ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/JSON-XS/XS.pm
(Generate patch)

Comparing JSON-XS/XS.pm (file contents):
Revision 1.99 by root, Thu Mar 27 06:37:35 2008 UTC vs.
Revision 1.157 by root, Fri Feb 26 21:46:45 2016 UTC

1=head1 NAME 1=head1 NAME
2 2
3JSON::XS - JSON serialising/deserialising, done correctly and fast
4
3=encoding utf-8 5=encoding utf-8
4
5JSON::XS - JSON serialising/deserialising, done correctly and fast
6 6
7JSON::XS - 正しくて高速な JSON シリアライザ/デシリアライザ 7JSON::XS - 正しくて高速な JSON シリアライザ/デシリアライザ
8 (http://fleur.hio.jp/perldoc/mix/lib/JSON/XS.html) 8 (http://fleur.hio.jp/perldoc/mix/lib/JSON/XS.html)
9 9
10=head1 SYNOPSIS 10=head1 SYNOPSIS
37primary goal is to be I<correct> and its secondary goal is to be 37primary goal is to be I<correct> and its secondary goal is to be
38I<fast>. To reach the latter goal it was written in C. 38I<fast>. To reach the latter goal it was written in C.
39 39
40Beginning with version 2.0 of the JSON module, when both JSON and 40Beginning with version 2.0 of the JSON module, when both JSON and
41JSON::XS are installed, then JSON will fall back on JSON::XS (this can be 41JSON::XS are installed, then JSON will fall back on JSON::XS (this can be
42overriden) with no overhead due to emulation (by inheritign constructor 42overridden) with no overhead due to emulation (by inheriting constructor
43and methods). If JSON::XS is not available, it will fall back to the 43and methods). If JSON::XS is not available, it will fall back to the
44compatible JSON::PP module as backend, so using JSON instead of JSON::XS 44compatible JSON::PP module as backend, so using JSON instead of JSON::XS
45gives you a portable JSON API that can be fast when you need and doesn't 45gives you a portable JSON API that can be fast when you need and doesn't
46require a C compiler when that is a problem. 46require a C compiler when that is a problem.
47 47
49to write yet another JSON module? While it seems there are many JSON 49to write yet another JSON module? While it seems there are many JSON
50modules, none of them correctly handle all corner cases, and in most cases 50modules, none of them correctly handle all corner cases, and in most cases
51their maintainers are unresponsive, gone missing, or not listening to bug 51their maintainers are unresponsive, gone missing, or not listening to bug
52reports for other reasons. 52reports for other reasons.
53 53
54See COMPARISON, below, for a comparison to some other JSON modules.
55
56See MAPPING, below, on how JSON::XS maps perl values to JSON values and 54See MAPPING, below, on how JSON::XS maps perl values to JSON values and
57vice versa. 55vice versa.
58 56
59=head2 FEATURES 57=head2 FEATURES
60 58
65This module knows how to handle Unicode, documents how and when it does 63This module knows how to handle Unicode, documents how and when it does
66so, and even documents what "correct" means. 64so, and even documents what "correct" means.
67 65
68=item * round-trip integrity 66=item * round-trip integrity
69 67
70When you serialise a perl data structure using only datatypes supported 68When you serialise a perl data structure using only data types supported
71by JSON, the deserialised data structure is identical on the Perl level. 69by JSON and Perl, the deserialised data structure is identical on the Perl
72(e.g. the string "2.0" doesn't suddenly become "2" just because it looks 70level. (e.g. the string "2.0" doesn't suddenly become "2" just because
73like a number). There minor I<are> exceptions to this, read the MAPPING 71it looks like a number). There I<are> minor exceptions to this, read the
74section below to learn about those. 72MAPPING section below to learn about those.
75 73
76=item * strict checking of JSON correctness 74=item * strict checking of JSON correctness
77 75
78There is no guessing, no generating of illegal JSON texts by default, 76There is no guessing, no generating of illegal JSON texts by default,
79and only JSON is accepted as input by default (the latter is a security 77and only JSON is accepted as input by default (the latter is a security
84Compared to other JSON modules and other serialisers such as Storable, 82Compared to other JSON modules and other serialisers such as Storable,
85this module usually compares favourably in terms of speed, too. 83this module usually compares favourably in terms of speed, too.
86 84
87=item * simple to use 85=item * simple to use
88 86
89This module has both a simple functional interface as well as an objetc 87This module has both a simple functional interface as well as an object
90oriented interface interface. 88oriented interface.
91 89
92=item * reasonably versatile output formats 90=item * reasonably versatile output formats
93 91
94You can choose between the most compact guaranteed-single-line format 92You can choose between the most compact guaranteed-single-line format
95possible (nice for simple line-based protocols), a pure-ascii format 93possible (nice for simple line-based protocols), a pure-ASCII format
96(for when your transport is not 8-bit clean, still supports the whole 94(for when your transport is not 8-bit clean, still supports the whole
97Unicode range), or a pretty-printed format (for when you want to read that 95Unicode range), or a pretty-printed format (for when you want to read that
98stuff). Or you can combine those features in whatever way you like. 96stuff). Or you can combine those features in whatever way you like.
99 97
100=back 98=back
101 99
102=cut 100=cut
103 101
104package JSON::XS; 102package JSON::XS;
105 103
106use strict; 104use common::sense;
107 105
108our $VERSION = '2.2'; 106our $VERSION = 3.02;
109our @ISA = qw(Exporter); 107our @ISA = qw(Exporter);
110 108
111our @EXPORT = qw(encode_json decode_json to_json from_json); 109our @EXPORT = qw(encode_json decode_json);
112
113sub to_json($) {
114 require Carp;
115 Carp::croak ("JSON::XS::to_json has been renamed to encode_json, either downgrade to pre-2.0 versions of JSON::XS or rename the call");
116}
117
118sub from_json($) {
119 require Carp;
120 Carp::croak ("JSON::XS::from_json has been renamed to decode_json, either downgrade to pre-2.0 versions of JSON::XS or rename the call");
121}
122 110
123use Exporter; 111use Exporter;
124use XSLoader; 112use XSLoader;
125 113
114use Types::Serialiser ();
115
126=head1 FUNCTIONAL INTERFACE 116=head1 FUNCTIONAL INTERFACE
127 117
128The following convenience methods are provided by this module. They are 118The following convenience methods are provided by this module. They are
129exported by default: 119exported by default:
130 120
137 127
138This function call is functionally identical to: 128This function call is functionally identical to:
139 129
140 $json_text = JSON::XS->new->utf8->encode ($perl_scalar) 130 $json_text = JSON::XS->new->utf8->encode ($perl_scalar)
141 131
142except being faster. 132Except being faster.
143 133
144=item $perl_scalar = decode_json $json_text 134=item $perl_scalar = decode_json $json_text
145 135
146The opposite of C<encode_json>: expects an UTF-8 (binary) string and tries 136The opposite of C<encode_json>: expects an UTF-8 (binary) string and tries
147to parse that as an UTF-8 encoded JSON text, returning the resulting 137to parse that as an UTF-8 encoded JSON text, returning the resulting
149 139
150This function call is functionally identical to: 140This function call is functionally identical to:
151 141
152 $perl_scalar = JSON::XS->new->utf8->decode ($json_text) 142 $perl_scalar = JSON::XS->new->utf8->decode ($json_text)
153 143
154except being faster. 144Except being faster.
155
156=item $is_boolean = JSON::XS::is_bool $scalar
157
158Returns true if the passed scalar represents either JSON::XS::true or
159JSON::XS::false, two constants that act like C<1> and C<0>, respectively
160and are used to represent JSON C<true> and C<false> values in Perl.
161
162See MAPPING, below, for more information on how JSON values are mapped to
163Perl.
164 145
165=back 146=back
166 147
167 148
168=head1 A FEW NOTES ON UNICODE AND PERL 149=head1 A FEW NOTES ON UNICODE AND PERL
197 178
198If you didn't know about that flag, just the better, pretend it doesn't 179If you didn't know about that flag, just the better, pretend it doesn't
199exist. 180exist.
200 181
201=item 4. A "Unicode String" is simply a string where each character can be 182=item 4. A "Unicode String" is simply a string where each character can be
202validly interpreted as a Unicode codepoint. 183validly interpreted as a Unicode code point.
203 184
204If you have UTF-8 encoded data, it is no longer a Unicode string, but a 185If you have UTF-8 encoded data, it is no longer a Unicode string, but a
205Unicode string encoded in UTF-8, giving you a binary string. 186Unicode string encoded in UTF-8, giving you a binary string.
206 187
207=item 5. A string containing "high" (> 255) character values is I<not> a UTF-8 string. 188=item 5. A string containing "high" (> 255) character values is I<not> a UTF-8 string.
423 [ 404 [
424 1, # this comment not allowed in JSON 405 1, # this comment not allowed in JSON
425 # neither this one... 406 # neither this one...
426 ] 407 ]
427 408
409=item * literal ASCII TAB characters in strings
410
411Literal ASCII TAB characters are now allowed in strings (and treated as
412C<\t>).
413
414 [
415 "Hello\tWorld",
416 "Hello<TAB>World", # literal <TAB> would not normally be allowed
417 ]
418
428=back 419=back
429 420
430=item $json = $json->canonical ([$enable]) 421=item $json = $json->canonical ([$enable])
431 422
432=item $enabled = $json->get_canonical 423=item $enabled = $json->get_canonical
434If C<$enable> is true (or missing), then the C<encode> method will output JSON objects 425If C<$enable> is true (or missing), then the C<encode> method will output JSON objects
435by sorting their keys. This is adding a comparatively high overhead. 426by sorting their keys. This is adding a comparatively high overhead.
436 427
437If C<$enable> is false, then the C<encode> method will output key-value 428If C<$enable> is false, then the C<encode> method will output key-value
438pairs in the order Perl stores them (which will likely change between runs 429pairs in the order Perl stores them (which will likely change between runs
439of the same script). 430of the same script, and can change even within the same run from 5.18
431onwards).
440 432
441This option is useful if you want the same data structure to be encoded as 433This option is useful if you want the same data structure to be encoded as
442the same JSON text (given the same overall settings). If it is disabled, 434the same JSON text (given the same overall settings). If it is disabled,
443the same hash might be encoded differently even if contains the same data, 435the same hash might be encoded differently even if contains the same data,
444as key-value pairs have no inherent ordering in Perl. 436as key-value pairs have no inherent ordering in Perl.
445 437
446This setting has no effect when decoding JSON texts. 438This setting has no effect when decoding JSON texts.
439
440This setting has currently no effect on tied hashes.
447 441
448=item $json = $json->allow_nonref ([$enable]) 442=item $json = $json->allow_nonref ([$enable])
449 443
450=item $enabled = $json->get_allow_nonref 444=item $enabled = $json->get_allow_nonref
451 445
483 477
484=item $json = $json->allow_blessed ([$enable]) 478=item $json = $json->allow_blessed ([$enable])
485 479
486=item $enabled = $json->get_allow_blessed 480=item $enabled = $json->get_allow_blessed
487 481
482See L<OBJECT SERIALISATION> for details.
483
488If C<$enable> is true (or missing), then the C<encode> method will not 484If C<$enable> is true (or missing), then the C<encode> method will not
489barf when it encounters a blessed reference. Instead, the value of the 485barf when it encounters a blessed reference that it cannot convert
490B<convert_blessed> option will decide whether C<null> (C<convert_blessed> 486otherwise. Instead, a JSON C<null> value is encoded instead of the object.
491disabled or no C<TO_JSON> method found) or a representation of the
492object (C<convert_blessed> enabled and C<TO_JSON> method found) is being
493encoded. Has no effect on C<decode>.
494 487
495If C<$enable> is false (the default), then C<encode> will throw an 488If C<$enable> is false (the default), then C<encode> will throw an
496exception when it encounters a blessed object. 489exception when it encounters a blessed object that it cannot convert
490otherwise.
491
492This setting has no effect on C<decode>.
497 493
498=item $json = $json->convert_blessed ([$enable]) 494=item $json = $json->convert_blessed ([$enable])
499 495
500=item $enabled = $json->get_convert_blessed 496=item $enabled = $json->get_convert_blessed
497
498See L<OBJECT SERIALISATION> for details.
501 499
502If C<$enable> is true (or missing), then C<encode>, upon encountering a 500If C<$enable> is true (or missing), then C<encode>, upon encountering a
503blessed object, will check for the availability of the C<TO_JSON> method 501blessed object, will check for the availability of the C<TO_JSON> method
504on the object's class. If found, it will be called in scalar context 502on the object's class. If found, it will be called in scalar context and
505and the resulting scalar will be encoded instead of the object. If no 503the resulting scalar will be encoded instead of the object.
506C<TO_JSON> method is found, the value of C<allow_blessed> will decide what
507to do.
508 504
509The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON> 505The C<TO_JSON> method may safely call die if it wants. If C<TO_JSON>
510returns other blessed objects, those will be handled in the same 506returns other blessed objects, those will be handled in the same
511way. C<TO_JSON> must take care of not causing an endless recursion cycle 507way. C<TO_JSON> must take care of not causing an endless recursion cycle
512(== crash) in this case. The name of C<TO_JSON> was chosen because other 508(== crash) in this case. The name of C<TO_JSON> was chosen because other
513methods called by the Perl core (== not by the user of the object) are 509methods called by the Perl core (== not by the user of the object) are
514usually in upper case letters and to avoid collisions with any C<to_json> 510usually in upper case letters and to avoid collisions with any C<to_json>
515function or method. 511function or method.
516 512
517This setting does not yet influence C<decode> in any way, but in the 513If C<$enable> is false (the default), then C<encode> will not consider
518future, global hooks might get installed that influence C<decode> and are 514this type of conversion.
519enabled by this setting.
520 515
521If C<$enable> is false, then the C<allow_blessed> setting will decide what 516This setting has no effect on C<decode>.
522to do when a blessed object is found. 517
518=item $json = $json->allow_tags ([$enable])
519
520=item $enabled = $json->allow_tags
521
522See L<OBJECT SERIALISATION> for details.
523
524If C<$enable> is true (or missing), then C<encode>, upon encountering a
525blessed object, will check for the availability of the C<FREEZE> method on
526the object's class. If found, it will be used to serialise the object into
527a nonstandard tagged JSON value (that JSON decoders cannot decode).
528
529It also causes C<decode> to parse such tagged JSON values and deserialise
530them via a call to the C<THAW> method.
531
532If C<$enable> is false (the default), then C<encode> will not consider
533this type of conversion, and tagged JSON values will cause a parse error
534in C<decode>, as if tags were not part of the grammar.
523 535
524=item $json = $json->filter_json_object ([$coderef->($hashref)]) 536=item $json = $json->filter_json_object ([$coderef->($hashref)])
525 537
526When C<$coderef> is specified, it will be called from C<decode> each 538When C<$coderef> is specified, it will be called from C<decode> each
527time it decodes a JSON object. The only argument is a reference to the 539time it decodes a JSON object. The only argument is a reference to the
628=item $json = $json->max_depth ([$maximum_nesting_depth]) 640=item $json = $json->max_depth ([$maximum_nesting_depth])
629 641
630=item $max_depth = $json->get_max_depth 642=item $max_depth = $json->get_max_depth
631 643
632Sets the maximum nesting level (default C<512>) accepted while encoding 644Sets the maximum nesting level (default C<512>) accepted while encoding
633or decoding. If the JSON text or Perl data structure has an equal or 645or decoding. If a higher nesting level is detected in JSON text or a Perl
634higher nesting level then this limit, then the encoder and decoder will 646data structure, then the encoder and decoder will stop and croak at that
635stop and croak at that point. 647point.
636 648
637Nesting level is defined by number of hash- or arrayrefs that the encoder 649Nesting level is defined by number of hash- or arrayrefs that the encoder
638needs to traverse to reach a given point or the number of C<{> or C<[> 650needs to traverse to reach a given point or the number of C<{> or C<[>
639characters without their matching closing parenthesis crossed to reach a 651characters without their matching closing parenthesis crossed to reach a
640given character in a string. 652given character in a string.
641 653
642Setting the maximum depth to one disallows any nesting, so that ensures 654Setting the maximum depth to one disallows any nesting, so that ensures
643that the object is only a single hash/object or array. 655that the object is only a single hash/object or array.
644 656
645The argument to C<max_depth> will be rounded up to the next highest power
646of two. If no argument is given, the highest possible setting will be 657If no argument is given, the highest possible setting will be used, which
647used, which is rarely useful. 658is rarely useful.
659
660Note that nesting is implemented by recursion in C. The default value has
661been chosen to be as large as typical operating systems allow without
662crashing.
648 663
649See SECURITY CONSIDERATIONS, below, for more info on why this is useful. 664See SECURITY CONSIDERATIONS, below, for more info on why this is useful.
650 665
651=item $json = $json->max_size ([$maximum_string_size]) 666=item $json = $json->max_size ([$maximum_string_size])
652 667
653=item $max_size = $json->get_max_size 668=item $max_size = $json->get_max_size
654 669
655Set the maximum length a JSON text may have (in bytes) where decoding is 670Set the maximum length a JSON text may have (in bytes) where decoding is
656being attempted. The default is C<0>, meaning no limit. When C<decode> 671being attempted. The default is C<0>, meaning no limit. When C<decode>
657is called on a string longer then this number of characters it will not 672is called on a string that is longer then this many bytes, it will not
658attempt to decode the string but throw an exception. This setting has no 673attempt to decode the string but throw an exception. This setting has no
659effect on C<encode> (yet). 674effect on C<encode> (yet).
660 675
661The argument to C<max_size> will be rounded up to the next B<highest> 676If no argument is given, the limit check will be deactivated (same as when
662power of two (so may be more than requested). If no argument is given, the 677C<0> is specified).
663limit check will be deactivated (same as when C<0> is specified).
664 678
665See SECURITY CONSIDERATIONS, below, for more info on why this is useful. 679See SECURITY CONSIDERATIONS, below, for more info on why this is useful.
666 680
667=item $json_text = $json->encode ($perl_scalar) 681=item $json_text = $json->encode ($perl_scalar)
668 682
669Converts the given Perl data structure (a simple scalar or a reference 683Converts the given Perl value or data structure to its JSON
670to a hash or array) to its JSON representation. Simple scalars will be 684representation. Croaks on error.
671converted into JSON string or number sequences, while references to arrays
672become JSON arrays and references to hashes become JSON objects. Undefined
673Perl values (e.g. C<undef>) become JSON C<null> values. Neither C<true>
674nor C<false> values will be generated.
675 685
676=item $perl_scalar = $json->decode ($json_text) 686=item $perl_scalar = $json->decode ($json_text)
677 687
678The opposite of C<encode>: expects a JSON text and tries to parse it, 688The opposite of C<encode>: expects a JSON text and tries to parse it,
679returning the resulting simple scalar or reference. Croaks on error. 689returning the resulting simple scalar or reference. Croaks on error.
680
681JSON numbers and strings become simple Perl scalars. JSON arrays become
682Perl arrayrefs and JSON objects become Perl hashrefs. C<true> becomes
683C<1>, C<false> becomes C<0> and C<null> becomes C<undef>.
684 690
685=item ($perl_scalar, $characters) = $json->decode_prefix ($json_text) 691=item ($perl_scalar, $characters) = $json->decode_prefix ($json_text)
686 692
687This works like the C<decode> method, but instead of raising an exception 693This works like the C<decode> method, but instead of raising an exception
688when there is trailing garbage after the first JSON object, it will 694when there is trailing garbage after the first JSON object, it will
689silently stop parsing there and return the number of characters consumed 695silently stop parsing there and return the number of characters consumed
690so far. 696so far.
691 697
692This is useful if your JSON texts are not delimited by an outer protocol 698This is useful if your JSON texts are not delimited by an outer protocol
693(which is not the brightest thing to do in the first place) and you need
694to know where the JSON text ends. 699and you need to know where the JSON text ends.
695 700
696 JSON::XS->new->decode_prefix ("[1] the tail") 701 JSON::XS->new->decode_prefix ("[1] the tail")
697 => ([], 3) 702 => ([1], 3)
698 703
699=back 704=back
700 705
701 706
702=head1 INCREMENTAL PARSING 707=head1 INCREMENTAL PARSING
703
704[This section and the API it details is still EXPERIMENTAL]
705 708
706In some cases, there is the need for incremental parsing of JSON 709In some cases, there is the need for incremental parsing of JSON
707texts. While this module always has to keep both JSON text and resulting 710texts. While this module always has to keep both JSON text and resulting
708Perl data structure in memory at one time, it does allow you to parse a 711Perl data structure in memory at one time, it does allow you to parse a
709JSON stream incrementally. It does so by accumulating text until it has 712JSON stream incrementally. It does so by accumulating text until it has
710a full JSON object, which it then can decode. This process is similar to 713a full JSON object, which it then can decode. This process is similar to
711using C<decode_prefix> to see if a full JSON object is available, but is 714using C<decode_prefix> to see if a full JSON object is available, but
712much more efficient (JSON::XS will only attempt to parse the JSON text 715is much more efficient (and can be implemented with a minimum of method
716calls).
717
718JSON::XS will only attempt to parse the JSON text once it is sure it
713once it is sure it has enough text to get a decisive result, using a very 719has enough text to get a decisive result, using a very simple but
714simple but truly incremental parser). 720truly incremental parser. This means that it sometimes won't stop as
721early as the full parser, for example, it doesn't detect mismatched
722parentheses. The only thing it guarantees is that it starts decoding as
723soon as a syntactically valid JSON text has been seen. This means you need
724to set resource limits (e.g. C<max_size>) to ensure the parser will stop
725parsing in the presence if syntax errors.
715 726
716The following two methods deal with this. 727The following methods implement this incremental parser.
717 728
718=over 4 729=over 4
719 730
720=item [void, scalar or list context] = $json->incr_parse ([$string]) 731=item [void, scalar or list context] = $json->incr_parse ([$string])
721 732
732 743
733If the method is called in scalar context, then it will try to extract 744If the method is called in scalar context, then it will try to extract
734exactly I<one> JSON object. If that is successful, it will return this 745exactly I<one> JSON object. If that is successful, it will return this
735object, otherwise it will return C<undef>. If there is a parse error, 746object, otherwise it will return C<undef>. If there is a parse error,
736this method will croak just as C<decode> would do (one can then use 747this method will croak just as C<decode> would do (one can then use
737C<incr_skip> to skip the errornous part). This is the most common way of 748C<incr_skip> to skip the erroneous part). This is the most common way of
738using the method. 749using the method.
739 750
740And finally, in list context, it will try to extract as many objects 751And finally, in list context, it will try to extract as many objects
741from the stream as it can find and return them, or the empty list 752from the stream as it can find and return them, or the empty list
742otherwise. For this to work, there must be no separators between the JSON 753otherwise. For this to work, there must be no separators between the JSON
743objects or arrays, instead they must be concatenated back-to-back. If 754objects or arrays, instead they must be concatenated back-to-back. If
744an error occurs, an exception will be raised as in the scalar context 755an error occurs, an exception will be raised as in the scalar context
745case. Note that in this case, any previously-parsed JSON texts will be 756case. Note that in this case, any previously-parsed JSON texts will be
746lost. 757lost.
747 758
759Example: Parse some JSON arrays/objects in a given string and return
760them.
761
762 my @objs = JSON::XS->new->incr_parse ("[5][7][1,2]");
763
748=item $lvalue_string = $json->incr_text 764=item $lvalue_string = $json->incr_text
749 765
750This method returns the currently stored JSON fragment as an lvalue, that 766This method returns the currently stored JSON fragment as an lvalue, that
751is, you can manipulate it. This I<only> works when a preceding call to 767is, you can manipulate it. This I<only> works when a preceding call to
752C<incr_parse> in I<scalar context> successfully returned an object. Under 768C<incr_parse> in I<scalar context> successfully returned an object. Under
759JSON object or b) parsing multiple JSON objects separated by non-JSON text 775JSON object or b) parsing multiple JSON objects separated by non-JSON text
760(such as commas). 776(such as commas).
761 777
762=item $json->incr_skip 778=item $json->incr_skip
763 779
764This will reset the state of the incremental parser and will remove the 780This will reset the state of the incremental parser and will remove
765parsed text from the input buffer. This is useful after C<incr_parse> 781the parsed text from the input buffer so far. This is useful after
766died, in which case the input buffer and incremental parser state is left 782C<incr_parse> died, in which case the input buffer and incremental parser
767unchanged, to skip the text parsed so far and to reset the parse state. 783state is left unchanged, to skip the text parsed so far and to reset the
784parse state.
785
786The difference to C<incr_reset> is that only text until the parse error
787occurred is removed.
788
789=item $json->incr_reset
790
791This completely resets the incremental parser, that is, after this call,
792it will be as if the parser had never parsed anything.
793
794This is useful if you want to repeatedly parse JSON objects and want to
795ignore any trailing data, which means you have to reset the parser after
796each successful decode.
768 797
769=back 798=back
770 799
771=head2 LIMITATIONS 800=head2 LIMITATIONS
772 801
773All options that affect decoding are supported, except 802All options that affect decoding are supported, except
774C<allow_nonref>. The reason for this is that it cannot be made to 803C<allow_nonref>. The reason for this is that it cannot be made to work
775work sensibly: JSON objects and arrays are self-delimited, i.e. you can concatenate 804sensibly: JSON objects and arrays are self-delimited, i.e. you can
776them back to back and still decode them perfectly. This does not hold true 805concatenate them back to back and still decode them perfectly. This does
777for JSON numbers, however. 806not hold true for JSON numbers, however.
778 807
779For example, is the string C<1> a single JSON number, or is it simply the 808For example, is the string C<1> a single JSON number, or is it simply the
780start of C<12>? Or is C<12> a single JSON number, or the concatenation 809start of C<12>? Or is C<12> a single JSON number, or the concatenation
781of C<1> and C<2>? In neither case you can tell, and this is why JSON::XS 810of C<1> and C<2>? In neither case you can tell, and this is why JSON::XS
782takes the conservative route and disallows this case. 811takes the conservative route and disallows this case.
961If the number consists of digits only, JSON::XS will try to represent 990If the number consists of digits only, JSON::XS will try to represent
962it as an integer value. If that fails, it will try to represent it as 991it as an integer value. If that fails, it will try to represent it as
963a numeric (floating point) value if that is possible without loss of 992a numeric (floating point) value if that is possible without loss of
964precision. Otherwise it will preserve the number as a string value (in 993precision. Otherwise it will preserve the number as a string value (in
965which case you lose roundtripping ability, as the JSON number will be 994which case you lose roundtripping ability, as the JSON number will be
966re-encoded toa JSON string). 995re-encoded to a JSON string).
967 996
968Numbers containing a fractional or exponential part will always be 997Numbers containing a fractional or exponential part will always be
969represented as numeric (floating point) values, possibly at a loss of 998represented as numeric (floating point) values, possibly at a loss of
970precision (in which case you might lose perfect roundtripping ability, but 999precision (in which case you might lose perfect roundtripping ability, but
971the JSON number will still be re-encoded as a JSON number). 1000the JSON number will still be re-encoded as a JSON number).
972 1001
1002Note that precision is not accuracy - binary floating point values cannot
1003represent most decimal fractions exactly, and when converting from and to
1004floating point, JSON::XS only guarantees precision up to but not including
1005the least significant bit.
1006
973=item true, false 1007=item true, false
974 1008
975These JSON atoms become C<JSON::XS::true> and C<JSON::XS::false>, 1009These JSON atoms become C<Types::Serialiser::true> and
976respectively. They are overloaded to act almost exactly like the numbers 1010C<Types::Serialiser::false>, respectively. They are overloaded to act
977C<1> and C<0>. You can check whether a scalar is a JSON boolean by using 1011almost exactly like the numbers C<1> and C<0>. You can check whether
978the C<JSON::XS::is_bool> function. 1012a scalar is a JSON boolean by using the C<Types::Serialiser::is_bool>
1013function (after C<use Types::Serialier>, of course).
979 1014
980=item null 1015=item null
981 1016
982A JSON null atom becomes C<undef> in Perl. 1017A JSON null atom becomes C<undef> in Perl.
1018
1019=item shell-style comments (C<< # I<text> >>)
1020
1021As a nonstandard extension to the JSON syntax that is enabled by the
1022C<relaxed> setting, shell-style comments are allowed. They can start
1023anywhere outside strings and go till the end of the line.
1024
1025=item tagged values (C<< (I<tag>)I<value> >>).
1026
1027Another nonstandard extension to the JSON syntax, enabled with the
1028C<allow_tags> setting, are tagged values. In this implementation, the
1029I<tag> must be a perl package/class name encoded as a JSON string, and the
1030I<value> must be a JSON array encoding optional constructor arguments.
1031
1032See L<OBJECT SERIALISATION>, below, for details.
983 1033
984=back 1034=back
985 1035
986 1036
987=head2 PERL -> JSON 1037=head2 PERL -> JSON
992 1042
993=over 4 1043=over 4
994 1044
995=item hash references 1045=item hash references
996 1046
997Perl hash references become JSON objects. As there is no inherent ordering 1047Perl hash references become JSON objects. As there is no inherent
998in hash keys (or JSON objects), they will usually be encoded in a 1048ordering in hash keys (or JSON objects), they will usually be encoded
999pseudo-random order that can change between runs of the same program but 1049in a pseudo-random order. JSON::XS can optionally sort the hash keys
1000stays generally the same within a single run of a program. JSON::XS can 1050(determined by the I<canonical> flag), so the same datastructure will
1001optionally sort the hash keys (determined by the I<canonical> flag), so 1051serialise to the same JSON text (given same settings and version of
1002the same datastructure will serialise to the same JSON text (given same 1052JSON::XS), but this incurs a runtime overhead and is only rarely useful,
1003settings and version of JSON::XS), but this incurs a runtime overhead 1053e.g. when you want to compare some JSON text against another for equality.
1004and is only rarely useful, e.g. when you want to compare some JSON text
1005against another for equality.
1006 1054
1007=item array references 1055=item array references
1008 1056
1009Perl array references become JSON arrays. 1057Perl array references become JSON arrays.
1010 1058
1011=item other references 1059=item other references
1012 1060
1013Other unblessed references are generally not allowed and will cause an 1061Other unblessed references are generally not allowed and will cause an
1014exception to be thrown, except for references to the integers C<0> and 1062exception to be thrown, except for references to the integers C<0> and
1015C<1>, which get turned into C<false> and C<true> atoms in JSON. You can 1063C<1>, which get turned into C<false> and C<true> atoms in JSON.
1016also use C<JSON::XS::false> and C<JSON::XS::true> to improve readability.
1017 1064
1065Since C<JSON::XS> uses the boolean model from L<Types::Serialiser>, you
1066can also C<use Types::Serialiser> and then use C<Types::Serialiser::false>
1067and C<Types::Serialiser::true> to improve readability.
1068
1069 use Types::Serialiser;
1018 encode_json [\0,JSON::XS::true] # yields [false,true] 1070 encode_json [\0, Types::Serialiser::true] # yields [false,true]
1019 1071
1020=item JSON::XS::true, JSON::XS::false 1072=item Types::Serialiser::true, Types::Serialiser::false
1021 1073
1022These special values become JSON true and JSON false values, 1074These special values from the L<Types::Serialiser> module become JSON true
1023respectively. You can also use C<\1> and C<\0> directly if you want. 1075and JSON false values, respectively. You can also use C<\1> and C<\0>
1076directly if you want.
1024 1077
1025=item blessed objects 1078=item blessed objects
1026 1079
1027Blessed objects are not directly representable in JSON. See the 1080Blessed objects are not directly representable in JSON, but C<JSON::XS>
1028C<allow_blessed> and C<convert_blessed> methods on various options on 1081allows various ways of handling objects. See L<OBJECT SERIALISATION>,
1029how to deal with this: basically, you can choose between throwing an 1082below, for details.
1030exception, encoding the reference as if it weren't blessed, or provide
1031your own serialiser method.
1032 1083
1033=item simple scalars 1084=item simple scalars
1034 1085
1035Simple Perl scalars (any scalar that is not a reference) are the most 1086Simple Perl scalars (any scalar that is not a reference) are the most
1036difficult objects to encode: JSON::XS will encode undefined scalars as 1087difficult objects to encode: JSON::XS will encode undefined scalars as
1064 1115
1065You can not currently force the type in other, less obscure, ways. Tell me 1116You can not currently force the type in other, less obscure, ways. Tell me
1066if you need this capability (but don't forget to explain why it's needed 1117if you need this capability (but don't forget to explain why it's needed
1067:). 1118:).
1068 1119
1120Note that numerical precision has the same meaning as under Perl (so
1121binary to decimal conversion follows the same rules as in Perl, which
1122can differ to other languages). Also, your perl interpreter might expose
1123extensions to the floating point numbers of your platform, such as
1124infinities or NaN's - these cannot be represented in JSON, and it is an
1125error to pass those in.
1126
1069=back 1127=back
1128
1129=head2 OBJECT SERIALISATION
1130
1131As JSON cannot directly represent Perl objects, you have to choose between
1132a pure JSON representation (without the ability to deserialise the object
1133automatically again), and a nonstandard extension to the JSON syntax,
1134tagged values.
1135
1136=head3 SERIALISATION
1137
1138What happens when C<JSON::XS> encounters a Perl object depends on the
1139C<allow_blessed>, C<convert_blessed> and C<allow_tags> settings, which are
1140used in this order:
1141
1142=over 4
1143
1144=item 1. C<allow_tags> is enabled and the object has a C<FREEZE> method.
1145
1146In this case, C<JSON::XS> uses the L<Types::Serialiser> object
1147serialisation protocol to create a tagged JSON value, using a nonstandard
1148extension to the JSON syntax.
1149
1150This works by invoking the C<FREEZE> method on the object, with the first
1151argument being the object to serialise, and the second argument being the
1152constant string C<JSON> to distinguish it from other serialisers.
1153
1154The C<FREEZE> method can return any number of values (i.e. zero or
1155more). These values and the paclkage/classname of the object will then be
1156encoded as a tagged JSON value in the following format:
1157
1158 ("classname")[FREEZE return values...]
1159
1160e.g.:
1161
1162 ("URI")["http://www.google.com/"]
1163 ("MyDate")[2013,10,29]
1164 ("ImageData::JPEG")["Z3...VlCg=="]
1165
1166For example, the hypothetical C<My::Object> C<FREEZE> method might use the
1167objects C<type> and C<id> members to encode the object:
1168
1169 sub My::Object::FREEZE {
1170 my ($self, $serialiser) = @_;
1171
1172 ($self->{type}, $self->{id})
1173 }
1174
1175=item 2. C<convert_blessed> is enabled and the object has a C<TO_JSON> method.
1176
1177In this case, the C<TO_JSON> method of the object is invoked in scalar
1178context. It must return a single scalar that can be directly encoded into
1179JSON. This scalar replaces the object in the JSON text.
1180
1181For example, the following C<TO_JSON> method will convert all L<URI>
1182objects to JSON strings when serialised. The fatc that these values
1183originally were L<URI> objects is lost.
1184
1185 sub URI::TO_JSON {
1186 my ($uri) = @_;
1187 $uri->as_string
1188 }
1189
1190=item 3. C<allow_blessed> is enabled.
1191
1192The object will be serialised as a JSON null value.
1193
1194=item 4. none of the above
1195
1196If none of the settings are enabled or the respective methods are missing,
1197C<JSON::XS> throws an exception.
1198
1199=back
1200
1201=head3 DESERIALISATION
1202
1203For deserialisation there are only two cases to consider: either
1204nonstandard tagging was used, in which case C<allow_tags> decides,
1205or objects cannot be automatically be deserialised, in which
1206case you can use postprocessing or the C<filter_json_object> or
1207C<filter_json_single_key_object> callbacks to get some real objects our of
1208your JSON.
1209
1210This section only considers the tagged value case: I a tagged JSON object
1211is encountered during decoding and C<allow_tags> is disabled, a parse
1212error will result (as if tagged values were not part of the grammar).
1213
1214If C<allow_tags> is enabled, C<JSON::XS> will look up the C<THAW> method
1215of the package/classname used during serialisation (it will not attempt
1216to load the package as a Perl module). If there is no such method, the
1217decoding will fail with an error.
1218
1219Otherwise, the C<THAW> method is invoked with the classname as first
1220argument, the constant string C<JSON> as second argument, and all the
1221values from the JSON array (the values originally returned by the
1222C<FREEZE> method) as remaining arguments.
1223
1224The method must then return the object. While technically you can return
1225any Perl scalar, you might have to enable the C<enable_nonref> setting to
1226make that work in all cases, so better return an actual blessed reference.
1227
1228As an example, let's implement a C<THAW> function that regenerates the
1229C<My::Object> from the C<FREEZE> example earlier:
1230
1231 sub My::Object::THAW {
1232 my ($class, $serialiser, $type, $id) = @_;
1233
1234 $class->new (type => $type, id => $id)
1235 }
1070 1236
1071 1237
1072=head1 ENCODING/CODESET FLAG NOTES 1238=head1 ENCODING/CODESET FLAG NOTES
1073 1239
1074The interested reader might have seen a number of flags that signify 1240The interested reader might have seen a number of flags that signify
1099=item C<utf8> flag disabled 1265=item C<utf8> flag disabled
1100 1266
1101When C<utf8> is disabled (the default), then C<encode>/C<decode> generate 1267When C<utf8> is disabled (the default), then C<encode>/C<decode> generate
1102and expect Unicode strings, that is, characters with high ordinal Unicode 1268and expect Unicode strings, that is, characters with high ordinal Unicode
1103values (> 255) will be encoded as such characters, and likewise such 1269values (> 255) will be encoded as such characters, and likewise such
1104characters are decoded as-is, no canges to them will be done, except 1270characters are decoded as-is, no changes to them will be done, except
1105"(re-)interpreting" them as Unicode codepoints or Unicode characters, 1271"(re-)interpreting" them as Unicode codepoints or Unicode characters,
1106respectively (to Perl, these are the same thing in strings unless you do 1272respectively (to Perl, these are the same thing in strings unless you do
1107funny/weird/dumb stuff). 1273funny/weird/dumb stuff).
1108 1274
1109This is useful when you want to do the encoding yourself (e.g. when you 1275This is useful when you want to do the encoding yourself (e.g. when you
1165proper subset of most 8-bit and multibyte encodings in use in the world. 1331proper subset of most 8-bit and multibyte encodings in use in the world.
1166 1332
1167=back 1333=back
1168 1334
1169 1335
1336=head2 JSON and ECMAscript
1337
1338JSON syntax is based on how literals are represented in javascript (the
1339not-standardised predecessor of ECMAscript) which is presumably why it is
1340called "JavaScript Object Notation".
1341
1342However, JSON is not a subset (and also not a superset of course) of
1343ECMAscript (the standard) or javascript (whatever browsers actually
1344implement).
1345
1346If you want to use javascript's C<eval> function to "parse" JSON, you
1347might run into parse errors for valid JSON texts, or the resulting data
1348structure might not be queryable:
1349
1350One of the problems is that U+2028 and U+2029 are valid characters inside
1351JSON strings, but are not allowed in ECMAscript string literals, so the
1352following Perl fragment will not output something that can be guaranteed
1353to be parsable by javascript's C<eval>:
1354
1355 use JSON::XS;
1356
1357 print encode_json [chr 0x2028];
1358
1359The right fix for this is to use a proper JSON parser in your javascript
1360programs, and not rely on C<eval> (see for example Douglas Crockford's
1361F<json2.js> parser).
1362
1363If this is not an option, you can, as a stop-gap measure, simply encode to
1364ASCII-only JSON:
1365
1366 use JSON::XS;
1367
1368 print JSON::XS->new->ascii->encode ([chr 0x2028]);
1369
1370Note that this will enlarge the resulting JSON text quite a bit if you
1371have many non-ASCII characters. You might be tempted to run some regexes
1372to only escape U+2028 and U+2029, e.g.:
1373
1374 # DO NOT USE THIS!
1375 my $json = JSON::XS->new->utf8->encode ([chr 0x2028]);
1376 $json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028
1377 $json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029
1378 print $json;
1379
1380Note that I<this is a bad idea>: the above only works for U+2028 and
1381U+2029 and thus only for fully ECMAscript-compliant parsers. Many existing
1382javascript implementations, however, have issues with other characters as
1383well - using C<eval> naively simply I<will> cause problems.
1384
1385Another problem is that some javascript implementations reserve
1386some property names for their own purposes (which probably makes
1387them non-ECMAscript-compliant). For example, Iceweasel reserves the
1388C<__proto__> property name for its own purposes.
1389
1390If that is a problem, you could parse try to filter the resulting JSON
1391output for these property strings, e.g.:
1392
1393 $json =~ s/"__proto__"\s*:/"__proto__renamed":/g;
1394
1395This works because C<__proto__> is not valid outside of strings, so every
1396occurrence of C<"__proto__"\s*:> must be a string used as property name.
1397
1398If you know of other incompatibilities, please let me know.
1399
1400
1170=head2 JSON and YAML 1401=head2 JSON and YAML
1171 1402
1172You often hear that JSON is a subset of YAML. This is, however, a mass 1403You often hear that JSON is a subset of YAML. This is, however, a mass
1173hysteria(*) and very far from the truth (as of the time of this writing), 1404hysteria(*) and very far from the truth (as of the time of this writing),
1174so let me state it clearly: I<in general, there is no way to configure 1405so let me state it clearly: I<in general, there is no way to configure
1182 my $yaml = $to_yaml->encode ($ref) . "\n"; 1413 my $yaml = $to_yaml->encode ($ref) . "\n";
1183 1414
1184This will I<usually> generate JSON texts that also parse as valid 1415This will I<usually> generate JSON texts that also parse as valid
1185YAML. Please note that YAML has hardcoded limits on (simple) object key 1416YAML. Please note that YAML has hardcoded limits on (simple) object key
1186lengths that JSON doesn't have and also has different and incompatible 1417lengths that JSON doesn't have and also has different and incompatible
1187unicode handling, so you should make sure that your hash keys are 1418unicode character escape syntax, so you should make sure that your hash
1188noticeably shorter than the 1024 "stream characters" YAML allows and that 1419keys are noticeably shorter than the 1024 "stream characters" YAML allows
1189you do not have characters with codepoint values outside the Unicode BMP 1420and that you do not have characters with codepoint values outside the
1190(basic multilingual page). YAML also does not allow C<\/> sequences in 1421Unicode BMP (basic multilingual page). YAML also does not allow C<\/>
1191strings (which JSON::XS does not I<currently> generate, but other JSON 1422sequences in strings (which JSON::XS does not I<currently> generate, but
1192generators might). 1423other JSON generators might).
1193 1424
1194There might be other incompatibilities that I am not aware of (or the YAML 1425There might be other incompatibilities that I am not aware of (or the YAML
1195specification has been changed yet again - it does so quite often). In 1426specification has been changed yet again - it does so quite often). In
1196general you should not try to generate YAML with a JSON generator or vice 1427general you should not try to generate YAML with a JSON generator or vice
1197versa, or try to parse JSON with a YAML parser or vice versa: chances are 1428versa, or try to parse JSON with a YAML parser or vice versa: chances are
1216that difficult or long) and finally make YAML compatible to it, and 1447that difficult or long) and finally make YAML compatible to it, and
1217educating users about the changes, instead of spreading lies about the 1448educating users about the changes, instead of spreading lies about the
1218real compatibility for many I<years> and trying to silence people who 1449real compatibility for many I<years> and trying to silence people who
1219point out that it isn't true. 1450point out that it isn't true.
1220 1451
1452Addendum/2009: the YAML 1.2 spec is still incompatible with JSON, even
1453though the incompatibilities have been documented (and are known to Brian)
1454for many years and the spec makes explicit claims that YAML is a superset
1455of JSON. It would be so easy to fix, but apparently, bullying people and
1456corrupting userdata is so much easier.
1457
1221=back 1458=back
1222 1459
1223 1460
1224=head2 SPEED 1461=head2 SPEED
1225 1462
1230 1467
1231First comes a comparison between various modules using 1468First comes a comparison between various modules using
1232a very short single-line JSON string (also available at 1469a very short single-line JSON string (also available at
1233L<http://dist.schmorp.de/misc/json/short.json>). 1470L<http://dist.schmorp.de/misc/json/short.json>).
1234 1471
1235 {"method": "handleMessage", "params": ["user1", "we were just talking"], \ 1472 {"method": "handleMessage", "params": ["user1",
1236 "id": null, "array":[1,11,234,-5,1e5,1e7, true, false]} 1473 "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7,
1474 1, 0]}
1237 1475
1238It shows the number of encodes/decodes per second (JSON::XS uses 1476It shows the number of encodes/decodes per second (JSON::XS uses
1239the functional interface, while JSON::XS/2 uses the OO interface 1477the functional interface, while JSON::XS/2 uses the OO interface
1240with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables 1478with pretty-printing and hashkey sorting enabled, JSON::XS/3 enables
1241shrink). Higher is better: 1479shrink. JSON::DWIW/DS uses the deserialise function, while JSON::DWIW::FJ
1480uses the from_json method). Higher is better:
1242 1481
1243 module | encode | decode | 1482 module | encode | decode |
1244 -----------|------------|------------| 1483 --------------|------------|------------|
1245 JSON 1.x | 4990.842 | 4088.813 | 1484 JSON::DWIW/DS | 86302.551 | 102300.098 |
1246 JSON::DWIW | 51653.990 | 71575.154 | 1485 JSON::DWIW/FJ | 86302.551 | 75983.768 |
1247 JSON::PC | 65948.176 | 74631.744 | 1486 JSON::PP | 15827.562 | 6638.658 |
1248 JSON::PP | 8931.652 | 3817.168 | 1487 JSON::Syck | 63358.066 | 47662.545 |
1249 JSON::Syck | 24877.248 | 27776.848 | 1488 JSON::XS | 511500.488 | 511500.488 |
1250 JSON::XS | 388361.481 | 227951.304 | 1489 JSON::XS/2 | 291271.111 | 388361.481 |
1251 JSON::XS/2 | 227951.304 | 218453.333 | 1490 JSON::XS/3 | 361577.931 | 361577.931 |
1252 JSON::XS/3 | 338250.323 | 218453.333 | 1491 Storable | 66788.280 | 265462.278 |
1253 Storable | 16500.016 | 135300.129 |
1254 -----------+------------+------------+ 1492 --------------+------------+------------+
1255 1493
1256That is, JSON::XS is about five times faster than JSON::DWIW on encoding, 1494That is, JSON::XS is almost six times faster than JSON::DWIW on encoding,
1257about three times faster on decoding, and over forty times faster 1495about five times faster on decoding, and over thirty to seventy times
1258than JSON, even with pretty-printing and key sorting. It also compares 1496faster than JSON's pure perl implementation. It also compares favourably
1259favourably to Storable for small amounts of data. 1497to Storable for small amounts of data.
1260 1498
1261Using a longer test string (roughly 18KB, generated from Yahoo! Locals 1499Using a longer test string (roughly 18KB, generated from Yahoo! Locals
1262search API (L<http://dist.schmorp.de/misc/json/long.json>). 1500search API (L<http://dist.schmorp.de/misc/json/long.json>).
1263 1501
1264 module | encode | decode | 1502 module | encode | decode |
1265 -----------|------------|------------| 1503 --------------|------------|------------|
1266 JSON 1.x | 55.260 | 34.971 | 1504 JSON::DWIW/DS | 1647.927 | 2673.916 |
1267 JSON::DWIW | 825.228 | 1082.513 | 1505 JSON::DWIW/FJ | 1630.249 | 2596.128 |
1268 JSON::PC | 3571.444 | 2394.829 |
1269 JSON::PP | 210.987 | 32.574 | 1506 JSON::PP | 400.640 | 62.311 |
1270 JSON::Syck | 552.551 | 787.544 | 1507 JSON::Syck | 1481.040 | 1524.869 |
1271 JSON::XS | 5780.463 | 4854.519 | 1508 JSON::XS | 20661.596 | 9541.183 |
1272 JSON::XS/2 | 3869.998 | 4798.975 | 1509 JSON::XS/2 | 10683.403 | 9416.938 |
1273 JSON::XS/3 | 5862.880 | 4798.975 | 1510 JSON::XS/3 | 20661.596 | 9400.054 |
1274 Storable | 4445.002 | 5235.027 | 1511 Storable | 19765.806 | 10000.725 |
1275 -----------+------------+------------+ 1512 --------------+------------+------------+
1276 1513
1277Again, JSON::XS leads by far (except for Storable which non-surprisingly 1514Again, JSON::XS leads by far (except for Storable which non-surprisingly
1278decodes faster). 1515decodes a bit faster).
1279 1516
1280On large strings containing lots of high Unicode characters, some modules 1517On large strings containing lots of high Unicode characters, some modules
1281(such as JSON::PC) seem to decode faster than JSON::XS, but the result 1518(such as JSON::PC) seem to decode faster than JSON::XS, but the result
1282will be broken due to missing (or wrong) Unicode handling. Others refuse 1519will be broken due to missing (or wrong) Unicode handling. Others refuse
1283to decode or encode properly, so it was impossible to prepare a fair 1520to decode or encode properly, so it was impossible to prepare a fair
1319information you might want to make sure that exceptions thrown by JSON::XS 1556information you might want to make sure that exceptions thrown by JSON::XS
1320will not end up in front of untrusted eyes. 1557will not end up in front of untrusted eyes.
1321 1558
1322If you are using JSON::XS to return packets to consumption 1559If you are using JSON::XS to return packets to consumption
1323by JavaScript scripts in a browser you should have a look at 1560by JavaScript scripts in a browser you should have a look at
1324L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether 1561L<http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/> to
1325you are vulnerable to some common attack vectors (which really are browser 1562see whether you are vulnerable to some common attack vectors (which really
1326design bugs, but it is still you who will have to deal with it, as major 1563are browser design bugs, but it is still you who will have to deal with
1327browser developers care only for features, not about getting security 1564it, as major browser developers care only for features, not about getting
1328right). 1565security right).
1566
1567
1568=head1 "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159)
1569
1570TL;DR: Due to security concerns, JSON::XS will not allow scalar data in
1571JSON texts by default - you need to create your own JSON::XS object and
1572enable C<allow_nonref>:
1573
1574
1575 my $json = JSON::XS->new->allow_nonref;
1576
1577 $text = $json->encode ($data);
1578 $data = $json->decode ($text);
1579
1580The long version: JSON being an important and supposedly stable format,
1581the IETF standardised it as RFC 4627 in 2006. Unfortunately, the inventor
1582of JSON, Dougles Crockford, unilaterally changed the definition of JSON in
1583javascript. Rather than create a fork, the IETF decided to standardise the
1584new syntax (apparently, so Iw as told, without finding it very amusing).
1585
1586The biggest difference between thed original JSON and the new JSON is that
1587the new JSON supports scalars (anything other than arrays and objects) at
1588the toplevel of a JSON text. While this is strictly backwards compatible
1589to older versions, it breaks a number of protocols that relied on sending
1590JSON back-to-back, and is a minor security concern.
1591
1592For example, imagine you have two banks communicating, and on one side,
1593trhe JSON coder gets upgraded. Two messages, such as C<10> and C<1000>
1594might then be confused to mean C<101000>, something that couldn't happen
1595in the original JSON, because niether of these messages would be valid
1596JSON.
1597
1598If one side accepts these messages, then an upgrade in the coder on either
1599side could result in this becoming exploitable.
1600
1601This module has always allowed these messages as an optional extension, by
1602default disabled. The security concerns are the reason why the default is
1603still disabled, but future versions might/will likely upgrade to the newer
1604RFC as default format, so you are advised to check your implementation
1605and/or override the default with C<< ->allow_nonref (0) >> to ensure that
1606future versions are safe.
1607
1608
1609=head1 INTEROPERABILITY WITH OTHER MODULES
1610
1611C<JSON::XS> uses the L<Types::Serialiser> module to provide boolean
1612constants. That means that the JSON true and false values will be
1613comaptible to true and false values of iother modules that do the same,
1614such as L<JSON::PP> and L<CBOR::XS>.
1615
1616
1617=head1 INTEROPERABILITY WITH OTHER JSON DECODERS
1618
1619As long as you only serialise data that can be directly expressed in JSON,
1620C<JSON::XS> is incapable of generating invalid JSON output (modulo bugs,
1621but C<JSON::XS> has found more bugs in the official JSON testsuite (1)
1622than the official JSON testsuite has found in C<JSON::XS> (0)).
1623
1624When you have trouble decoding JSON generated by this module using other
1625decoders, then it is very likely that you have an encoding mismatch or the
1626other decoder is broken.
1627
1628When decoding, C<JSON::XS> is strict by default and will likely catch all
1629errors. There are currently two settings that change this: C<relaxed>
1630makes C<JSON::XS> accept (but not generate) some non-standard extensions,
1631and C<allow_tags> will allow you to encode and decode Perl objects, at the
1632cost of not outputting valid JSON anymore.
1633
1634=head2 TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS
1635
1636When you use C<allow_tags> to use the extended (and also nonstandard and
1637invalid) JSON syntax for serialised objects, and you still want to decode
1638the generated When you want to serialise objects, you can run a regex
1639to replace the tagged syntax by standard JSON arrays (it only works for
1640"normal" packagesnames without comma, newlines or single colons). First,
1641the readable Perl version:
1642
1643 # if your FREEZE methods return no values, you need this replace first:
1644 $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx;
1645
1646 # this works for non-empty constructor arg lists:
1647 $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx;
1648
1649And here is a less readable version that is easy to adapt to other
1650languages:
1651
1652 $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g;
1653
1654Here is an ECMAScript version (same regex):
1655
1656 json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,");
1657
1658Since this syntax converts to standard JSON arrays, it might be hard to
1659distinguish serialised objects from normal arrays. You can prepend a
1660"magic number" as first array element to reduce chances of a collision:
1661
1662 $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g;
1663
1664And after decoding the JSON text, you could walk the data
1665structure looking for arrays with a first element of
1666C<XU1peReLzT4ggEllLanBYq4G9VzliwKF>.
1667
1668The same approach can be used to create the tagged format with another
1669encoder. First, you create an array with the magic string as first member,
1670the classname as second, and constructor arguments last, encode it as part
1671of your JSON structure, and then:
1672
1673 $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g;
1674
1675Again, this has some limitations - the magic string must not be encoded
1676with character escapes, and the constructor arguments must be non-empty.
1677
1678
1679=head1 RFC7159
1680
1681Since this module was written, Google has written a new JSON RFC, RFC 7159
1682(and RFC7158). Unfortunately, this RFC breaks compatibility with both the
1683original JSON specification on www.json.org and RFC4627.
1684
1685As far as I can see, you can get partial compatibility when parsing by
1686using C<< ->allow_nonref >>. However, consider thew security implications
1687of doing so.
1688
1689I haven't decided yet when to break compatibility with RFC4627 by default
1690(and potentially leave applications insecure) and change the default to
1691follow RFC7159, but application authors are well advised to call C<<
1692->allow_nonref(0) >> even if this is the current default, if they cannot
1693handle non-reference values, in preparation for the day when the4 default
1694will change.
1329 1695
1330 1696
1331=head1 THREADS 1697=head1 THREADS
1332 1698
1333This module is I<not> guaranteed to be thread safe and there are no 1699This module is I<not> guaranteed to be thread safe and there are no
1336process simulations - use fork, it's I<much> faster, cheaper, better). 1702process simulations - use fork, it's I<much> faster, cheaper, better).
1337 1703
1338(It might actually work, but you have been warned). 1704(It might actually work, but you have been warned).
1339 1705
1340 1706
1707=head1 THE PERILS OF SETLOCALE
1708
1709Sometimes people avoid the Perl locale support and directly call the
1710system's setlocale function with C<LC_ALL>.
1711
1712This breaks both perl and modules such as JSON::XS, as stringification of
1713numbers no longer works correctly (e.g. C<$x = 0.1; print "$x"+1> might
1714print C<1>, and JSON::XS might output illegal JSON as JSON::XS relies on
1715perl to stringify numbers).
1716
1717The solution is simple: don't call C<setlocale>, or use it for only those
1718categories you need, such as C<LC_MESSAGES> or C<LC_CTYPE>.
1719
1720If you need C<LC_NUMERIC>, you should enable it only around the code that
1721actually needs it (avoiding stringification of numbers), and restore it
1722afterwards.
1723
1724
1341=head1 BUGS 1725=head1 BUGS
1342 1726
1343While the goal of this module is to be correct, that unfortunately does 1727While the goal of this module is to be correct, that unfortunately does
1344not mean it's bug-free, only that I think its design is bug-free. It is 1728not mean it's bug-free, only that I think its design is bug-free. If you
1345still relatively early in its development. If you keep reporting bugs they 1729keep reporting bugs they will be fixed swiftly, though.
1346will be fixed swiftly, though.
1347 1730
1348Please refrain from using rt.cpan.org or any other bug reporting 1731Please refrain from using rt.cpan.org or any other bug reporting
1349service. I put the contact address into my modules for a reason. 1732service. I put the contact address into my modules for a reason.
1350 1733
1351=cut 1734=cut
1352 1735
1353our $true = do { bless \(my $dummy = 1), "JSON::XS::Boolean" }; 1736BEGIN {
1354our $false = do { bless \(my $dummy = 0), "JSON::XS::Boolean" }; 1737 *true = \$Types::Serialiser::true;
1738 *true = \&Types::Serialiser::true;
1739 *false = \$Types::Serialiser::false;
1740 *false = \&Types::Serialiser::false;
1741 *is_bool = \&Types::Serialiser::is_bool;
1355 1742
1356sub true() { $true } 1743 *JSON::XS::Boolean:: = *Types::Serialiser::Boolean::;
1357sub false() { $false }
1358
1359sub is_bool($) {
1360 UNIVERSAL::isa $_[0], "JSON::XS::Boolean"
1361# or UNIVERSAL::isa $_[0], "JSON::Literal"
1362} 1744}
1363 1745
1364XSLoader::load "JSON::XS", $VERSION; 1746XSLoader::load "JSON::XS", $VERSION;
1365
1366package JSON::XS::Boolean;
1367
1368use overload
1369 "0+" => sub { ${$_[0]} },
1370 "++" => sub { $_[0] = ${$_[0]} + 1 },
1371 "--" => sub { $_[0] = ${$_[0]} - 1 },
1372 fallback => 1;
1373
13741;
1375 1747
1376=head1 SEE ALSO 1748=head1 SEE ALSO
1377 1749
1378The F<json_xs> command line utility for quick experiments. 1750The F<json_xs> command line utility for quick experiments.
1379 1751
1382 Marc Lehmann <schmorp@schmorp.de> 1754 Marc Lehmann <schmorp@schmorp.de>
1383 http://home.schmorp.de/ 1755 http://home.schmorp.de/
1384 1756
1385=cut 1757=cut
1386 1758
17591
1760

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines