ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/JSON-XS/XS.pm
(Generate patch)

Comparing JSON-XS/XS.pm (file contents):
Revision 1.107 by root, Tue Jun 3 06:43:45 2008 UTC vs.
Revision 1.167 by root, Tue Aug 28 16:16:17 2018 UTC

40Beginning with version 2.0 of the JSON module, when both JSON and 40Beginning with version 2.0 of the JSON module, when both JSON and
41JSON::XS are installed, then JSON will fall back on JSON::XS (this can be 41JSON::XS are installed, then JSON will fall back on JSON::XS (this can be
42overridden) with no overhead due to emulation (by inheriting constructor 42overridden) with no overhead due to emulation (by inheriting constructor
43and methods). If JSON::XS is not available, it will fall back to the 43and methods). If JSON::XS is not available, it will fall back to the
44compatible JSON::PP module as backend, so using JSON instead of JSON::XS 44compatible JSON::PP module as backend, so using JSON instead of JSON::XS
45gives you a portable JSON API that can be fast when you need and doesn't 45gives you a portable JSON API that can be fast when you need it and
46require a C compiler when that is a problem. 46doesn't require a C compiler when that is a problem.
47 47
48As this is the n-th-something JSON module on CPAN, what was the reason 48As this is the n-th-something JSON module on CPAN, what was the reason
49to write yet another JSON module? While it seems there are many JSON 49to write yet another JSON module? While it seems there are many JSON
50modules, none of them correctly handle all corner cases, and in most cases 50modules, none of them correctly handle all corner cases, and in most cases
51their maintainers are unresponsive, gone missing, or not listening to bug 51their maintainers are unresponsive, gone missing, or not listening to bug
52reports for other reasons. 52reports for other reasons.
53 53
54See COMPARISON, below, for a comparison to some other JSON modules.
55
56See MAPPING, below, on how JSON::XS maps perl values to JSON values and 54See MAPPING, below, on how JSON::XS maps perl values to JSON values and
57vice versa. 55vice versa.
58 56
59=head2 FEATURES 57=head2 FEATURES
60 58
66so, and even documents what "correct" means. 64so, and even documents what "correct" means.
67 65
68=item * round-trip integrity 66=item * round-trip integrity
69 67
70When you serialise a perl data structure using only data types supported 68When you serialise a perl data structure using only data types supported
71by JSON, the deserialised data structure is identical on the Perl level. 69by JSON and Perl, the deserialised data structure is identical on the Perl
72(e.g. the string "2.0" doesn't suddenly become "2" just because it looks 70level. (e.g. the string "2.0" doesn't suddenly become "2" just because
73like a number). There minor I<are> exceptions to this, read the MAPPING 71it looks like a number). There I<are> minor exceptions to this, read the
74section below to learn about those. 72MAPPING section below to learn about those.
75 73
76=item * strict checking of JSON correctness 74=item * strict checking of JSON correctness
77 75
78There is no guessing, no generating of illegal JSON texts by default, 76There is no guessing, no generating of illegal JSON texts by default,
79and only JSON is accepted as input by default (the latter is a security 77and only JSON is accepted as input by default (the latter is a security
85this module usually compares favourably in terms of speed, too. 83this module usually compares favourably in terms of speed, too.
86 84
87=item * simple to use 85=item * simple to use
88 86
89This module has both a simple functional interface as well as an object 87This module has both a simple functional interface as well as an object
90oriented interface interface. 88oriented interface.
91 89
92=item * reasonably versatile output formats 90=item * reasonably versatile output formats
93 91
94You can choose between the most compact guaranteed-single-line format 92You can choose between the most compact guaranteed-single-line format
95possible (nice for simple line-based protocols), a pure-ASCII format 93possible (nice for simple line-based protocols), a pure-ASCII format
101 99
102=cut 100=cut
103 101
104package JSON::XS; 102package JSON::XS;
105 103
106use strict; 104use common::sense;
107 105
108our $VERSION = '2.21'; 106our $VERSION = 3.04;
109our @ISA = qw(Exporter); 107our @ISA = qw(Exporter);
110 108
111our @EXPORT = qw(encode_json decode_json to_json from_json); 109our @EXPORT = qw(encode_json decode_json);
112
113sub to_json($) {
114 require Carp;
115 Carp::croak ("JSON::XS::to_json has been renamed to encode_json, either downgrade to pre-2.0 versions of JSON::XS or rename the call");
116}
117
118sub from_json($) {
119 require Carp;
120 Carp::croak ("JSON::XS::from_json has been renamed to decode_json, either downgrade to pre-2.0 versions of JSON::XS or rename the call");
121}
122 110
123use Exporter; 111use Exporter;
124use XSLoader; 112use XSLoader;
125 113
114use Types::Serialiser ();
115
126=head1 FUNCTIONAL INTERFACE 116=head1 FUNCTIONAL INTERFACE
127 117
128The following convenience methods are provided by this module. They are 118The following convenience methods are provided by this module. They are
129exported by default: 119exported by default:
130 120
141 131
142Except being faster. 132Except being faster.
143 133
144=item $perl_scalar = decode_json $json_text 134=item $perl_scalar = decode_json $json_text
145 135
146The opposite of C<encode_json>: expects an UTF-8 (binary) string and tries 136The opposite of C<encode_json>: expects a UTF-8 (binary) string and tries
147to parse that as an UTF-8 encoded JSON text, returning the resulting 137to parse that as a UTF-8 encoded JSON text, returning the resulting
148reference. Croaks on error. 138reference. Croaks on error.
149 139
150This function call is functionally identical to: 140This function call is functionally identical to:
151 141
152 $perl_scalar = JSON::XS->new->utf8->decode ($json_text) 142 $perl_scalar = JSON::XS->new->utf8->decode ($json_text)
153 143
154Except being faster. 144Except being faster.
155
156=item $is_boolean = JSON::XS::is_bool $scalar
157
158Returns true if the passed scalar represents either JSON::XS::true or
159JSON::XS::false, two constants that act like C<1> and C<0>, respectively
160and are used to represent JSON C<true> and C<false> values in Perl.
161
162See MAPPING, below, for more information on how JSON values are mapped to
163Perl.
164 145
165=back 146=back
166 147
167 148
168=head1 A FEW NOTES ON UNICODE AND PERL 149=head1 A FEW NOTES ON UNICODE AND PERL
289 270
290=item $enabled = $json->get_utf8 271=item $enabled = $json->get_utf8
291 272
292If C<$enable> is true (or missing), then the C<encode> method will encode 273If C<$enable> is true (or missing), then the C<encode> method will encode
293the JSON result into UTF-8, as required by many protocols, while the 274the JSON result into UTF-8, as required by many protocols, while the
294C<decode> method expects to be handled an UTF-8-encoded string. Please 275C<decode> method expects to be handed a UTF-8-encoded string. Please
295note that UTF-8-encoded strings do not contain any characters outside the 276note that UTF-8-encoded strings do not contain any characters outside the
296range C<0..255>, they are thus useful for bytewise/binary I/O. In future 277range C<0..255>, they are thus useful for bytewise/binary I/O. In future
297versions, enabling this option might enable autodetection of the UTF-16 278versions, enabling this option might enable autodetection of the UTF-16
298and UTF-32 encoding families, as described in RFC4627. 279and UTF-32 encoding families, as described in RFC4627.
299 280
384 365
385=item $enabled = $json->get_relaxed 366=item $enabled = $json->get_relaxed
386 367
387If C<$enable> is true (or missing), then C<decode> will accept some 368If C<$enable> is true (or missing), then C<decode> will accept some
388extensions to normal JSON syntax (see below). C<encode> will not be 369extensions to normal JSON syntax (see below). C<encode> will not be
389affected in anyway. I<Be aware that this option makes you accept invalid 370affected in any way. I<Be aware that this option makes you accept invalid
390JSON texts as if they were valid!>. I suggest only to use this option to 371JSON texts as if they were valid!>. I suggest only to use this option to
391parse application-specific files written by humans (configuration files, 372parse application-specific files written by humans (configuration files,
392resource files etc.) 373resource files etc.)
393 374
394If C<$enable> is false (the default), then C<decode> will only accept 375If C<$enable> is false (the default), then C<decode> will only accept
423 [ 404 [
424 1, # this comment not allowed in JSON 405 1, # this comment not allowed in JSON
425 # neither this one... 406 # neither this one...
426 ] 407 ]
427 408
409=item * literal ASCII TAB characters in strings
410
411Literal ASCII TAB characters are now allowed in strings (and treated as
412C<\t>).
413
414 [
415 "Hello\tWorld",
416 "Hello<TAB>World", # literal <TAB> would not normally be allowed
417 ]
418
428=back 419=back
429 420
430=item $json = $json->canonical ([$enable]) 421=item $json = $json->canonical ([$enable])
431 422
432=item $enabled = $json->get_canonical 423=item $enabled = $json->get_canonical
434If C<$enable> is true (or missing), then the C<encode> method will output JSON objects 425If C<$enable> is true (or missing), then the C<encode> method will output JSON objects
435by sorting their keys. This is adding a comparatively high overhead. 426by sorting their keys. This is adding a comparatively high overhead.
436 427
437If C<$enable> is false, then the C<encode> method will output key-value 428If C<$enable> is false, then the C<encode> method will output key-value
438pairs in the order Perl stores them (which will likely change between runs 429pairs in the order Perl stores them (which will likely change between runs
439of the same script). 430of the same script, and can change even within the same run from 5.18
431onwards).
440 432
441This option is useful if you want the same data structure to be encoded as 433This option is useful if you want the same data structure to be encoded as
442the same JSON text (given the same overall settings). If it is disabled, 434the same JSON text (given the same overall settings). If it is disabled,
443the same hash might be encoded differently even if contains the same data, 435the same hash might be encoded differently even if contains the same data,
444as key-value pairs have no inherent ordering in Perl. 436as key-value pairs have no inherent ordering in Perl.
445 437
446This setting has no effect when decoding JSON texts. 438This setting has no effect when decoding JSON texts.
439
440This setting has currently no effect on tied hashes.
447 441
448=item $json = $json->allow_nonref ([$enable]) 442=item $json = $json->allow_nonref ([$enable])
449 443
450=item $enabled = $json->get_allow_nonref 444=item $enabled = $json->get_allow_nonref
451 445
483 477
484=item $json = $json->allow_blessed ([$enable]) 478=item $json = $json->allow_blessed ([$enable])
485 479
486=item $enabled = $json->get_allow_blessed 480=item $enabled = $json->get_allow_blessed
487 481
482See L<OBJECT SERIALISATION> for details.
483
488If C<$enable> is true (or missing), then the C<encode> method will not 484If C<$enable> is true (or missing), then the C<encode> method will not
489barf when it encounters a blessed reference. Instead, the value of the 485barf when it encounters a blessed reference that it cannot convert
490B<convert_blessed> option will decide whether C<null> (C<convert_blessed> 486otherwise. Instead, a JSON C<null> value is encoded instead of the object.
491disabled or no C<TO_JSON> method found) or a representation of the
492object (C<convert_blessed> enabled and C<TO_JSON> method found) is being
493encoded. Has no effect on C<decode>.
494 487
495If C<$enable> is false (the default), then C<encode> will throw an 488If C<$enable> is false (the default), then C<encode> will throw an
496exception when it encounters a blessed object. 489exception when it encounters a blessed object that it cannot convert
490otherwise.
491
492This setting has no effect on C<decode>.
497 493
498=item $json = $json->convert_blessed ([$enable]) 494=item $json = $json->convert_blessed ([$enable])
499 495
500=item $enabled = $json->get_convert_blessed 496=item $enabled = $json->get_convert_blessed
497
498See L<OBJECT SERIALISATION> for details.
501 499
502If C<$enable> is true (or missing), then C<encode>, upon encountering a 500If C<$enable> is true (or missing), then C<encode>, upon encountering a
503blessed object, will check for the availability of the C<TO_JSON> method 501blessed object, will check for the availability of the C<TO_JSON> method
504on the object's class. If found, it will be called in scalar context 502on the object's class. If found, it will be called in scalar context and
505and the resulting scalar will be encoded instead of the object. If no 503the resulting scalar will be encoded instead of the object.
506C<TO_JSON> method is found, the value of C<allow_blessed> will decide what
507to do.
508 504
509The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON> 505The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON>
510returns other blessed objects, those will be handled in the same 506returns other blessed objects, those will be handled in the same
511way. C<TO_JSON> must take care of not causing an endless recursion cycle 507way. C<TO_JSON> must take care of not causing an endless recursion cycle
512(== crash) in this case. The name of C<TO_JSON> was chosen because other 508(== crash) in this case. The name of C<TO_JSON> was chosen because other
513methods called by the Perl core (== not by the user of the object) are 509methods called by the Perl core (== not by the user of the object) are
514usually in upper case letters and to avoid collisions with any C<to_json> 510usually in upper case letters and to avoid collisions with any C<to_json>
515function or method. 511function or method.
516 512
517This setting does not yet influence C<decode> in any way, but in the 513If C<$enable> is false (the default), then C<encode> will not consider
518future, global hooks might get installed that influence C<decode> and are 514this type of conversion.
519enabled by this setting.
520 515
521If C<$enable> is false, then the C<allow_blessed> setting will decide what 516This setting has no effect on C<decode>.
522to do when a blessed object is found. 517
518=item $json = $json->allow_tags ([$enable])
519
520=item $enabled = $json->allow_tags
521
522See L<OBJECT SERIALISATION> for details.
523
524If C<$enable> is true (or missing), then C<encode>, upon encountering a
525blessed object, will check for the availability of the C<FREEZE> method on
526the object's class. If found, it will be used to serialise the object into
527a nonstandard tagged JSON value (that JSON decoders cannot decode).
528
529It also causes C<decode> to parse such tagged JSON values and deserialise
530them via a call to the C<THAW> method.
531
532If C<$enable> is false (the default), then C<encode> will not consider
533this type of conversion, and tagged JSON values will cause a parse error
534in C<decode>, as if tags were not part of the grammar.
523 535
524=item $json = $json->filter_json_object ([$coderef->($hashref)]) 536=item $json = $json->filter_json_object ([$coderef->($hashref)])
525 537
526When C<$coderef> is specified, it will be called from C<decode> each 538When C<$coderef> is specified, it will be called from C<decode> each
527time it decodes a JSON object. The only argument is a reference to the 539time it decodes a JSON object. The only argument is a reference to the
666 678
667See SECURITY CONSIDERATIONS, below, for more info on why this is useful. 679See SECURITY CONSIDERATIONS, below, for more info on why this is useful.
668 680
669=item $json_text = $json->encode ($perl_scalar) 681=item $json_text = $json->encode ($perl_scalar)
670 682
671Converts the given Perl data structure (a simple scalar or a reference 683Converts the given Perl value or data structure to its JSON
672to a hash or array) to its JSON representation. Simple scalars will be 684representation. Croaks on error.
673converted into JSON string or number sequences, while references to arrays
674become JSON arrays and references to hashes become JSON objects. Undefined
675Perl values (e.g. C<undef>) become JSON C<null> values. Neither C<true>
676nor C<false> values will be generated.
677 685
678=item $perl_scalar = $json->decode ($json_text) 686=item $perl_scalar = $json->decode ($json_text)
679 687
680The opposite of C<encode>: expects a JSON text and tries to parse it, 688The opposite of C<encode>: expects a JSON text and tries to parse it,
681returning the resulting simple scalar or reference. Croaks on error. 689returning the resulting simple scalar or reference. Croaks on error.
682
683JSON numbers and strings become simple Perl scalars. JSON arrays become
684Perl arrayrefs and JSON objects become Perl hashrefs. C<true> becomes
685C<1>, C<false> becomes C<0> and C<null> becomes C<undef>.
686 690
687=item ($perl_scalar, $characters) = $json->decode_prefix ($json_text) 691=item ($perl_scalar, $characters) = $json->decode_prefix ($json_text)
688 692
689This works like the C<decode> method, but instead of raising an exception 693This works like the C<decode> method, but instead of raising an exception
690when there is trailing garbage after the first JSON object, it will 694when there is trailing garbage after the first JSON object, it will
691silently stop parsing there and return the number of characters consumed 695silently stop parsing there and return the number of characters consumed
692so far. 696so far.
693 697
694This is useful if your JSON texts are not delimited by an outer protocol 698This is useful if your JSON texts are not delimited by an outer protocol
695(which is not the brightest thing to do in the first place) and you need
696to know where the JSON text ends. 699and you need to know where the JSON text ends.
697 700
698 JSON::XS->new->decode_prefix ("[1] the tail") 701 JSON::XS->new->decode_prefix ("[1] the tail")
699 => ([], 3) 702 => ([1], 3)
700 703
701=back 704=back
702 705
703 706
704=head1 INCREMENTAL PARSING 707=head1 INCREMENTAL PARSING
706In some cases, there is the need for incremental parsing of JSON 709In some cases, there is the need for incremental parsing of JSON
707texts. While this module always has to keep both JSON text and resulting 710texts. While this module always has to keep both JSON text and resulting
708Perl data structure in memory at one time, it does allow you to parse a 711Perl data structure in memory at one time, it does allow you to parse a
709JSON stream incrementally. It does so by accumulating text until it has 712JSON stream incrementally. It does so by accumulating text until it has
710a full JSON object, which it then can decode. This process is similar to 713a full JSON object, which it then can decode. This process is similar to
711using C<decode_prefix> to see if a full JSON object is available, but is 714using C<decode_prefix> to see if a full JSON object is available, but
712much more efficient (JSON::XS will only attempt to parse the JSON text 715is much more efficient (and can be implemented with a minimum of method
716calls).
717
718JSON::XS will only attempt to parse the JSON text once it is sure it
713once it is sure it has enough text to get a decisive result, using a very 719has enough text to get a decisive result, using a very simple but
714simple but truly incremental parser). 720truly incremental parser. This means that it sometimes won't stop as
721early as the full parser, for example, it doesn't detect mismatched
722parentheses. The only thing it guarantees is that it starts decoding as
723soon as a syntactically valid JSON text has been seen. This means you need
724to set resource limits (e.g. C<max_size>) to ensure the parser will stop
725parsing in the presence if syntax errors.
715 726
716The following two methods deal with this. 727The following methods implement this incremental parser.
717 728
718=over 4 729=over 4
719 730
720=item [void, scalar or list context] = $json->incr_parse ([$string]) 731=item [void, scalar or list context] = $json->incr_parse ([$string])
721 732
732 743
733If the method is called in scalar context, then it will try to extract 744If the method is called in scalar context, then it will try to extract
734exactly I<one> JSON object. If that is successful, it will return this 745exactly I<one> JSON object. If that is successful, it will return this
735object, otherwise it will return C<undef>. If there is a parse error, 746object, otherwise it will return C<undef>. If there is a parse error,
736this method will croak just as C<decode> would do (one can then use 747this method will croak just as C<decode> would do (one can then use
737C<incr_skip> to skip the errornous part). This is the most common way of 748C<incr_skip> to skip the erroneous part). This is the most common way of
738using the method. 749using the method.
739 750
740And finally, in list context, it will try to extract as many objects 751And finally, in list context, it will try to extract as many objects
741from the stream as it can find and return them, or the empty list 752from the stream as it can find and return them, or the empty list
742otherwise. For this to work, there must be no separators between the JSON 753otherwise. For this to work, there must be no separators (other than
743objects or arrays, instead they must be concatenated back-to-back. If 754whitespace) between the JSON objects or arrays, instead they must be
744an error occurs, an exception will be raised as in the scalar context 755concatenated back-to-back. If an error occurs, an exception will be
745case. Note that in this case, any previously-parsed JSON texts will be 756raised as in the scalar context case. Note that in this case, any
746lost. 757previously-parsed JSON texts will be lost.
758
759Example: Parse some JSON arrays/objects in a given string and return
760them.
761
762 my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]");
747 763
748=item $lvalue_string = $json->incr_text 764=item $lvalue_string = $json->incr_text
749 765
750This method returns the currently stored JSON fragment as an lvalue, that 766This method returns the currently stored JSON fragment as an lvalue, that
751is, you can manipulate it. This I<only> works when a preceding call to 767is, you can manipulate it. This I<only> works when a preceding call to
753all other circumstances you must not call this function (I mean it. 769all other circumstances you must not call this function (I mean it.
754although in simple tests it might actually work, it I<will> fail under 770although in simple tests it might actually work, it I<will> fail under
755real world conditions). As a special exception, you can also call this 771real world conditions). As a special exception, you can also call this
756method before having parsed anything. 772method before having parsed anything.
757 773
774That means you can only use this function to look at or manipulate text
775before or after complete JSON objects, not while the parser is in the
776middle of parsing a JSON object.
777
758This function is useful in two cases: a) finding the trailing text after a 778This function is useful in two cases: a) finding the trailing text after a
759JSON object or b) parsing multiple JSON objects separated by non-JSON text 779JSON object or b) parsing multiple JSON objects separated by non-JSON text
760(such as commas). 780(such as commas).
761 781
762=item $json->incr_skip 782=item $json->incr_skip
763 783
764This will reset the state of the incremental parser and will remove the 784This will reset the state of the incremental parser and will remove
765parsed text from the input buffer. This is useful after C<incr_parse> 785the parsed text from the input buffer so far. This is useful after
766died, in which case the input buffer and incremental parser state is left 786C<incr_parse> died, in which case the input buffer and incremental parser
767unchanged, to skip the text parsed so far and to reset the parse state. 787state is left unchanged, to skip the text parsed so far and to reset the
788parse state.
789
790The difference to C<incr_reset> is that only text until the parse error
791occurred is removed.
768 792
769=item $json->incr_reset 793=item $json->incr_reset
770 794
771This completely resets the incremental parser, that is, after this call, 795This completely resets the incremental parser, that is, after this call,
772it will be as if the parser had never parsed anything. 796it will be as if the parser had never parsed anything.
773 797
774This is useful if you want ot repeatedly parse JSON objects and want to 798This is useful if you want to repeatedly parse JSON objects and want to
775ignore any trailing data, which means you have to reset the parser after 799ignore any trailing data, which means you have to reset the parser after
776each successful decode. 800each successful decode.
777 801
778=back 802=back
779 803
780=head2 LIMITATIONS 804=head2 LIMITATIONS
781 805
782All options that affect decoding are supported, except 806All options that affect decoding are supported, except
783C<allow_nonref>. The reason for this is that it cannot be made to 807C<allow_nonref>. The reason for this is that it cannot be made to work
784work sensibly: JSON objects and arrays are self-delimited, i.e. you can concatenate 808sensibly: JSON objects and arrays are self-delimited, i.e. you can
785them back to back and still decode them perfectly. This does not hold true 809concatenate them back to back and still decode them perfectly. This does
786for JSON numbers, however. 810not hold true for JSON numbers, however.
787 811
788For example, is the string C<1> a single JSON number, or is it simply the 812For example, is the string C<1> a single JSON number, or is it simply the
789start of C<12>? Or is C<12> a single JSON number, or the concatenation 813start of C<12>? Or is C<12> a single JSON number, or the concatenation
790of C<1> and C<2>? In neither case you can tell, and this is why JSON::XS 814of C<1> and C<2>? In neither case you can tell, and this is why JSON::XS
791takes the conservative route and disallows this case. 815takes the conservative route and disallows this case.
970If the number consists of digits only, JSON::XS will try to represent 994If the number consists of digits only, JSON::XS will try to represent
971it as an integer value. If that fails, it will try to represent it as 995it as an integer value. If that fails, it will try to represent it as
972a numeric (floating point) value if that is possible without loss of 996a numeric (floating point) value if that is possible without loss of
973precision. Otherwise it will preserve the number as a string value (in 997precision. Otherwise it will preserve the number as a string value (in
974which case you lose roundtripping ability, as the JSON number will be 998which case you lose roundtripping ability, as the JSON number will be
975re-encoded toa JSON string). 999re-encoded to a JSON string).
976 1000
977Numbers containing a fractional or exponential part will always be 1001Numbers containing a fractional or exponential part will always be
978represented as numeric (floating point) values, possibly at a loss of 1002represented as numeric (floating point) values, possibly at a loss of
979precision (in which case you might lose perfect roundtripping ability, but 1003precision (in which case you might lose perfect roundtripping ability, but
980the JSON number will still be re-encoded as a JSON number). 1004the JSON number will still be re-encoded as a JSON number).
981 1005
1006Note that precision is not accuracy - binary floating point values cannot
1007represent most decimal fractions exactly, and when converting from and to
1008floating point, JSON::XS only guarantees precision up to but not including
1009the least significant bit.
1010
982=item true, false 1011=item true, false
983 1012
984These JSON atoms become C<JSON::XS::true> and C<JSON::XS::false>, 1013These JSON atoms become C<Types::Serialiser::true> and
985respectively. They are overloaded to act almost exactly like the numbers 1014C<Types::Serialiser::false>, respectively. They are overloaded to act
986C<1> and C<0>. You can check whether a scalar is a JSON boolean by using 1015almost exactly like the numbers C<1> and C<0>. You can check whether
987the C<JSON::XS::is_bool> function. 1016a scalar is a JSON boolean by using the C<Types::Serialiser::is_bool>
1017function (after C<use Types::Serialier>, of course).
988 1018
989=item null 1019=item null
990 1020
991A JSON null atom becomes C<undef> in Perl. 1021A JSON null atom becomes C<undef> in Perl.
1022
1023=item shell-style comments (C<< # I<text> >>)
1024
1025As a nonstandard extension to the JSON syntax that is enabled by the
1026C<relaxed> setting, shell-style comments are allowed. They can start
1027anywhere outside strings and go till the end of the line.
1028
1029=item tagged values (C<< (I<tag>)I<value> >>).
1030
1031Another nonstandard extension to the JSON syntax, enabled with the
1032C<allow_tags> setting, are tagged values. In this implementation, the
1033I<tag> must be a perl package/class name encoded as a JSON string, and the
1034I<value> must be a JSON array encoding optional constructor arguments.
1035
1036See L<OBJECT SERIALISATION>, below, for details.
992 1037
993=back 1038=back
994 1039
995 1040
996=head2 PERL -> JSON 1041=head2 PERL -> JSON
1001 1046
1002=over 4 1047=over 4
1003 1048
1004=item hash references 1049=item hash references
1005 1050
1006Perl hash references become JSON objects. As there is no inherent ordering 1051Perl hash references become JSON objects. As there is no inherent
1007in hash keys (or JSON objects), they will usually be encoded in a 1052ordering in hash keys (or JSON objects), they will usually be encoded
1008pseudo-random order that can change between runs of the same program but 1053in a pseudo-random order. JSON::XS can optionally sort the hash keys
1009stays generally the same within a single run of a program. JSON::XS can 1054(determined by the I<canonical> flag), so the same datastructure will
1010optionally sort the hash keys (determined by the I<canonical> flag), so 1055serialise to the same JSON text (given same settings and version of
1011the same datastructure will serialise to the same JSON text (given same 1056JSON::XS), but this incurs a runtime overhead and is only rarely useful,
1012settings and version of JSON::XS), but this incurs a runtime overhead 1057e.g. when you want to compare some JSON text against another for equality.
1013and is only rarely useful, e.g. when you want to compare some JSON text
1014against another for equality.
1015 1058
1016=item array references 1059=item array references
1017 1060
1018Perl array references become JSON arrays. 1061Perl array references become JSON arrays.
1019 1062
1020=item other references 1063=item other references
1021 1064
1022Other unblessed references are generally not allowed and will cause an 1065Other unblessed references are generally not allowed and will cause an
1023exception to be thrown, except for references to the integers C<0> and 1066exception to be thrown, except for references to the integers C<0> and
1024C<1>, which get turned into C<false> and C<true> atoms in JSON. You can 1067C<1>, which get turned into C<false> and C<true> atoms in JSON.
1025also use C<JSON::XS::false> and C<JSON::XS::true> to improve readability.
1026 1068
1069Since C<JSON::XS> uses the boolean model from L<Types::Serialiser>, you
1070can also C<use Types::Serialiser> and then use C<Types::Serialiser::false>
1071and C<Types::Serialiser::true> to improve readability.
1072
1073 use Types::Serialiser;
1027 encode_json [\0, JSON::XS::true] # yields [false,true] 1074 encode_json [\0, Types::Serialiser::true] # yields [false,true]
1028 1075
1029=item JSON::XS::true, JSON::XS::false 1076=item Types::Serialiser::true, Types::Serialiser::false
1030 1077
1031These special values become JSON true and JSON false values, 1078These special values from the L<Types::Serialiser> module become JSON true
1032respectively. You can also use C<\1> and C<\0> directly if you want. 1079and JSON false values, respectively. You can also use C<\1> and C<\0>
1080directly if you want.
1033 1081
1034=item blessed objects 1082=item blessed objects
1035 1083
1036Blessed objects are not directly representable in JSON. See the 1084Blessed objects are not directly representable in JSON, but C<JSON::XS>
1037C<allow_blessed> and C<convert_blessed> methods on various options on 1085allows various ways of handling objects. See L<OBJECT SERIALISATION>,
1038how to deal with this: basically, you can choose between throwing an 1086below, for details.
1039exception, encoding the reference as if it weren't blessed, or provide
1040your own serialiser method.
1041 1087
1042=item simple scalars 1088=item simple scalars
1043 1089
1044Simple Perl scalars (any scalar that is not a reference) are the most 1090Simple Perl scalars (any scalar that is not a reference) are the most
1045difficult objects to encode: JSON::XS will encode undefined scalars as 1091difficult objects to encode: JSON::XS will encode undefined scalars as
1073 1119
1074You can not currently force the type in other, less obscure, ways. Tell me 1120You can not currently force the type in other, less obscure, ways. Tell me
1075if you need this capability (but don't forget to explain why it's needed 1121if you need this capability (but don't forget to explain why it's needed
1076:). 1122:).
1077 1123
1124Note that numerical precision has the same meaning as under Perl (so
1125binary to decimal conversion follows the same rules as in Perl, which
1126can differ to other languages). Also, your perl interpreter might expose
1127extensions to the floating point numbers of your platform, such as
1128infinities or NaN's - these cannot be represented in JSON, and it is an
1129error to pass those in.
1130
1078=back 1131=back
1132
1133=head2 OBJECT SERIALISATION
1134
1135As JSON cannot directly represent Perl objects, you have to choose between
1136a pure JSON representation (without the ability to deserialise the object
1137automatically again), and a nonstandard extension to the JSON syntax,
1138tagged values.
1139
1140=head3 SERIALISATION
1141
1142What happens when C<JSON::XS> encounters a Perl object depends on the
1143C<allow_blessed>, C<convert_blessed> and C<allow_tags> settings, which are
1144used in this order:
1145
1146=over 4
1147
1148=item 1. C<allow_tags> is enabled and the object has a C<FREEZE> method.
1149
1150In this case, C<JSON::XS> uses the L<Types::Serialiser> object
1151serialisation protocol to create a tagged JSON value, using a nonstandard
1152extension to the JSON syntax.
1153
1154This works by invoking the C<FREEZE> method on the object, with the first
1155argument being the object to serialise, and the second argument being the
1156constant string C<JSON> to distinguish it from other serialisers.
1157
1158The C<FREEZE> method can return any number of values (i.e. zero or
1159more). These values and the paclkage/classname of the object will then be
1160encoded as a tagged JSON value in the following format:
1161
1162 ("classname")[FREEZE return values...]
1163
1164e.g.:
1165
1166 ("URI")["http://www.google.com/"]
1167 ("MyDate")[2013,10,29]
1168 ("ImageData::JPEG")["Z3...VlCg=="]
1169
1170For example, the hypothetical C<My::Object> C<FREEZE> method might use the
1171objects C<type> and C<id> members to encode the object:
1172
1173 sub My::Object::FREEZE {
1174 my ($self, $serialiser) = @_;
1175
1176 ($self->{type}, $self->{id})
1177 }
1178
1179=item 2. C<convert_blessed> is enabled and the object has a C<TO_JSON> method.
1180
1181In this case, the C<TO_JSON> method of the object is invoked in scalar
1182context. It must return a single scalar that can be directly encoded into
1183JSON. This scalar replaces the object in the JSON text.
1184
1185For example, the following C<TO_JSON> method will convert all L<URI>
1186objects to JSON strings when serialised. The fatc that these values
1187originally were L<URI> objects is lost.
1188
1189 sub URI::TO_JSON {
1190 my ($uri) = @_;
1191 $uri->as_string
1192 }
1193
1194=item 3. C<allow_blessed> is enabled.
1195
1196The object will be serialised as a JSON null value.
1197
1198=item 4. none of the above
1199
1200If none of the settings are enabled or the respective methods are missing,
1201C<JSON::XS> throws an exception.
1202
1203=back
1204
1205=head3 DESERIALISATION
1206
1207For deserialisation there are only two cases to consider: either
1208nonstandard tagging was used, in which case C<allow_tags> decides,
1209or objects cannot be automatically be deserialised, in which
1210case you can use postprocessing or the C<filter_json_object> or
1211C<filter_json_single_key_object> callbacks to get some real objects our of
1212your JSON.
1213
1214This section only considers the tagged value case: I a tagged JSON object
1215is encountered during decoding and C<allow_tags> is disabled, a parse
1216error will result (as if tagged values were not part of the grammar).
1217
1218If C<allow_tags> is enabled, C<JSON::XS> will look up the C<THAW> method
1219of the package/classname used during serialisation (it will not attempt
1220to load the package as a Perl module). If there is no such method, the
1221decoding will fail with an error.
1222
1223Otherwise, the C<THAW> method is invoked with the classname as first
1224argument, the constant string C<JSON> as second argument, and all the
1225values from the JSON array (the values originally returned by the
1226C<FREEZE> method) as remaining arguments.
1227
1228The method must then return the object. While technically you can return
1229any Perl scalar, you might have to enable the C<enable_nonref> setting to
1230make that work in all cases, so better return an actual blessed reference.
1231
1232As an example, let's implement a C<THAW> function that regenerates the
1233C<My::Object> from the C<FREEZE> example earlier:
1234
1235 sub My::Object::THAW {
1236 my ($class, $serialiser, $type, $id) = @_;
1237
1238 $class->new (type => $type, id => $id)
1239 }
1079 1240
1080 1241
1081=head1 ENCODING/CODESET FLAG NOTES 1242=head1 ENCODING/CODESET FLAG NOTES
1082 1243
1083The interested reader might have seen a number of flags that signify 1244The interested reader might have seen a number of flags that signify
1108=item C<utf8> flag disabled 1269=item C<utf8> flag disabled
1109 1270
1110When C<utf8> is disabled (the default), then C<encode>/C<decode> generate 1271When C<utf8> is disabled (the default), then C<encode>/C<decode> generate
1111and expect Unicode strings, that is, characters with high ordinal Unicode 1272and expect Unicode strings, that is, characters with high ordinal Unicode
1112values (> 255) will be encoded as such characters, and likewise such 1273values (> 255) will be encoded as such characters, and likewise such
1113characters are decoded as-is, no canges to them will be done, except 1274characters are decoded as-is, no changes to them will be done, except
1114"(re-)interpreting" them as Unicode codepoints or Unicode characters, 1275"(re-)interpreting" them as Unicode codepoints or Unicode characters,
1115respectively (to Perl, these are the same thing in strings unless you do 1276respectively (to Perl, these are the same thing in strings unless you do
1116funny/weird/dumb stuff). 1277funny/weird/dumb stuff).
1117 1278
1118This is useful when you want to do the encoding yourself (e.g. when you 1279This is useful when you want to do the encoding yourself (e.g. when you
1128expect your input strings to be encoded as UTF-8, that is, no "character" 1289expect your input strings to be encoded as UTF-8, that is, no "character"
1129of the input string must have any value > 255, as UTF-8 does not allow 1290of the input string must have any value > 255, as UTF-8 does not allow
1130that. 1291that.
1131 1292
1132The C<utf8> flag therefore switches between two modes: disabled means you 1293The C<utf8> flag therefore switches between two modes: disabled means you
1133will get a Unicode string in Perl, enabled means you get an UTF-8 encoded 1294will get a Unicode string in Perl, enabled means you get a UTF-8 encoded
1134octet/binary string in Perl. 1295octet/binary string in Perl.
1135 1296
1136=item C<latin1> or C<ascii> flags enabled 1297=item C<latin1> or C<ascii> flags enabled
1137 1298
1138With C<latin1> (or C<ascii>) enabled, C<encode> will escape characters 1299With C<latin1> (or C<ascii>) enabled, C<encode> will escape characters
1174proper subset of most 8-bit and multibyte encodings in use in the world. 1335proper subset of most 8-bit and multibyte encodings in use in the world.
1175 1336
1176=back 1337=back
1177 1338
1178 1339
1340=head2 JSON and ECMAscript
1341
1342JSON syntax is based on how literals are represented in javascript (the
1343not-standardised predecessor of ECMAscript) which is presumably why it is
1344called "JavaScript Object Notation".
1345
1346However, JSON is not a subset (and also not a superset of course) of
1347ECMAscript (the standard) or javascript (whatever browsers actually
1348implement).
1349
1350If you want to use javascript's C<eval> function to "parse" JSON, you
1351might run into parse errors for valid JSON texts, or the resulting data
1352structure might not be queryable:
1353
1354One of the problems is that U+2028 and U+2029 are valid characters inside
1355JSON strings, but are not allowed in ECMAscript string literals, so the
1356following Perl fragment will not output something that can be guaranteed
1357to be parsable by javascript's C<eval>:
1358
1359 use JSON::XS;
1360
1361 print encode_json [chr 0x2028];
1362
1363The right fix for this is to use a proper JSON parser in your javascript
1364programs, and not rely on C<eval> (see for example Douglas Crockford's
1365F<json2.js> parser).
1366
1367If this is not an option, you can, as a stop-gap measure, simply encode to
1368ASCII-only JSON:
1369
1370 use JSON::XS;
1371
1372 print JSON::XS->new->ascii->encode ([chr 0x2028]);
1373
1374Note that this will enlarge the resulting JSON text quite a bit if you
1375have many non-ASCII characters. You might be tempted to run some regexes
1376to only escape U+2028 and U+2029, e.g.:
1377
1378 # DO NOT USE THIS!
1379 my $json = JSON::XS->new->utf8->encode ([chr 0x2028]);
1380 $json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028
1381 $json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029
1382 print $json;
1383
1384Note that I<this is a bad idea>: the above only works for U+2028 and
1385U+2029 and thus only for fully ECMAscript-compliant parsers. Many existing
1386javascript implementations, however, have issues with other characters as
1387well - using C<eval> naively simply I<will> cause problems.
1388
1389Another problem is that some javascript implementations reserve
1390some property names for their own purposes (which probably makes
1391them non-ECMAscript-compliant). For example, Iceweasel reserves the
1392C<__proto__> property name for its own purposes.
1393
1394If that is a problem, you could parse try to filter the resulting JSON
1395output for these property strings, e.g.:
1396
1397 $json =~ s/"__proto__"\s*:/"__proto__renamed":/g;
1398
1399This works because C<__proto__> is not valid outside of strings, so every
1400occurrence of C<"__proto__"\s*:> must be a string used as property name.
1401
1402If you know of other incompatibilities, please let me know.
1403
1404
1179=head2 JSON and YAML 1405=head2 JSON and YAML
1180 1406
1181You often hear that JSON is a subset of YAML. This is, however, a mass 1407You often hear that JSON is a subset of YAML. This is, however, a mass
1182hysteria(*) and very far from the truth (as of the time of this writing), 1408hysteria(*) and very far from the truth (as of the time of this writing),
1183so let me state it clearly: I<in general, there is no way to configure 1409so let me state it clearly: I<in general, there is no way to configure
1191 my $yaml = $to_yaml->encode ($ref) . "\n"; 1417 my $yaml = $to_yaml->encode ($ref) . "\n";
1192 1418
1193This will I<usually> generate JSON texts that also parse as valid 1419This will I<usually> generate JSON texts that also parse as valid
1194YAML. Please note that YAML has hardcoded limits on (simple) object key 1420YAML. Please note that YAML has hardcoded limits on (simple) object key
1195lengths that JSON doesn't have and also has different and incompatible 1421lengths that JSON doesn't have and also has different and incompatible
1196unicode handling, so you should make sure that your hash keys are 1422unicode character escape syntax, so you should make sure that your hash
1197noticeably shorter than the 1024 "stream characters" YAML allows and that 1423keys are noticeably shorter than the 1024 "stream characters" YAML allows
1198you do not have characters with codepoint values outside the Unicode BMP 1424and that you do not have characters with codepoint values outside the
1199(basic multilingual page). YAML also does not allow C<\/> sequences in 1425Unicode BMP (basic multilingual page). YAML also does not allow C<\/>
1200strings (which JSON::XS does not I<currently> generate, but other JSON 1426sequences in strings (which JSON::XS does not I<currently> generate, but
1201generators might). 1427other JSON generators might).
1202 1428
1203There might be other incompatibilities that I am not aware of (or the YAML 1429There might be other incompatibilities that I am not aware of (or the YAML
1204specification has been changed yet again - it does so quite often). In 1430specification has been changed yet again - it does so quite often). In
1205general you should not try to generate YAML with a JSON generator or vice 1431general you should not try to generate YAML with a JSON generator or vice
1206versa, or try to parse JSON with a YAML parser or vice versa: chances are 1432versa, or try to parse JSON with a YAML parser or vice versa: chances are
1225that difficult or long) and finally make YAML compatible to it, and 1451that difficult or long) and finally make YAML compatible to it, and
1226educating users about the changes, instead of spreading lies about the 1452educating users about the changes, instead of spreading lies about the
1227real compatibility for many I<years> and trying to silence people who 1453real compatibility for many I<years> and trying to silence people who
1228point out that it isn't true. 1454point out that it isn't true.
1229 1455
1456Addendum/2009: the YAML 1.2 spec is still incompatible with JSON, even
1457though the incompatibilities have been documented (and are known to Brian)
1458for many years and the spec makes explicit claims that YAML is a superset
1459of JSON. It would be so easy to fix, but apparently, bullying people and
1460corrupting userdata is so much easier.
1461
1230=back 1462=back
1231 1463
1232 1464
1233=head2 SPEED 1465=head2 SPEED
1234 1466
1241a very short single-line JSON string (also available at 1473a very short single-line JSON string (also available at
1242L<http://dist.schmorp.de/misc/json/short.json>). 1474L<http://dist.schmorp.de/misc/json/short.json>).
1243 1475
1244 {"method": "handleMessage", "params": ["user1", 1476 {"method": "handleMessage", "params": ["user1",
1245 "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7, 1477 "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7,
1246 true, false]} 1478 1, 0]}
1247 1479
1248It shows the number of encodes/decodes per second (JSON::XS uses 1480It shows the number of encodes/decodes per second (JSON::XS uses
1249the functional interface, while JSON::XS/2 uses the OO interface 1481the functional interface, while JSON::XS/2 uses the OO interface
1250with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables 1482with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables
1251shrink). Higher is better: 1483shrink. JSON::DWIW/DS uses the deserialise function, while JSON::DWIW::FJ
1484uses the from_json method). Higher is better:
1252 1485
1253 module | encode | decode | 1486 module | encode | decode |
1254 -----------|------------|------------| 1487 --------------|------------|------------|
1255 JSON 1.x | 4990.842 | 4088.813 | 1488 JSON::DWIW/DS | 86302.551 | 102300.098 |
1256 JSON::DWIW | 51653.990 | 71575.154 | 1489 JSON::DWIW/FJ | 86302.551 | 75983.768 |
1257 JSON::PC | 65948.176 | 74631.744 | 1490 JSON::PP | 15827.562 | 6638.658 |
1258 JSON::PP | 8931.652 | 3817.168 | 1491 JSON::Syck | 63358.066 | 47662.545 |
1259 JSON::Syck | 24877.248 | 27776.848 | 1492 JSON::XS | 511500.488 | 511500.488 |
1260 JSON::XS | 388361.481 | 227951.304 | 1493 JSON::XS/2 | 291271.111 | 388361.481 |
1261 JSON::XS/2 | 227951.304 | 218453.333 | 1494 JSON::XS/3 | 361577.931 | 361577.931 |
1262 JSON::XS/3 | 338250.323 | 218453.333 | 1495 Storable | 66788.280 | 265462.278 |
1263 Storable | 16500.016 | 135300.129 |
1264 -----------+------------+------------+ 1496 --------------+------------+------------+
1265 1497
1266That is, JSON::XS is about five times faster than JSON::DWIW on encoding, 1498That is, JSON::XS is almost six times faster than JSON::DWIW on encoding,
1267about three times faster on decoding, and over forty times faster 1499about five times faster on decoding, and over thirty to seventy times
1268than JSON, even with pretty-printing and key sorting. It also compares 1500faster than JSON's pure perl implementation. It also compares favourably
1269favourably to Storable for small amounts of data. 1501to Storable for small amounts of data.
1270 1502
1271Using a longer test string (roughly 18KB, generated from Yahoo! Locals 1503Using a longer test string (roughly 18KB, generated from Yahoo! Locals
1272search API (L<http://dist.schmorp.de/misc/json/long.json>). 1504search API (L<http://dist.schmorp.de/misc/json/long.json>).
1273 1505
1274 module | encode | decode | 1506 module | encode | decode |
1275 -----------|------------|------------| 1507 --------------|------------|------------|
1276 JSON 1.x | 55.260 | 34.971 | 1508 JSON::DWIW/DS | 1647.927 | 2673.916 |
1277 JSON::DWIW | 825.228 | 1082.513 | 1509 JSON::DWIW/FJ | 1630.249 | 2596.128 |
1278 JSON::PC | 3571.444 | 2394.829 |
1279 JSON::PP | 210.987 | 32.574 | 1510 JSON::PP | 400.640 | 62.311 |
1280 JSON::Syck | 552.551 | 787.544 | 1511 JSON::Syck | 1481.040 | 1524.869 |
1281 JSON::XS | 5780.463 | 4854.519 | 1512 JSON::XS | 20661.596 | 9541.183 |
1282 JSON::XS/2 | 3869.998 | 4798.975 | 1513 JSON::XS/2 | 10683.403 | 9416.938 |
1283 JSON::XS/3 | 5862.880 | 4798.975 | 1514 JSON::XS/3 | 20661.596 | 9400.054 |
1284 Storable | 4445.002 | 5235.027 | 1515 Storable | 19765.806 | 10000.725 |
1285 -----------+------------+------------+ 1516 --------------+------------+------------+
1286 1517
1287Again, JSON::XS leads by far (except for Storable which non-surprisingly 1518Again, JSON::XS leads by far (except for Storable which non-surprisingly
1288decodes faster). 1519decodes a bit faster).
1289 1520
1290On large strings containing lots of high Unicode characters, some modules 1521On large strings containing lots of high Unicode characters, some modules
1291(such as JSON::PC) seem to decode faster than JSON::XS, but the result 1522(such as JSON::PC) seem to decode faster than JSON::XS, but the result
1292will be broken due to missing (or wrong) Unicode handling. Others refuse 1523will be broken due to missing (or wrong) Unicode handling. Others refuse
1293to decode or encode properly, so it was impossible to prepare a fair 1524to decode or encode properly, so it was impossible to prepare a fair
1329information you might want to make sure that exceptions thrown by JSON::XS 1560information you might want to make sure that exceptions thrown by JSON::XS
1330will not end up in front of untrusted eyes. 1561will not end up in front of untrusted eyes.
1331 1562
1332If you are using JSON::XS to return packets to consumption 1563If you are using JSON::XS to return packets to consumption
1333by JavaScript scripts in a browser you should have a look at 1564by JavaScript scripts in a browser you should have a look at
1334L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether 1565L<http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> to
1335you are vulnerable to some common attack vectors (which really are browser 1566see whether you are vulnerable to some common attack vectors (which really
1336design bugs, but it is still you who will have to deal with it, as major 1567are browser design bugs, but it is still you who will have to deal with
1337browser developers care only for features, not about getting security 1568it, as major browser developers care only for features, not about getting
1338right). 1569security right).
1339 1570
1340 1571
1572=head1 "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159)
1573
1574TL;DR: Due to security concerns, JSON::XS will not allow scalar data in
1575JSON texts by default - you need to create your own JSON::XS object and
1576enable C<allow_nonref>:
1577
1578
1579 my $json = JSON::XS->new->allow_nonref;
1580
1581 $text = $json->encode ($data);
1582 $data = $json->decode ($text);
1583
1584The long version: JSON being an important and supposedly stable format,
1585the IETF standardised it as RFC 4627 in 2006. Unfortunately, the inventor
1586of JSON, Dougles Crockford, unilaterally changed the definition of JSON in
1587javascript. Rather than create a fork, the IETF decided to standardise the
1588new syntax (apparently, so Iw as told, without finding it very amusing).
1589
1590The biggest difference between thed original JSON and the new JSON is that
1591the new JSON supports scalars (anything other than arrays and objects) at
1592the toplevel of a JSON text. While this is strictly backwards compatible
1593to older versions, it breaks a number of protocols that relied on sending
1594JSON back-to-back, and is a minor security concern.
1595
1596For example, imagine you have two banks communicating, and on one side,
1597trhe JSON coder gets upgraded. Two messages, such as C<10> and C<1000>
1598might then be confused to mean C<101000>, something that couldn't happen
1599in the original JSON, because niether of these messages would be valid
1600JSON.
1601
1602If one side accepts these messages, then an upgrade in the coder on either
1603side could result in this becoming exploitable.
1604
1605This module has always allowed these messages as an optional extension, by
1606default disabled. The security concerns are the reason why the default is
1607still disabled, but future versions might/will likely upgrade to the newer
1608RFC as default format, so you are advised to check your implementation
1609and/or override the default with C<< ->allow_nonref (0) >> to ensure that
1610future versions are safe.
1611
1612
1613=head1 INTEROPERABILITY WITH OTHER MODULES
1614
1615C<JSON::XS> uses the L<Types::Serialiser> module to provide boolean
1616constants. That means that the JSON true and false values will be
1617comaptible to true and false values of other modules that do the same,
1618such as L<JSON::PP> and L<CBOR::XS>.
1619
1620
1621=head1 INTEROPERABILITY WITH OTHER JSON DECODERS
1622
1623As long as you only serialise data that can be directly expressed in JSON,
1624C<JSON::XS> is incapable of generating invalid JSON output (modulo bugs,
1625but C<JSON::XS> has found more bugs in the official JSON testsuite (1)
1626than the official JSON testsuite has found in C<JSON::XS> (0)).
1627
1628When you have trouble decoding JSON generated by this module using other
1629decoders, then it is very likely that you have an encoding mismatch or the
1630other decoder is broken.
1631
1632When decoding, C<JSON::XS> is strict by default and will likely catch all
1633errors. There are currently two settings that change this: C<relaxed>
1634makes C<JSON::XS> accept (but not generate) some non-standard extensions,
1635and C<allow_tags> will allow you to encode and decode Perl objects, at the
1636cost of not outputting valid JSON anymore.
1637
1638=head2 TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS
1639
1640When you use C<allow_tags> to use the extended (and also nonstandard and
1641invalid) JSON syntax for serialised objects, and you still want to decode
1642the generated When you want to serialise objects, you can run a regex
1643to replace the tagged syntax by standard JSON arrays (it only works for
1644"normal" package names without comma, newlines or single colons). First,
1645the readable Perl version:
1646
1647 # if your FREEZE methods return no values, you need this replace first:
1648 $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx;
1649
1650 # this works for non-empty constructor arg lists:
1651 $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx;
1652
1653And here is a less readable version that is easy to adapt to other
1654languages:
1655
1656 $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g;
1657
1658Here is an ECMAScript version (same regex):
1659
1660 json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,");
1661
1662Since this syntax converts to standard JSON arrays, it might be hard to
1663distinguish serialised objects from normal arrays. You can prepend a
1664"magic number" as first array element to reduce chances of a collision:
1665
1666 $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g;
1667
1668And after decoding the JSON text, you could walk the data
1669structure looking for arrays with a first element of
1670C<XU1peReLzT4ggEllLanBYq4G9VzliwKF>.
1671
1672The same approach can be used to create the tagged format with another
1673encoder. First, you create an array with the magic string as first member,
1674the classname as second, and constructor arguments last, encode it as part
1675of your JSON structure, and then:
1676
1677 $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g;
1678
1679Again, this has some limitations - the magic string must not be encoded
1680with character escapes, and the constructor arguments must be non-empty.
1681
1682
1683=head1 RFC7159
1684
1685Since this module was written, Google has written a new JSON RFC, RFC 7159
1686(and RFC7158). Unfortunately, this RFC breaks compatibility with both the
1687original JSON specification on www.json.org and RFC4627.
1688
1689As far as I can see, you can get partial compatibility when parsing by
1690using C<< ->allow_nonref >>. However, consider the security implications
1691of doing so.
1692
1693I haven't decided yet when to break compatibility with RFC4627 by default
1694(and potentially leave applications insecure) and change the default to
1695follow RFC7159, but application authors are well advised to call C<<
1696->allow_nonref(0) >> even if this is the current default, if they cannot
1697handle non-reference values, in preparation for the day when the default
1698will change.
1699
1700
1341=head1 THREADS 1701=head1 (I-)THREADS
1342 1702
1343This module is I<not> guaranteed to be thread safe and there are no 1703This module is I<not> guaranteed to be ithread (or MULTIPLICITY-) safe
1344plans to change this until Perl gets thread support (as opposed to the 1704and there are no plans to change this. Note that perl's builtin so-called
1345horribly slow so-called "threads" which are simply slow and bloated 1705threads/ithreads are officially deprecated and should not be used.
1346process simulations - use fork, it's I<much> faster, cheaper, better).
1347 1706
1348(It might actually work, but you have been warned). 1707
1708=head1 THE PERILS OF SETLOCALE
1709
1710Sometimes people avoid the Perl locale support and directly call the
1711system's setlocale function with C<LC_ALL>.
1712
1713This breaks both perl and modules such as JSON::XS, as stringification of
1714numbers no longer works correctly (e.g. C<$x = 0.1; print "$x"+1> might
1715print C<1>, and JSON::XS might output illegal JSON as JSON::XS relies on
1716perl to stringify numbers).
1717
1718The solution is simple: don't call C<setlocale>, or use it for only those
1719categories you need, such as C<LC_MESSAGES> or C<LC_CTYPE>.
1720
1721If you need C<LC_NUMERIC>, you should enable it only around the code that
1722actually needs it (avoiding stringification of numbers), and restore it
1723afterwards.
1349 1724
1350 1725
1351=head1 BUGS 1726=head1 BUGS
1352 1727
1353While the goal of this module is to be correct, that unfortunately does 1728While the goal of this module is to be correct, that unfortunately does
1357Please refrain from using rt.cpan.org or any other bug reporting 1732Please refrain from using rt.cpan.org or any other bug reporting
1358service. I put the contact address into my modules for a reason. 1733service. I put the contact address into my modules for a reason.
1359 1734
1360=cut 1735=cut
1361 1736
1362our $true = do { bless \(my $dummy = 1), "JSON::XS::Boolean" }; 1737BEGIN {
1363our $false = do { bless \(my $dummy = 0), "JSON::XS::Boolean" }; 1738 *true = \$Types::Serialiser::true;
1739 *true = \&Types::Serialiser::true;
1740 *false = \$Types::Serialiser::false;
1741 *false = \&Types::Serialiser::false;
1742 *is_bool = \&Types::Serialiser::is_bool;
1364 1743
1365sub true() { $true } 1744 *JSON::XS::Boolean:: = *Types::Serialiser::Boolean::;
1366sub false() { $false }
1367
1368sub is_bool($) {
1369 UNIVERSAL::isa $_[0], "JSON::XS::Boolean"
1370# or UNIVERSAL::isa $_[0], "JSON::Literal"
1371} 1745}
1372 1746
1373XSLoader::load "JSON::XS", $VERSION; 1747XSLoader::load "JSON::XS", $VERSION;
1374
1375package JSON::XS::Boolean;
1376
1377use overload
1378 "0+" => sub { ${$_[0]} },
1379 "++" => sub { $_[0] = ${$_[0]} + 1 },
1380 "--" => sub { $_[0] = ${$_[0]} - 1 },
1381 fallback => 1;
1382
13831;
1384 1748
1385=head1 SEE ALSO 1749=head1 SEE ALSO
1386 1750
1387The F<json_xs> command line utility for quick experiments. 1751The F<json_xs> command line utility for quick experiments.
1388 1752
1391 Marc Lehmann <schmorp@schmorp.de> 1755 Marc Lehmann <schmorp@schmorp.de>
1392 http://home.schmorp.de/ 1756 http://home.schmorp.de/
1393 1757
1394=cut 1758=cut
1395 1759
17601
1761

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines