was created there already were a number of JSON |
|
|
1759 | modules available on CPAN, so what was the reason to write yet another |
|
|
1760 | JSON module? While it seems there are many JSON modules, none of them |
|
|
1761 | correctly handled all corner cases, and in most cases their maintainers |
|
|
1762 | are unresponsive, gone missing, or not listening to bug reports for other |
|
|
1763 | reasons. |
|
|
1764 | |
|
|
1765 | Beginning with version 2.0 of the JSON module, when both JSON and |
|
|
1766 | JSON::XS are installed, then JSON will fall back on JSON::XS (this can be |
|
|
1767 | overridden) with no overhead due to emulation (by inheriting constructor |
|
|
1768 | and methods). If JSON::XS is not available, it will fall back to the |
|
|
1769 | compatible JSON::PP module as backend, so using JSON instead of JSON::XS |
|
|
1770 | gives you a portable JSON API that can be fast when you need it and |
|
|
1771 | doesn't require a C compiler when that is a problem. |
|
|
1772 | |
|
|
1773 | Somewhere around version 3, this module was forked into |
|
|
1774 | C<Cpanel::JSON::XS>, because its maintainer had serious trouble |
|
|
1775 | understanding JSON and insisted on a fork with many bugs "fixed" that |
|
|
1776 | weren't actually bugs, while spreading FUD about this module without |
|
|
1777 | actually giving any details on his accusations. You be the judge, but |
|
|
1778 | in my personal opinion, if you want quality, you will stay away from |
|
|
1779 | dangerous forks like that. |
1727 | |
1780 | |
1728 | |
1781 | |
1729 | =head1 BUGS |
1782 | =head1 BUGS |
1730 | |
1783 | |
1731 | While the goal of this module is to be correct, that unfortunately does |
1784 | While the goal of this module is to be correct, that unfortunately does |