ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/JSON-XS/XS.pm
(Generate patch)

Comparing JSON-XS/XS.pm (file contents):
Revision 1.96 by root, Wed Mar 26 01:40:42 2008 UTC vs.
Revision 1.161 by root, Wed Nov 16 19:21:53 2016 UTC

1=head1 NAME 1=head1 NAME
2 2
3JSON::XS - JSON serialising/deserialising, done correctly and fast
4
3=encoding utf-8 5=encoding utf-8
4
5JSON::XS - JSON serialising/deserialising, done correctly and fast
6 6
7JSON::XS - 正しくて高速な JSON シリアライザ/デシリアライザ 7JSON::XS - 正しくて高速な JSON シリアライザ/デシリアライザ
8 (http://fleur.hio.jp/perldoc/mix/lib/JSON/XS.html) 8 (http://fleur.hio.jp/perldoc/mix/lib/JSON/XS.html)
9 9
10=head1 SYNOPSIS 10=head1 SYNOPSIS
37primary goal is to be I<correct> and its secondary goal is to be 37primary goal is to be I<correct> and its secondary goal is to be
38I<fast>. To reach the latter goal it was written in C. 38I<fast>. To reach the latter goal it was written in C.
39 39
40Beginning with version 2.0 of the JSON module, when both JSON and 40Beginning with version 2.0 of the JSON module, when both JSON and
41JSON::XS are installed, then JSON will fall back on JSON::XS (this can be 41JSON::XS are installed, then JSON will fall back on JSON::XS (this can be
42overriden) with no overhead due to emulation (by inheritign constructor 42overridden) with no overhead due to emulation (by inheriting constructor
43and methods). If JSON::XS is not available, it will fall back to the 43and methods). If JSON::XS is not available, it will fall back to the
44compatible JSON::PP module as backend, so using JSON instead of JSON::XS 44compatible JSON::PP module as backend, so using JSON instead of JSON::XS
45gives you a portable JSON API that can be fast when you need and doesn't 45gives you a portable JSON API that can be fast when you need and doesn't
46require a C compiler when that is a problem. 46require a C compiler when that is a problem.
47 47
49to write yet another JSON module? While it seems there are many JSON 49to write yet another JSON module? While it seems there are many JSON
50modules, none of them correctly handle all corner cases, and in most cases 50modules, none of them correctly handle all corner cases, and in most cases
51their maintainers are unresponsive, gone missing, or not listening to bug 51their maintainers are unresponsive, gone missing, or not listening to bug
52reports for other reasons. 52reports for other reasons.
53 53
54See COMPARISON, below, for a comparison to some other JSON modules.
55
56See MAPPING, below, on how JSON::XS maps perl values to JSON values and 54See MAPPING, below, on how JSON::XS maps perl values to JSON values and
57vice versa. 55vice versa.
58 56
59=head2 FEATURES 57=head2 FEATURES
60 58
65This module knows how to handle Unicode, documents how and when it does 63This module knows how to handle Unicode, documents how and when it does
66so, and even documents what "correct" means. 64so, and even documents what "correct" means.
67 65
68=item * round-trip integrity 66=item * round-trip integrity
69 67
70When you serialise a perl data structure using only datatypes supported 68When you serialise a perl data structure using only data types supported
71by JSON, the deserialised data structure is identical on the Perl level. 69by JSON and Perl, the deserialised data structure is identical on the Perl
72(e.g. the string "2.0" doesn't suddenly become "2" just because it looks 70level. (e.g. the string "2.0" doesn't suddenly become "2" just because
73like a number). There minor I<are> exceptions to this, read the MAPPING 71it looks like a number). There I<are> minor exceptions to this, read the
74section below to learn about those. 72MAPPING section below to learn about those.
75 73
76=item * strict checking of JSON correctness 74=item * strict checking of JSON correctness
77 75
78There is no guessing, no generating of illegal JSON texts by default, 76There is no guessing, no generating of illegal JSON texts by default,
79and only JSON is accepted as input by default (the latter is a security 77and only JSON is accepted as input by default (the latter is a security
84Compared to other JSON modules and other serialisers such as Storable, 82Compared to other JSON modules and other serialisers such as Storable,
85this module usually compares favourably in terms of speed, too. 83this module usually compares favourably in terms of speed, too.
86 84
87=item * simple to use 85=item * simple to use
88 86
89This module has both a simple functional interface as well as an objetc 87This module has both a simple functional interface as well as an object
90oriented interface interface. 88oriented interface.
91 89
92=item * reasonably versatile output formats 90=item * reasonably versatile output formats
93 91
94You can choose between the most compact guaranteed-single-line format 92You can choose between the most compact guaranteed-single-line format
95possible (nice for simple line-based protocols), a pure-ascii format 93possible (nice for simple line-based protocols), a pure-ASCII format
96(for when your transport is not 8-bit clean, still supports the whole 94(for when your transport is not 8-bit clean, still supports the whole
97Unicode range), or a pretty-printed format (for when you want to read that 95Unicode range), or a pretty-printed format (for when you want to read that
98stuff). Or you can combine those features in whatever way you like. 96stuff). Or you can combine those features in whatever way you like.
99 97
100=back 98=back
101 99
102=cut 100=cut
103 101
104package JSON::XS; 102package JSON::XS;
105 103
106use strict; 104use common::sense;
107 105
108our $VERSION = '2.1'; 106our $VERSION = 3.03;
109our @ISA = qw(Exporter); 107our @ISA = qw(Exporter);
110 108
111our @EXPORT = qw(encode_json decode_json to_json from_json); 109our @EXPORT = qw(encode_json decode_json);
112
113sub to_json($) {
114 require Carp;
115 Carp::croak ("JSON::XS::to_json has been renamed to encode_json, either downgrade to pre-2.0 versions of JSON::XS or rename the call");
116}
117
118sub from_json($) {
119 require Carp;
120 Carp::croak ("JSON::XS::from_json has been renamed to decode_json, either downgrade to pre-2.0 versions of JSON::XS or rename the call");
121}
122 110
123use Exporter; 111use Exporter;
124use XSLoader; 112use XSLoader;
125 113
114use Types::Serialiser ();
115
126=head1 FUNCTIONAL INTERFACE 116=head1 FUNCTIONAL INTERFACE
127 117
128The following convenience methods are provided by this module. They are 118The following convenience methods are provided by this module. They are
129exported by default: 119exported by default:
130 120
137 127
138This function call is functionally identical to: 128This function call is functionally identical to:
139 129
140 $json_text = JSON::XS->new->utf8->encode ($perl_scalar) 130 $json_text = JSON::XS->new->utf8->encode ($perl_scalar)
141 131
142except being faster. 132Except being faster.
143 133
144=item $perl_scalar = decode_json $json_text 134=item $perl_scalar = decode_json $json_text
145 135
146The opposite of C<encode_json>: expects an UTF-8 (binary) string and tries 136The opposite of C<encode_json>: expects an UTF-8 (binary) string and tries
147to parse that as an UTF-8 encoded JSON text, returning the resulting 137to parse that as an UTF-8 encoded JSON text, returning the resulting
149 139
150This function call is functionally identical to: 140This function call is functionally identical to:
151 141
152 $perl_scalar = JSON::XS->new->utf8->decode ($json_text) 142 $perl_scalar = JSON::XS->new->utf8->decode ($json_text)
153 143
154except being faster. 144Except being faster.
155
156=item $is_boolean = JSON::XS::is_bool $scalar
157
158Returns true if the passed scalar represents either JSON::XS::true or
159JSON::XS::false, two constants that act like C<1> and C<0>, respectively
160and are used to represent JSON C<true> and C<false> values in Perl.
161
162See MAPPING, below, for more information on how JSON values are mapped to
163Perl.
164 145
165=back 146=back
166 147
167 148
168=head1 A FEW NOTES ON UNICODE AND PERL 149=head1 A FEW NOTES ON UNICODE AND PERL
197 178
198If you didn't know about that flag, just the better, pretend it doesn't 179If you didn't know about that flag, just the better, pretend it doesn't
199exist. 180exist.
200 181
201=item 4. A "Unicode String" is simply a string where each character can be 182=item 4. A "Unicode String" is simply a string where each character can be
202validly interpreted as a Unicode codepoint. 183validly interpreted as a Unicode code point.
203 184
204If you have UTF-8 encoded data, it is no longer a Unicode string, but a 185If you have UTF-8 encoded data, it is no longer a Unicode string, but a
205Unicode string encoded in UTF-8, giving you a binary string. 186Unicode string encoded in UTF-8, giving you a binary string.
206 187
207=item 5. A string containing "high" (> 255) character values is I<not> a UTF-8 string. 188=item 5. A string containing "high" (> 255) character values is I<not> a UTF-8 string.
423 [ 404 [
424 1, # this comment not allowed in JSON 405 1, # this comment not allowed in JSON
425 # neither this one... 406 # neither this one...
426 ] 407 ]
427 408
409=item * literal ASCII TAB characters in strings
410
411Literal ASCII TAB characters are now allowed in strings (and treated as
412C<\t>).
413
414 [
415 "Hello\tWorld",
416 "Hello<TAB>World", # literal <TAB> would not normally be allowed
417 ]
418
428=back 419=back
429 420
430=item $json = $json->canonical ([$enable]) 421=item $json = $json->canonical ([$enable])
431 422
432=item $enabled = $json->get_canonical 423=item $enabled = $json->get_canonical
434If C<$enable> is true (or missing), then the C<encode> method will output JSON objects 425If C<$enable> is true (or missing), then the C<encode> method will output JSON objects
435by sorting their keys. This is adding a comparatively high overhead. 426by sorting their keys. This is adding a comparatively high overhead.
436 427
437If C<$enable> is false, then the C<encode> method will output key-value 428If C<$enable> is false, then the C<encode> method will output key-value
438pairs in the order Perl stores them (which will likely change between runs 429pairs in the order Perl stores them (which will likely change between runs
439of the same script). 430of the same script, and can change even within the same run from 5.18
431onwards).
440 432
441This option is useful if you want the same data structure to be encoded as 433This option is useful if you want the same data structure to be encoded as
442the same JSON text (given the same overall settings). If it is disabled, 434the same JSON text (given the same overall settings). If it is disabled,
443the same hash might be encoded differently even if contains the same data, 435the same hash might be encoded differently even if contains the same data,
444as key-value pairs have no inherent ordering in Perl. 436as key-value pairs have no inherent ordering in Perl.
445 437
446This setting has no effect when decoding JSON texts. 438This setting has no effect when decoding JSON texts.
447 439
440This setting has currently no effect on tied hashes.
441
448=item $json = $json->allow_nonref ([$enable]) 442=item $json = $json->allow_nonref ([$enable])
449 443
450=item $enabled = $json->get_allow_nonref 444=item $enabled = $json->get_allow_nonref
451 445
452If C<$enable> is true (or missing), then the C<encode> method can convert a 446If C<$enable> is true (or missing), then the C<encode> method can convert a
463resulting in an invalid JSON text: 457resulting in an invalid JSON text:
464 458
465 JSON::XS->new->allow_nonref->encode ("Hello, World!") 459 JSON::XS->new->allow_nonref->encode ("Hello, World!")
466 => "Hello, World!" 460 => "Hello, World!"
467 461
462=item $json = $json->allow_unknown ([$enable])
463
464=item $enabled = $json->get_allow_unknown
465
466If C<$enable> is true (or missing), then C<encode> will I<not> throw an
467exception when it encounters values it cannot represent in JSON (for
468example, filehandles) but instead will encode a JSON C<null> value. Note
469that blessed objects are not included here and are handled separately by
470c<allow_nonref>.
471
472If C<$enable> is false (the default), then C<encode> will throw an
473exception when it encounters anything it cannot encode as JSON.
474
475This option does not affect C<decode> in any way, and it is recommended to
476leave it off unless you know your communications partner.
477
468=item $json = $json->allow_blessed ([$enable]) 478=item $json = $json->allow_blessed ([$enable])
469 479
470=item $enabled = $json->get_allow_blessed 480=item $enabled = $json->get_allow_blessed
471 481
482See L<OBJECT SERIALISATION> for details.
483
472If C<$enable> is true (or missing), then the C<encode> method will not 484If C<$enable> is true (or missing), then the C<encode> method will not
473barf when it encounters a blessed reference. Instead, the value of the 485barf when it encounters a blessed reference that it cannot convert
474B<convert_blessed> option will decide whether C<null> (C<convert_blessed> 486otherwise. Instead, a JSON C<null> value is encoded instead of the object.
475disabled or no C<TO_JSON> method found) or a representation of the
476object (C<convert_blessed> enabled and C<TO_JSON> method found) is being
477encoded. Has no effect on C<decode>.
478 487
479If C<$enable> is false (the default), then C<encode> will throw an 488If C<$enable> is false (the default), then C<encode> will throw an
480exception when it encounters a blessed object. 489exception when it encounters a blessed object that it cannot convert
490otherwise.
491
492This setting has no effect on C<decode>.
481 493
482=item $json = $json->convert_blessed ([$enable]) 494=item $json = $json->convert_blessed ([$enable])
483 495
484=item $enabled = $json->get_convert_blessed 496=item $enabled = $json->get_convert_blessed
497
498See L<OBJECT SERIALISATION> for details.
485 499
486If C<$enable> is true (or missing), then C<encode>, upon encountering a 500If C<$enable> is true (or missing), then C<encode>, upon encountering a
487blessed object, will check for the availability of the C<TO_JSON> method 501blessed object, will check for the availability of the C<TO_JSON> method
488on the object's class. If found, it will be called in scalar context 502on the object's class. If found, it will be called in scalar context and
489and the resulting scalar will be encoded instead of the object. If no 503the resulting scalar will be encoded instead of the object.
490C<TO_JSON> method is found, the value of C<allow_blessed> will decide what
491to do.
492 504
493The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON> 505The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON>
494returns other blessed objects, those will be handled in the same 506returns other blessed objects, those will be handled in the same
495way. C<TO_JSON> must take care of not causing an endless recursion cycle 507way. C<TO_JSON> must take care of not causing an endless recursion cycle
496(== crash) in this case. The name of C<TO_JSON> was chosen because other 508(== crash) in this case. The name of C<TO_JSON> was chosen because other
497methods called by the Perl core (== not by the user of the object) are 509methods called by the Perl core (== not by the user of the object) are
498usually in upper case letters and to avoid collisions with any C<to_json> 510usually in upper case letters and to avoid collisions with any C<to_json>
499function or method. 511function or method.
500 512
501This setting does not yet influence C<decode> in any way, but in the 513If C<$enable> is false (the default), then C<encode> will not consider
502future, global hooks might get installed that influence C<decode> and are 514this type of conversion.
503enabled by this setting.
504 515
505If C<$enable> is false, then the C<allow_blessed> setting will decide what 516This setting has no effect on C<decode>.
506to do when a blessed object is found. 517
518=item $json = $json->allow_tags ([$enable])
519
520=item $enabled = $json->allow_tags
521
522See L<OBJECT SERIALISATION> for details.
523
524If C<$enable> is true (or missing), then C<encode>, upon encountering a
525blessed object, will check for the availability of the C<FREEZE> method on
526the object's class. If found, it will be used to serialise the object into
527a nonstandard tagged JSON value (that JSON decoders cannot decode).
528
529It also causes C<decode> to parse such tagged JSON values and deserialise
530them via a call to the C<THAW> method.
531
532If C<$enable> is false (the default), then C<encode> will not consider
533this type of conversion, and tagged JSON values will cause a parse error
534in C<decode>, as if tags were not part of the grammar.
507 535
508=item $json = $json->filter_json_object ([$coderef->($hashref)]) 536=item $json = $json->filter_json_object ([$coderef->($hashref)])
509 537
510When C<$coderef> is specified, it will be called from C<decode> each 538When C<$coderef> is specified, it will be called from C<decode> each
511time it decodes a JSON object. The only argument is a reference to the 539time it decodes a JSON object. The only argument is a reference to the
612=item $json = $json->max_depth ([$maximum_nesting_depth]) 640=item $json = $json->max_depth ([$maximum_nesting_depth])
613 641
614=item $max_depth = $json->get_max_depth 642=item $max_depth = $json->get_max_depth
615 643
616Sets the maximum nesting level (default C<512>) accepted while encoding 644Sets the maximum nesting level (default C<512>) accepted while encoding
617or decoding. If the JSON text or Perl data structure has an equal or 645or decoding. If a higher nesting level is detected in JSON text or a Perl
618higher nesting level then this limit, then the encoder and decoder will 646data structure, then the encoder and decoder will stop and croak at that
619stop and croak at that point. 647point.
620 648
621Nesting level is defined by number of hash- or arrayrefs that the encoder 649Nesting level is defined by number of hash- or arrayrefs that the encoder
622needs to traverse to reach a given point or the number of C<{> or C<[> 650needs to traverse to reach a given point or the number of C<{> or C<[>
623characters without their matching closing parenthesis crossed to reach a 651characters without their matching closing parenthesis crossed to reach a
624given character in a string. 652given character in a string.
625 653
626Setting the maximum depth to one disallows any nesting, so that ensures 654Setting the maximum depth to one disallows any nesting, so that ensures
627that the object is only a single hash/object or array. 655that the object is only a single hash/object or array.
628 656
629The argument to C<max_depth> will be rounded up to the next highest power
630of two. If no argument is given, the highest possible setting will be 657If no argument is given, the highest possible setting will be used, which
631used, which is rarely useful. 658is rarely useful.
659
660Note that nesting is implemented by recursion in C. The default value has
661been chosen to be as large as typical operating systems allow without
662crashing.
632 663
633See SECURITY CONSIDERATIONS, below, for more info on why this is useful. 664See SECURITY CONSIDERATIONS, below, for more info on why this is useful.
634 665
635=item $json = $json->max_size ([$maximum_string_size]) 666=item $json = $json->max_size ([$maximum_string_size])
636 667
637=item $max_size = $json->get_max_size 668=item $max_size = $json->get_max_size
638 669
639Set the maximum length a JSON text may have (in bytes) where decoding is 670Set the maximum length a JSON text may have (in bytes) where decoding is
640being attempted. The default is C<0>, meaning no limit. When C<decode> 671being attempted. The default is C<0>, meaning no limit. When C<decode>
641is called on a string longer then this number of characters it will not 672is called on a string that is longer then this many bytes, it will not
642attempt to decode the string but throw an exception. This setting has no 673attempt to decode the string but throw an exception. This setting has no
643effect on C<encode> (yet). 674effect on C<encode> (yet).
644 675
645The argument to C<max_size> will be rounded up to the next B<highest> 676If no argument is given, the limit check will be deactivated (same as when
646power of two (so may be more than requested). If no argument is given, the 677C<0> is specified).
647limit check will be deactivated (same as when C<0> is specified).
648 678
649See SECURITY CONSIDERATIONS, below, for more info on why this is useful. 679See SECURITY CONSIDERATIONS, below, for more info on why this is useful.
650 680
651=item $json_text = $json->encode ($perl_scalar) 681=item $json_text = $json->encode ($perl_scalar)
652 682
653Converts the given Perl data structure (a simple scalar or a reference 683Converts the given Perl value or data structure to its JSON
654to a hash or array) to its JSON representation. Simple scalars will be 684representation. Croaks on error.
655converted into JSON string or number sequences, while references to arrays
656become JSON arrays and references to hashes become JSON objects. Undefined
657Perl values (e.g. C<undef>) become JSON C<null> values. Neither C<true>
658nor C<false> values will be generated.
659 685
660=item $perl_scalar = $json->decode ($json_text) 686=item $perl_scalar = $json->decode ($json_text)
661 687
662The opposite of C<encode>: expects a JSON text and tries to parse it, 688The opposite of C<encode>: expects a JSON text and tries to parse it,
663returning the resulting simple scalar or reference. Croaks on error. 689returning the resulting simple scalar or reference. Croaks on error.
664
665JSON numbers and strings become simple Perl scalars. JSON arrays become
666Perl arrayrefs and JSON objects become Perl hashrefs. C<true> becomes
667C<1>, C<false> becomes C<0> and C<null> becomes C<undef>.
668 690
669=item ($perl_scalar, $characters) = $json->decode_prefix ($json_text) 691=item ($perl_scalar, $characters) = $json->decode_prefix ($json_text)
670 692
671This works like the C<decode> method, but instead of raising an exception 693This works like the C<decode> method, but instead of raising an exception
672when there is trailing garbage after the first JSON object, it will 694when there is trailing garbage after the first JSON object, it will
673silently stop parsing there and return the number of characters consumed 695silently stop parsing there and return the number of characters consumed
674so far. 696so far.
675 697
676This is useful if your JSON texts are not delimited by an outer protocol 698This is useful if your JSON texts are not delimited by an outer protocol
677(which is not the brightest thing to do in the first place) and you need
678to know where the JSON text ends. 699and you need to know where the JSON text ends.
679 700
680 JSON::XS->new->decode_prefix ("[1] the tail") 701 JSON::XS->new->decode_prefix ("[1] the tail")
681 => ([], 3) 702 => ([1], 3)
682 703
683=back 704=back
684 705
685 706
686=head1 INCREMENTAL PARSING 707=head1 INCREMENTAL PARSING
687
688[This section is still EXPERIMENTAL]
689 708
690In some cases, there is the need for incremental parsing of JSON 709In some cases, there is the need for incremental parsing of JSON
691texts. While this module always has to keep both JSON text and resulting 710texts. While this module always has to keep both JSON text and resulting
692Perl data structure in memory at one time, it does allow you to parse a 711Perl data structure in memory at one time, it does allow you to parse a
693JSON stream incrementally. It does so by accumulating text until it has 712JSON stream incrementally. It does so by accumulating text until it has
694a full JSON object, which it then can decode. This process is similar to 713a full JSON object, which it then can decode. This process is similar to
695using C<decode_prefix> to see if a full JSON object is available, but is 714using C<decode_prefix> to see if a full JSON object is available, but
696much more efficient (JSON::XS will only attempt to parse the JSON text 715is much more efficient (and can be implemented with a minimum of method
716calls).
717
718JSON::XS will only attempt to parse the JSON text once it is sure it
697once it is sure it has enough text to get a decisive result, using a very 719has enough text to get a decisive result, using a very simple but
698simple but truly incremental parser). 720truly incremental parser. This means that it sometimes won't stop as
721early as the full parser, for example, it doesn't detect mismatched
722parentheses. The only thing it guarantees is that it starts decoding as
723soon as a syntactically valid JSON text has been seen. This means you need
724to set resource limits (e.g. C<max_size>) to ensure the parser will stop
725parsing in the presence if syntax errors.
699 726
700The following two methods deal with this. 727The following methods implement this incremental parser.
701 728
702=over 4 729=over 4
703 730
704=item [void, scalar or list context] = $json->incr_parse ([$string]) 731=item [void, scalar or list context] = $json->incr_parse ([$string])
705 732
716 743
717If the method is called in scalar context, then it will try to extract 744If the method is called in scalar context, then it will try to extract
718exactly I<one> JSON object. If that is successful, it will return this 745exactly I<one> JSON object. If that is successful, it will return this
719object, otherwise it will return C<undef>. If there is a parse error, 746object, otherwise it will return C<undef>. If there is a parse error,
720this method will croak just as C<decode> would do (one can then use 747this method will croak just as C<decode> would do (one can then use
721C<incr_skip> to skip the errornous part). This is the most common way of 748C<incr_skip> to skip the erroneous part). This is the most common way of
722using the method. 749using the method.
723 750
724And finally, in list context, it will try to extract as many objects 751And finally, in list context, it will try to extract as many objects
725from the stream as it can find and return them, or the empty list 752from the stream as it can find and return them, or the empty list
726otherwise. For this to work, there must be no separators between the JSON 753otherwise. For this to work, there must be no separators (other than
727objects or arrays, instead they must be concatenated back-to-back. If 754whitespace) between the JSON objects or arrays, instead they must be
728an error occurs, an exception will be raised as in the scalar context 755concatenated back-to-back. If an error occurs, an exception will be
729case. Note that in this case, any previously-parsed JSON texts will be 756raised as in the scalar context case. Note that in this case, any
730lost. 757previously-parsed JSON texts will be lost.
731 758
732If there is a parse 759Example: Parse some JSON arrays/objects in a given string and return
760them.
761
762 my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]");
733 763
734=item $lvalue_string = $json->incr_text 764=item $lvalue_string = $json->incr_text
735 765
736This method returns the currently stored JSON fragment as an lvalue, that 766This method returns the currently stored JSON fragment as an lvalue, that
737is, you can manipulate it. This I<only> works when a preceding call to 767is, you can manipulate it. This I<only> works when a preceding call to
739all other circumstances you must not call this function (I mean it. 769all other circumstances you must not call this function (I mean it.
740although in simple tests it might actually work, it I<will> fail under 770although in simple tests it might actually work, it I<will> fail under
741real world conditions). As a special exception, you can also call this 771real world conditions). As a special exception, you can also call this
742method before having parsed anything. 772method before having parsed anything.
743 773
774That means you can only use this function to look at or manipulate text
775before or after complete JSON objects, not while the parser is in the
776middle of parsing a JSON object.
777
744This function is useful in two cases: a) finding the trailing text after a 778This function is useful in two cases: a) finding the trailing text after a
745JSON object or b) parsing multiple JSON objects separated by non-JSON text 779JSON object or b) parsing multiple JSON objects separated by non-JSON text
746(such as commas). 780(such as commas).
747 781
782=item $json->incr_skip
783
784This will reset the state of the incremental parser and will remove
785the parsed text from the input buffer so far. This is useful after
786C<incr_parse> died, in which case the input buffer and incremental parser
787state is left unchanged, to skip the text parsed so far and to reset the
788parse state.
789
790The difference to C<incr_reset> is that only text until the parse error
791occurred is removed.
792
793=item $json->incr_reset
794
795This completely resets the incremental parser, that is, after this call,
796it will be as if the parser had never parsed anything.
797
798This is useful if you want to repeatedly parse JSON objects and want to
799ignore any trailing data, which means you have to reset the parser after
800each successful decode.
801
748=back 802=back
749 803
750=head2 LIMITATIONS 804=head2 LIMITATIONS
751 805
752All options that affect decoding are supported, except 806All options that affect decoding are supported, except
753C<allow_nonref>. The reason for this is that it cannot be made to 807C<allow_nonref>. The reason for this is that it cannot be made to work
754work sensibly: JSON objects and arrays are self-delimited, i.e. you can concatenate 808sensibly: JSON objects and arrays are self-delimited, i.e. you can
755them back to back and still decode them perfectly. This does not hold true 809concatenate them back to back and still decode them perfectly. This does
756for JSON numbers, however. 810not hold true for JSON numbers, however.
757 811
758For example, is the string C<1> a single JSON number, or is it simply the 812For example, is the string C<1> a single JSON number, or is it simply the
759start of C<12>? Or is C<12> a single JSON number, or the concatenation 813start of C<12>? Or is C<12> a single JSON number, or the concatenation
760of C<1> and C<2>? In neither case you can tell, and this is why JSON::XS 814of C<1> and C<2>? In neither case you can tell, and this is why JSON::XS
761takes the conservative route and disallows this case. 815takes the conservative route and disallows this case.
940If the number consists of digits only, JSON::XS will try to represent 994If the number consists of digits only, JSON::XS will try to represent
941it as an integer value. If that fails, it will try to represent it as 995it as an integer value. If that fails, it will try to represent it as
942a numeric (floating point) value if that is possible without loss of 996a numeric (floating point) value if that is possible without loss of
943precision. Otherwise it will preserve the number as a string value (in 997precision. Otherwise it will preserve the number as a string value (in
944which case you lose roundtripping ability, as the JSON number will be 998which case you lose roundtripping ability, as the JSON number will be
945re-encoded toa JSON string). 999re-encoded to a JSON string).
946 1000
947Numbers containing a fractional or exponential part will always be 1001Numbers containing a fractional or exponential part will always be
948represented as numeric (floating point) values, possibly at a loss of 1002represented as numeric (floating point) values, possibly at a loss of
949precision (in which case you might lose perfect roundtripping ability, but 1003precision (in which case you might lose perfect roundtripping ability, but
950the JSON number will still be re-encoded as a JSON number). 1004the JSON number will still be re-encoded as a JSON number).
951 1005
1006Note that precision is not accuracy - binary floating point values cannot
1007represent most decimal fractions exactly, and when converting from and to
1008floating point, JSON::XS only guarantees precision up to but not including
1009the least significant bit.
1010
952=item true, false 1011=item true, false
953 1012
954These JSON atoms become C<JSON::XS::true> and C<JSON::XS::false>, 1013These JSON atoms become C<Types::Serialiser::true> and
955respectively. They are overloaded to act almost exactly like the numbers 1014C<Types::Serialiser::false>, respectively. They are overloaded to act
956C<1> and C<0>. You can check whether a scalar is a JSON boolean by using 1015almost exactly like the numbers C<1> and C<0>. You can check whether
957the C<JSON::XS::is_bool> function. 1016a scalar is a JSON boolean by using the C<Types::Serialiser::is_bool>
1017function (after C<use Types::Serialier>, of course).
958 1018
959=item null 1019=item null
960 1020
961A JSON null atom becomes C<undef> in Perl. 1021A JSON null atom becomes C<undef> in Perl.
1022
1023=item shell-style comments (C<< # I<text> >>)
1024
1025As a nonstandard extension to the JSON syntax that is enabled by the
1026C<relaxed> setting, shell-style comments are allowed. They can start
1027anywhere outside strings and go till the end of the line.
1028
1029=item tagged values (C<< (I<tag>)I<value> >>).
1030
1031Another nonstandard extension to the JSON syntax, enabled with the
1032C<allow_tags> setting, are tagged values. In this implementation, the
1033I<tag> must be a perl package/class name encoded as a JSON string, and the
1034I<value> must be a JSON array encoding optional constructor arguments.
1035
1036See L<OBJECT SERIALISATION>, below, for details.
962 1037
963=back 1038=back
964 1039
965 1040
966=head2 PERL -> JSON 1041=head2 PERL -> JSON
971 1046
972=over 4 1047=over 4
973 1048
974=item hash references 1049=item hash references
975 1050
976Perl hash references become JSON objects. As there is no inherent ordering 1051Perl hash references become JSON objects. As there is no inherent
977in hash keys (or JSON objects), they will usually be encoded in a 1052ordering in hash keys (or JSON objects), they will usually be encoded
978pseudo-random order that can change between runs of the same program but 1053in a pseudo-random order. JSON::XS can optionally sort the hash keys
979stays generally the same within a single run of a program. JSON::XS can 1054(determined by the I<canonical> flag), so the same datastructure will
980optionally sort the hash keys (determined by the I<canonical> flag), so 1055serialise to the same JSON text (given same settings and version of
981the same datastructure will serialise to the same JSON text (given same 1056JSON::XS), but this incurs a runtime overhead and is only rarely useful,
982settings and version of JSON::XS), but this incurs a runtime overhead 1057e.g. when you want to compare some JSON text against another for equality.
983and is only rarely useful, e.g. when you want to compare some JSON text
984against another for equality.
985 1058
986=item array references 1059=item array references
987 1060
988Perl array references become JSON arrays. 1061Perl array references become JSON arrays.
989 1062
990=item other references 1063=item other references
991 1064
992Other unblessed references are generally not allowed and will cause an 1065Other unblessed references are generally not allowed and will cause an
993exception to be thrown, except for references to the integers C<0> and 1066exception to be thrown, except for references to the integers C<0> and
994C<1>, which get turned into C<false> and C<true> atoms in JSON. You can 1067C<1>, which get turned into C<false> and C<true> atoms in JSON.
995also use C<JSON::XS::false> and C<JSON::XS::true> to improve readability.
996 1068
1069Since C<JSON::XS> uses the boolean model from L<Types::Serialiser>, you
1070can also C<use Types::Serialiser> and then use C<Types::Serialiser::false>
1071and C<Types::Serialiser::true> to improve readability.
1072
1073 use Types::Serialiser;
997 encode_json [\0,JSON::XS::true] # yields [false,true] 1074 encode_json [\0, Types::Serialiser::true] # yields [false,true]
998 1075
999=item JSON::XS::true, JSON::XS::false 1076=item Types::Serialiser::true, Types::Serialiser::false
1000 1077
1001These special values become JSON true and JSON false values, 1078These special values from the L<Types::Serialiser> module become JSON true
1002respectively. You can also use C<\1> and C<\0> directly if you want. 1079and JSON false values, respectively. You can also use C<\1> and C<\0>
1080directly if you want.
1003 1081
1004=item blessed objects 1082=item blessed objects
1005 1083
1006Blessed objects are not directly representable in JSON. See the 1084Blessed objects are not directly representable in JSON, but C<JSON::XS>
1007C<allow_blessed> and C<convert_blessed> methods on various options on 1085allows various ways of handling objects. See L<OBJECT SERIALISATION>,
1008how to deal with this: basically, you can choose between throwing an 1086below, for details.
1009exception, encoding the reference as if it weren't blessed, or provide
1010your own serialiser method.
1011 1087
1012=item simple scalars 1088=item simple scalars
1013 1089
1014Simple Perl scalars (any scalar that is not a reference) are the most 1090Simple Perl scalars (any scalar that is not a reference) are the most
1015difficult objects to encode: JSON::XS will encode undefined scalars as 1091difficult objects to encode: JSON::XS will encode undefined scalars as
1043 1119
1044You can not currently force the type in other, less obscure, ways. Tell me 1120You can not currently force the type in other, less obscure, ways. Tell me
1045if you need this capability (but don't forget to explain why it's needed 1121if you need this capability (but don't forget to explain why it's needed
1046:). 1122:).
1047 1123
1124Note that numerical precision has the same meaning as under Perl (so
1125binary to decimal conversion follows the same rules as in Perl, which
1126can differ to other languages). Also, your perl interpreter might expose
1127extensions to the floating point numbers of your platform, such as
1128infinities or NaN's - these cannot be represented in JSON, and it is an
1129error to pass those in.
1130
1048=back 1131=back
1132
1133=head2 OBJECT SERIALISATION
1134
1135As JSON cannot directly represent Perl objects, you have to choose between
1136a pure JSON representation (without the ability to deserialise the object
1137automatically again), and a nonstandard extension to the JSON syntax,
1138tagged values.
1139
1140=head3 SERIALISATION
1141
1142What happens when C<JSON::XS> encounters a Perl object depends on the
1143C<allow_blessed>, C<convert_blessed> and C<allow_tags> settings, which are
1144used in this order:
1145
1146=over 4
1147
1148=item 1. C<allow_tags> is enabled and the object has a C<FREEZE> method.
1149
1150In this case, C<JSON::XS> uses the L<Types::Serialiser> object
1151serialisation protocol to create a tagged JSON value, using a nonstandard
1152extension to the JSON syntax.
1153
1154This works by invoking the C<FREEZE> method on the object, with the first
1155argument being the object to serialise, and the second argument being the
1156constant string C<JSON> to distinguish it from other serialisers.
1157
1158The C<FREEZE> method can return any number of values (i.e. zero or
1159more). These values and the paclkage/classname of the object will then be
1160encoded as a tagged JSON value in the following format:
1161
1162 ("classname")[FREEZE return values...]
1163
1164e.g.:
1165
1166 ("URI")["http://www.google.com/"]
1167 ("MyDate")[2013,10,29]
1168 ("ImageData::JPEG")["Z3...VlCg=="]
1169
1170For example, the hypothetical C<My::Object> C<FREEZE> method might use the
1171objects C<type> and C<id> members to encode the object:
1172
1173 sub My::Object::FREEZE {
1174 my ($self, $serialiser) = @_;
1175
1176 ($self->{type}, $self->{id})
1177 }
1178
1179=item 2. C<convert_blessed> is enabled and the object has a C<TO_JSON> method.
1180
1181In this case, the C<TO_JSON> method of the object is invoked in scalar
1182context. It must return a single scalar that can be directly encoded into
1183JSON. This scalar replaces the object in the JSON text.
1184
1185For example, the following C<TO_JSON> method will convert all L<URI>
1186objects to JSON strings when serialised. The fatc that these values
1187originally were L<URI> objects is lost.
1188
1189 sub URI::TO_JSON {
1190 my ($uri) = @_;
1191 $uri->as_string
1192 }
1193
1194=item 3. C<allow_blessed> is enabled.
1195
1196The object will be serialised as a JSON null value.
1197
1198=item 4. none of the above
1199
1200If none of the settings are enabled or the respective methods are missing,
1201C<JSON::XS> throws an exception.
1202
1203=back
1204
1205=head3 DESERIALISATION
1206
1207For deserialisation there are only two cases to consider: either
1208nonstandard tagging was used, in which case C<allow_tags> decides,
1209or objects cannot be automatically be deserialised, in which
1210case you can use postprocessing or the C<filter_json_object> or
1211C<filter_json_single_key_object> callbacks to get some real objects our of
1212your JSON.
1213
1214This section only considers the tagged value case: I a tagged JSON object
1215is encountered during decoding and C<allow_tags> is disabled, a parse
1216error will result (as if tagged values were not part of the grammar).
1217
1218If C<allow_tags> is enabled, C<JSON::XS> will look up the C<THAW> method
1219of the package/classname used during serialisation (it will not attempt
1220to load the package as a Perl module). If there is no such method, the
1221decoding will fail with an error.
1222
1223Otherwise, the C<THAW> method is invoked with the classname as first
1224argument, the constant string C<JSON> as second argument, and all the
1225values from the JSON array (the values originally returned by the
1226C<FREEZE> method) as remaining arguments.
1227
1228The method must then return the object. While technically you can return
1229any Perl scalar, you might have to enable the C<enable_nonref> setting to
1230make that work in all cases, so better return an actual blessed reference.
1231
1232As an example, let's implement a C<THAW> function that regenerates the
1233C<My::Object> from the C<FREEZE> example earlier:
1234
1235 sub My::Object::THAW {
1236 my ($class, $serialiser, $type, $id) = @_;
1237
1238 $class->new (type => $type, id => $id)
1239 }
1049 1240
1050 1241
1051=head1 ENCODING/CODESET FLAG NOTES 1242=head1 ENCODING/CODESET FLAG NOTES
1052 1243
1053The interested reader might have seen a number of flags that signify 1244The interested reader might have seen a number of flags that signify
1078=item C<utf8> flag disabled 1269=item C<utf8> flag disabled
1079 1270
1080When C<utf8> is disabled (the default), then C<encode>/C<decode> generate 1271When C<utf8> is disabled (the default), then C<encode>/C<decode> generate
1081and expect Unicode strings, that is, characters with high ordinal Unicode 1272and expect Unicode strings, that is, characters with high ordinal Unicode
1082values (> 255) will be encoded as such characters, and likewise such 1273values (> 255) will be encoded as such characters, and likewise such
1083characters are decoded as-is, no canges to them will be done, except 1274characters are decoded as-is, no changes to them will be done, except
1084"(re-)interpreting" them as Unicode codepoints or Unicode characters, 1275"(re-)interpreting" them as Unicode codepoints or Unicode characters,
1085respectively (to Perl, these are the same thing in strings unless you do 1276respectively (to Perl, these are the same thing in strings unless you do
1086funny/weird/dumb stuff). 1277funny/weird/dumb stuff).
1087 1278
1088This is useful when you want to do the encoding yourself (e.g. when you 1279This is useful when you want to do the encoding yourself (e.g. when you
1144proper subset of most 8-bit and multibyte encodings in use in the world. 1335proper subset of most 8-bit and multibyte encodings in use in the world.
1145 1336
1146=back 1337=back
1147 1338
1148 1339
1340=head2 JSON and ECMAscript
1341
1342JSON syntax is based on how literals are represented in javascript (the
1343not-standardised predecessor of ECMAscript) which is presumably why it is
1344called "JavaScript Object Notation".
1345
1346However, JSON is not a subset (and also not a superset of course) of
1347ECMAscript (the standard) or javascript (whatever browsers actually
1348implement).
1349
1350If you want to use javascript's C<eval> function to "parse" JSON, you
1351might run into parse errors for valid JSON texts, or the resulting data
1352structure might not be queryable:
1353
1354One of the problems is that U+2028 and U+2029 are valid characters inside
1355JSON strings, but are not allowed in ECMAscript string literals, so the
1356following Perl fragment will not output something that can be guaranteed
1357to be parsable by javascript's C<eval>:
1358
1359 use JSON::XS;
1360
1361 print encode_json [chr 0x2028];
1362
1363The right fix for this is to use a proper JSON parser in your javascript
1364programs, and not rely on C<eval> (see for example Douglas Crockford's
1365F<json2.js> parser).
1366
1367If this is not an option, you can, as a stop-gap measure, simply encode to
1368ASCII-only JSON:
1369
1370 use JSON::XS;
1371
1372 print JSON::XS->new->ascii->encode ([chr 0x2028]);
1373
1374Note that this will enlarge the resulting JSON text quite a bit if you
1375have many non-ASCII characters. You might be tempted to run some regexes
1376to only escape U+2028 and U+2029, e.g.:
1377
1378 # DO NOT USE THIS!
1379 my $json = JSON::XS->new->utf8->encode ([chr 0x2028]);
1380 $json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028
1381 $json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029
1382 print $json;
1383
1384Note that I<this is a bad idea>: the above only works for U+2028 and
1385U+2029 and thus only for fully ECMAscript-compliant parsers. Many existing
1386javascript implementations, however, have issues with other characters as
1387well - using C<eval> naively simply I<will> cause problems.
1388
1389Another problem is that some javascript implementations reserve
1390some property names for their own purposes (which probably makes
1391them non-ECMAscript-compliant). For example, Iceweasel reserves the
1392C<__proto__> property name for its own purposes.
1393
1394If that is a problem, you could parse try to filter the resulting JSON
1395output for these property strings, e.g.:
1396
1397 $json =~ s/"__proto__"\s*:/"__proto__renamed":/g;
1398
1399This works because C<__proto__> is not valid outside of strings, so every
1400occurrence of C<"__proto__"\s*:> must be a string used as property name.
1401
1402If you know of other incompatibilities, please let me know.
1403
1404
1149=head2 JSON and YAML 1405=head2 JSON and YAML
1150 1406
1151You often hear that JSON is a subset of YAML. This is, however, a mass 1407You often hear that JSON is a subset of YAML. This is, however, a mass
1152hysteria(*) and very far from the truth (as of the time of this writing), 1408hysteria(*) and very far from the truth (as of the time of this writing),
1153so let me state it clearly: I<in general, there is no way to configure 1409so let me state it clearly: I<in general, there is no way to configure
1161 my $yaml = $to_yaml->encode ($ref) . "\n"; 1417 my $yaml = $to_yaml->encode ($ref) . "\n";
1162 1418
1163This will I<usually> generate JSON texts that also parse as valid 1419This will I<usually> generate JSON texts that also parse as valid
1164YAML. Please note that YAML has hardcoded limits on (simple) object key 1420YAML. Please note that YAML has hardcoded limits on (simple) object key
1165lengths that JSON doesn't have and also has different and incompatible 1421lengths that JSON doesn't have and also has different and incompatible
1166unicode handling, so you should make sure that your hash keys are 1422unicode character escape syntax, so you should make sure that your hash
1167noticeably shorter than the 1024 "stream characters" YAML allows and that 1423keys are noticeably shorter than the 1024 "stream characters" YAML allows
1168you do not have characters with codepoint values outside the Unicode BMP 1424and that you do not have characters with codepoint values outside the
1169(basic multilingual page). YAML also does not allow C<\/> sequences in 1425Unicode BMP (basic multilingual page). YAML also does not allow C<\/>
1170strings (which JSON::XS does not I<currently> generate, but other JSON 1426sequences in strings (which JSON::XS does not I<currently> generate, but
1171generators might). 1427other JSON generators might).
1172 1428
1173There might be other incompatibilities that I am not aware of (or the YAML 1429There might be other incompatibilities that I am not aware of (or the YAML
1174specification has been changed yet again - it does so quite often). In 1430specification has been changed yet again - it does so quite often). In
1175general you should not try to generate YAML with a JSON generator or vice 1431general you should not try to generate YAML with a JSON generator or vice
1176versa, or try to parse JSON with a YAML parser or vice versa: chances are 1432versa, or try to parse JSON with a YAML parser or vice versa: chances are
1195that difficult or long) and finally make YAML compatible to it, and 1451that difficult or long) and finally make YAML compatible to it, and
1196educating users about the changes, instead of spreading lies about the 1452educating users about the changes, instead of spreading lies about the
1197real compatibility for many I<years> and trying to silence people who 1453real compatibility for many I<years> and trying to silence people who
1198point out that it isn't true. 1454point out that it isn't true.
1199 1455
1456Addendum/2009: the YAML 1.2 spec is still incompatible with JSON, even
1457though the incompatibilities have been documented (and are known to Brian)
1458for many years and the spec makes explicit claims that YAML is a superset
1459of JSON. It would be so easy to fix, but apparently, bullying people and
1460corrupting userdata is so much easier.
1461
1200=back 1462=back
1201 1463
1202 1464
1203=head2 SPEED 1465=head2 SPEED
1204 1466
1209 1471
1210First comes a comparison between various modules using 1472First comes a comparison between various modules using
1211a very short single-line JSON string (also available at 1473a very short single-line JSON string (also available at
1212L<http://dist.schmorp.de/misc/json/short.json>). 1474L<http://dist.schmorp.de/misc/json/short.json>).
1213 1475
1214 {"method": "handleMessage", "params": ["user1", "we were just talking"], \ 1476 {"method": "handleMessage", "params": ["user1",
1215 "id": null, "array":[1,11,234,-5,1e5,1e7, true, false]} 1477 "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7,
1478 1, 0]}
1216 1479
1217It shows the number of encodes/decodes per second (JSON::XS uses 1480It shows the number of encodes/decodes per second (JSON::XS uses
1218the functional interface, while JSON::XS/2 uses the OO interface 1481the functional interface, while JSON::XS/2 uses the OO interface
1219with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables 1482with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables
1220shrink). Higher is better: 1483shrink. JSON::DWIW/DS uses the deserialise function, while JSON::DWIW::FJ
1484uses the from_json method). Higher is better:
1221 1485
1222 module | encode | decode | 1486 module | encode | decode |
1223 -----------|------------|------------| 1487 --------------|------------|------------|
1224 JSON 1.x | 4990.842 | 4088.813 | 1488 JSON::DWIW/DS | 86302.551 | 102300.098 |
1225 JSON::DWIW | 51653.990 | 71575.154 | 1489 JSON::DWIW/FJ | 86302.551 | 75983.768 |
1226 JSON::PC | 65948.176 | 74631.744 | 1490 JSON::PP | 15827.562 | 6638.658 |
1227 JSON::PP | 8931.652 | 3817.168 | 1491 JSON::Syck | 63358.066 | 47662.545 |
1228 JSON::Syck | 24877.248 | 27776.848 | 1492 JSON::XS | 511500.488 | 511500.488 |
1229 JSON::XS | 388361.481 | 227951.304 | 1493 JSON::XS/2 | 291271.111 | 388361.481 |
1230 JSON::XS/2 | 227951.304 | 218453.333 | 1494 JSON::XS/3 | 361577.931 | 361577.931 |
1231 JSON::XS/3 | 338250.323 | 218453.333 | 1495 Storable | 66788.280 | 265462.278 |
1232 Storable | 16500.016 | 135300.129 |
1233 -----------+------------+------------+ 1496 --------------+------------+------------+
1234 1497
1235That is, JSON::XS is about five times faster than JSON::DWIW on encoding, 1498That is, JSON::XS is almost six times faster than JSON::DWIW on encoding,
1236about three times faster on decoding, and over forty times faster 1499about five times faster on decoding, and over thirty to seventy times
1237than JSON, even with pretty-printing and key sorting. It also compares 1500faster than JSON's pure perl implementation. It also compares favourably
1238favourably to Storable for small amounts of data. 1501to Storable for small amounts of data.
1239 1502
1240Using a longer test string (roughly 18KB, generated from Yahoo! Locals 1503Using a longer test string (roughly 18KB, generated from Yahoo! Locals
1241search API (L<http://dist.schmorp.de/misc/json/long.json>). 1504search API (L<http://dist.schmorp.de/misc/json/long.json>).
1242 1505
1243 module | encode | decode | 1506 module | encode | decode |
1244 -----------|------------|------------| 1507 --------------|------------|------------|
1245 JSON 1.x | 55.260 | 34.971 | 1508 JSON::DWIW/DS | 1647.927 | 2673.916 |
1246 JSON::DWIW | 825.228 | 1082.513 | 1509 JSON::DWIW/FJ | 1630.249 | 2596.128 |
1247 JSON::PC | 3571.444 | 2394.829 |
1248 JSON::PP | 210.987 | 32.574 | 1510 JSON::PP | 400.640 | 62.311 |
1249 JSON::Syck | 552.551 | 787.544 | 1511 JSON::Syck | 1481.040 | 1524.869 |
1250 JSON::XS | 5780.463 | 4854.519 | 1512 JSON::XS | 20661.596 | 9541.183 |
1251 JSON::XS/2 | 3869.998 | 4798.975 | 1513 JSON::XS/2 | 10683.403 | 9416.938 |
1252 JSON::XS/3 | 5862.880 | 4798.975 | 1514 JSON::XS/3 | 20661.596 | 9400.054 |
1253 Storable | 4445.002 | 5235.027 | 1515 Storable | 19765.806 | 10000.725 |
1254 -----------+------------+------------+ 1516 --------------+------------+------------+
1255 1517
1256Again, JSON::XS leads by far (except for Storable which non-surprisingly 1518Again, JSON::XS leads by far (except for Storable which non-surprisingly
1257decodes faster). 1519decodes a bit faster).
1258 1520
1259On large strings containing lots of high Unicode characters, some modules 1521On large strings containing lots of high Unicode characters, some modules
1260(such as JSON::PC) seem to decode faster than JSON::XS, but the result 1522(such as JSON::PC) seem to decode faster than JSON::XS, but the result
1261will be broken due to missing (or wrong) Unicode handling. Others refuse 1523will be broken due to missing (or wrong) Unicode handling. Others refuse
1262to decode or encode properly, so it was impossible to prepare a fair 1524to decode or encode properly, so it was impossible to prepare a fair
1298information you might want to make sure that exceptions thrown by JSON::XS 1560information you might want to make sure that exceptions thrown by JSON::XS
1299will not end up in front of untrusted eyes. 1561will not end up in front of untrusted eyes.
1300 1562
1301If you are using JSON::XS to return packets to consumption 1563If you are using JSON::XS to return packets to consumption
1302by JavaScript scripts in a browser you should have a look at 1564by JavaScript scripts in a browser you should have a look at
1303L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether 1565L<http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> to
1304you are vulnerable to some common attack vectors (which really are browser 1566see whether you are vulnerable to some common attack vectors (which really
1305design bugs, but it is still you who will have to deal with it, as major 1567are browser design bugs, but it is still you who will have to deal with
1306browser developers care only for features, not about getting security 1568it, as major browser developers care only for features, not about getting
1307right). 1569security right).
1570
1571
1572=head1 "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159)
1573
1574TL;DR: Due to security concerns, JSON::XS will not allow scalar data in
1575JSON texts by default - you need to create your own JSON::XS object and
1576enable C<allow_nonref>:
1577
1578
1579 my $json = JSON::XS->new->allow_nonref;
1580
1581 $text = $json->encode ($data);
1582 $data = $json->decode ($text);
1583
1584The long version: JSON being an important and supposedly stable format,
1585the IETF standardised it as RFC 4627 in 2006. Unfortunately, the inventor
1586of JSON, Dougles Crockford, unilaterally changed the definition of JSON in
1587javascript. Rather than create a fork, the IETF decided to standardise the
1588new syntax (apparently, so Iw as told, without finding it very amusing).
1589
1590The biggest difference between thed original JSON and the new JSON is that
1591the new JSON supports scalars (anything other than arrays and objects) at
1592the toplevel of a JSON text. While this is strictly backwards compatible
1593to older versions, it breaks a number of protocols that relied on sending
1594JSON back-to-back, and is a minor security concern.
1595
1596For example, imagine you have two banks communicating, and on one side,
1597trhe JSON coder gets upgraded. Two messages, such as C<10> and C<1000>
1598might then be confused to mean C<101000>, something that couldn't happen
1599in the original JSON, because niether of these messages would be valid
1600JSON.
1601
1602If one side accepts these messages, then an upgrade in the coder on either
1603side could result in this becoming exploitable.
1604
1605This module has always allowed these messages as an optional extension, by
1606default disabled. The security concerns are the reason why the default is
1607still disabled, but future versions might/will likely upgrade to the newer
1608RFC as default format, so you are advised to check your implementation
1609and/or override the default with C<< ->allow_nonref (0) >> to ensure that
1610future versions are safe.
1611
1612
1613=head1 INTEROPERABILITY WITH OTHER MODULES
1614
1615C<JSON::XS> uses the L<Types::Serialiser> module to provide boolean
1616constants. That means that the JSON true and false values will be
1617comaptible to true and false values of other modules that do the same,
1618such as L<JSON::PP> and L<CBOR::XS>.
1619
1620
1621=head1 INTEROPERABILITY WITH OTHER JSON DECODERS
1622
1623As long as you only serialise data that can be directly expressed in JSON,
1624C<JSON::XS> is incapable of generating invalid JSON output (modulo bugs,
1625but C<JSON::XS> has found more bugs in the official JSON testsuite (1)
1626than the official JSON testsuite has found in C<JSON::XS> (0)).
1627
1628When you have trouble decoding JSON generated by this module using other
1629decoders, then it is very likely that you have an encoding mismatch or the
1630other decoder is broken.
1631
1632When decoding, C<JSON::XS> is strict by default and will likely catch all
1633errors. There are currently two settings that change this: C<relaxed>
1634makes C<JSON::XS> accept (but not generate) some non-standard extensions,
1635and C<allow_tags> will allow you to encode and decode Perl objects, at the
1636cost of not outputting valid JSON anymore.
1637
1638=head2 TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS
1639
1640When you use C<allow_tags> to use the extended (and also nonstandard and
1641invalid) JSON syntax for serialised objects, and you still want to decode
1642the generated When you want to serialise objects, you can run a regex
1643to replace the tagged syntax by standard JSON arrays (it only works for
1644"normal" package names without comma, newlines or single colons). First,
1645the readable Perl version:
1646
1647 # if your FREEZE methods return no values, you need this replace first:
1648 $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx;
1649
1650 # this works for non-empty constructor arg lists:
1651 $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx;
1652
1653And here is a less readable version that is easy to adapt to other
1654languages:
1655
1656 $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g;
1657
1658Here is an ECMAScript version (same regex):
1659
1660 json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,");
1661
1662Since this syntax converts to standard JSON arrays, it might be hard to
1663distinguish serialised objects from normal arrays. You can prepend a
1664"magic number" as first array element to reduce chances of a collision:
1665
1666 $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g;
1667
1668And after decoding the JSON text, you could walk the data
1669structure looking for arrays with a first element of
1670C<XU1peReLzT4ggEllLanBYq4G9VzliwKF>.
1671
1672The same approach can be used to create the tagged format with another
1673encoder. First, you create an array with the magic string as first member,
1674the classname as second, and constructor arguments last, encode it as part
1675of your JSON structure, and then:
1676
1677 $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g;
1678
1679Again, this has some limitations - the magic string must not be encoded
1680with character escapes, and the constructor arguments must be non-empty.
1681
1682
1683=head1 RFC7159
1684
1685Since this module was written, Google has written a new JSON RFC, RFC 7159
1686(and RFC7158). Unfortunately, this RFC breaks compatibility with both the
1687original JSON specification on www.json.org and RFC4627.
1688
1689As far as I can see, you can get partial compatibility when parsing by
1690using C<< ->allow_nonref >>. However, consider the security implications
1691of doing so.
1692
1693I haven't decided yet when to break compatibility with RFC4627 by default
1694(and potentially leave applications insecure) and change the default to
1695follow RFC7159, but application authors are well advised to call C<<
1696->allow_nonref(0) >> even if this is the current default, if they cannot
1697handle non-reference values, in preparation for the day when the default
1698will change.
1308 1699
1309 1700
1310=head1 THREADS 1701=head1 THREADS
1311 1702
1312This module is I<not> guaranteed to be thread safe and there are no 1703This module is I<not> guaranteed to be thread safe and there are no
1315process simulations - use fork, it's I<much> faster, cheaper, better). 1706process simulations - use fork, it's I<much> faster, cheaper, better).
1316 1707
1317(It might actually work, but you have been warned). 1708(It might actually work, but you have been warned).
1318 1709
1319 1710
1711=head1 THE PERILS OF SETLOCALE
1712
1713Sometimes people avoid the Perl locale support and directly call the
1714system's setlocale function with C<LC_ALL>.
1715
1716This breaks both perl and modules such as JSON::XS, as stringification of
1717numbers no longer works correctly (e.g. C<$x = 0.1; print "$x"+1> might
1718print C<1>, and JSON::XS might output illegal JSON as JSON::XS relies on
1719perl to stringify numbers).
1720
1721The solution is simple: don't call C<setlocale>, or use it for only those
1722categories you need, such as C<LC_MESSAGES> or C<LC_CTYPE>.
1723
1724If you need C<LC_NUMERIC>, you should enable it only around the code that
1725actually needs it (avoiding stringification of numbers), and restore it
1726afterwards.
1727
1728
1320=head1 BUGS 1729=head1 BUGS
1321 1730
1322While the goal of this module is to be correct, that unfortunately does 1731While the goal of this module is to be correct, that unfortunately does
1323not mean it's bug-free, only that I think its design is bug-free. It is 1732not mean it's bug-free, only that I think its design is bug-free. If you
1324still relatively early in its development. If you keep reporting bugs they 1733keep reporting bugs they will be fixed swiftly, though.
1325will be fixed swiftly, though.
1326 1734
1327Please refrain from using rt.cpan.org or any other bug reporting 1735Please refrain from using rt.cpan.org or any other bug reporting
1328service. I put the contact address into my modules for a reason. 1736service. I put the contact address into my modules for a reason.
1329 1737
1330=cut 1738=cut
1331 1739
1332our $true = do { bless \(my $dummy = 1), "JSON::XS::Boolean" }; 1740BEGIN {
1333our $false = do { bless \(my $dummy = 0), "JSON::XS::Boolean" }; 1741 *true = \$Types::Serialiser::true;
1742 *true = \&Types::Serialiser::true;
1743 *false = \$Types::Serialiser::false;
1744 *false = \&Types::Serialiser::false;
1745 *is_bool = \&Types::Serialiser::is_bool;
1334 1746
1335sub true() { $true } 1747 *JSON::XS::Boolean:: = *Types::Serialiser::Boolean::;
1336sub false() { $false }
1337
1338sub is_bool($) {
1339 UNIVERSAL::isa $_[0], "JSON::XS::Boolean"
1340# or UNIVERSAL::isa $_[0], "JSON::Literal"
1341} 1748}
1342 1749
1343XSLoader::load "JSON::XS", $VERSION; 1750XSLoader::load "JSON::XS", $VERSION;
1344
1345package JSON::XS::Boolean;
1346
1347use overload
1348 "0+" => sub { ${$_[0]} },
1349 "++" => sub { $_[0] = ${$_[0]} + 1 },
1350 "--" => sub { $_[0] = ${$_[0]} - 1 },
1351 fallback => 1;
1352
13531;
1354 1751
1355=head1 SEE ALSO 1752=head1 SEE ALSO
1356 1753
1357The F<json_xs> command line utility for quick experiments. 1754The F<json_xs> command line utility for quick experiments.
1358 1755
1361 Marc Lehmann <schmorp@schmorp.de> 1758 Marc Lehmann <schmorp@schmorp.de>
1362 http://home.schmorp.de/ 1759 http://home.schmorp.de/
1363 1760
1364=cut 1761=cut
1365 1762
17631
1764

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines