JSON: Difference between revisions
m WP:CHECKWIKI error fix for #61. Punctuation goes before References. Do general fixes if a problem exists. - using AWB (10242) |
→Data types, syntax and example: Non-sensible to measure a person's height to 100 micrometers |
||
Line 60: | Line 60: | ||
"isAlive": true, |
"isAlive": true, |
||
"age": 25, |
"age": 25, |
||
"height_cm": 167. |
"height_cm": 167.6, |
||
"address": { |
"address": { |
||
"streetAddress": "21 2nd Street", |
"streetAddress": "21 2nd Street", |
Revision as of 10:42, 3 July 2014
Filename extension |
.json |
---|---|
Internet media type |
application/json |
Uniform Type Identifier (UTI) | public.json |
Type of format | Data interchange |
Extended from | JavaScript |
Standard | RFC 7159, ECMA-404 |
Website | json |
JSON (/ˈdʒeɪsən/ JEY-suhn) (pronounced as the common name 'Jason'),[1] or JavaScript Object Notation, is an open standard format that uses human-readable text to transmit data objects consisting of attribute–value pairs. It is used primarily to transmit data between a server and web application, as an alternative to XML.
Although originally derived from the JavaScript scripting language, JSON is a language-independent data format, and code for parsing and generating JSON data is readily available in a large variety of programming languages.
The JSON format was originally specified by Douglas Crockford. It is currently described by two competing standards, RFC 7159 and ECMA-404. The ECMA standard is minimal, describing only the allowed grammar syntax, whereas the RFC also provides some semantic and security considerations.[2] The official Internet media type for JSON is application/json
. The JSON filename extension is .json
.
History
Douglas Crockford was the first to specify and popularize the JSON format.[3] JSON grew out of a perceived need for stateful, real-time server-to-browser communication without using browser plugins such as Flash or Java applets, which were the dominant method at the time.
The acronym JSON was coined at State Software Inc., a company co-founded by Douglas Crockford, Chip Morningstar and Robert F. Napiltonia, starting in April 2001, and funded by Tesla Ventures. When State was founded in early 2001 by six former employees of Communities.com, they agreed to build a system that used standard browser capabilities and provided an abstraction layer for Web developers to create stateful Web applications that had a persistent duplex connection to a Web server by holding the two HTTP connections open and recycling them before standard browser time-outs if no further data were exchanged. The idea for the State Application Framework was developed by Chip Morningstar at State Software.[4][5] It was used in a project at Communities.com for Cartoon Network, which used a plug-in with a proprietary messaging format to manipulate DHTML elements (this system is also owned by 3DO). Upon discovery of early Ajax capabilities, digiGroups, Noosh, and others used frames to pass information into the user browsers' visual field without refreshing a Web application's visual context, realizing real-time rich Web applications using only the standard HTTP, HTML and JavaScript capabilities of Netscape 4.0.5+ and IE 5+. Douglas Crockford then found that JavaScript could be used as an object-based messaging format for such a system. The system was sold to Sun Microsystems, Amazon.com and EDS. The JSON.org Web site was launched in 2002. In December 2005, Yahoo! began offering some of its Web services in JSON.[6] Google started offering JSON feeds for its GData web protocol in December 2006.[7]
Although JSON was originally based on a non-strict subset of the JavaScript scripting language (specifically, Standard ECMA-262 3rd Edition—December 1999[8]) and is commonly used with that language, it is a language-independent data format. Code for parsing and generating JSON data is readily available for a large variety of programming languages. JSON's Web site provides a comprehensive listing of existing JSON libraries, organized by language.
Though JSON is commonly perceived as being a subset of JavaScript and ECMAScript, it allows some unescaped characters in strings that are illegal in JavaScript and ECMAScript strings.[9]
A typical mashup fetches JSON-format data from several different web servers using an Open API.
Data types, syntax and example
JSON's basic types are:
- Number — a signed decimal number that may contain a fractional part and may use exponential E notation. JSON does not allow non-numbers like NaN, nor does it make any distinction between integer and floating-point. (Even though JavaScript uses a double-precision floating-point format for all its numeric values, other languages implementing JSON may encode numbers differently)
- String — a sequence of zero or more Unicode characters, though characters outside the BMP must be represented as a surrogate pair. Strings are delimited with double-quotation marks and support a backslash escaping syntax.
- Boolean — either of the values
true
orfalse
- Array — an ordered list of zero or more values, each of which may be of any type. Arrays use square bracket notation with elements being comma-separated.
- Object — an unordered associative array (name/value pairs). Objects are delimited with curly brackets and use commas to separate each pair, while within each pair the colon ':' character separates the key or name from its value. All keys must be strings and should be distinct from each other within that object.
null
— An empty value, using the wordnull
JSON generally ignores any whitespace around or between syntactic elements (values and punctuation, but not within a string value). However JSON only recognizes four specific whitespace characters: the space, horizontal tab, line feed, and carriage return. JSON does not provide or allow any sort of comment syntax.
Early versions of JSON (such as specified by RFC 4627) required that a valid JSON "document" must consist of only an object or an array type—though they could contain other types within them. This restriction was relaxed starting with RFC 7158, so that a JSON document may consist entirely of any possible JSON typed value.
The following example shows a possible JSON representation describing a person.
{
"firstName": "John",
"lastName": "Smith",
"isAlive": true,
"age": 25,
"height_cm": 167.6,
"address": {
"streetAddress": "21 2nd Street",
"city": "New York",
"state": "NY",
"postalCode": "10021-3100"
},
"phoneNumbers": [
{ "type": "home", "number": "212 555-1234" },
{ "type": "office", "number": "646 555-4567" }
]
}
Data portability issues
Despite the widespread belief that JSON is a strict subset of JavaScript, this is not the case. Specifically, JSON allows the Unicode line terminators U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR to appear unescaped in quoted strings, while JavaScript does not.[10] This is a consequence of JSON disallowing only "control characters". For maximum portability these characters should be backslash-escaped. This subtlety is important when generating JSONP.
Although permitted by JSON, including the null character U+0000 <control-0000> in a string, whether backslash-escaped or not, may cause problems with some JSON implementations, especially those based on the C language.[11]
JSON documents may be, and often are, encoded in UTF-8, which supports the full Unicode character set. However, including characters outside the BMP (U+10000 to U+10FFFF) can be problematic. In particular, those characters must be explicitly encoded (and decoded) using surrogate pairs. This is similar to how the UTF-16 encoding works. For example, to include the Emoji character U+1F602 😂 FACE WITH TEARS OF JOY in JSON:
{ "face": "\uD83D\uDE02" }
Numbers in JSON are agnostic with regards to their representation within programming languages. No differentiation is made between an integer and floating-point value: some implementations may treat 42
, 42.0
, and 4.2E+1
as the same number while others may not. Furthermore no requirements are made regarding implementation issues such as overflow, underflow, loss of precision, or rounding. Additionally, JSON says nothing about the treatment of signed zeros: whether 0.0
is distinct from -0.0
. Most implementations that use the IEEE 754 floating-point standard, including JavaScript, will preserve signed zeros; but not all JSON implementation may do so.
Using JSON in JavaScript
Since JSON was derived from JavaScript and its syntax is (mostly) a subset of the language, it is often possible to use the JavaScript eval()
function to parse JSON data. This is considered unsafe. Instead, a JSON parser library or JavaScript's native JSON support should be used for reading and writing JSON. A correctly implemented JSON parser will only accept valid JSON, preventing potentially malicious code from being inadvertently executed.
var p = JSON.parse(contact);
Web browsers, such as Firefox and Internet Explorer, have, since 2010, included support for parsing JSON. As native browser support is more efficient and secure than eval()
, native JSON support is included in Edition 5 of the ECMAScript standard.[12]
Unsupported native data types
JavaScript syntax defines several native data types that are not included in the JSON standard:[13] Date, Error, Regular Expression, and Function. These JavaScript data types must be represented by some other data format, with the programs on both ends agreeing on how to convert between the types. As of 2011[update], there are some de facto standards, e.g., converting from Date to String, but none universally recognized.[14][15] Other languages may have a different set of native types that must be serialized carefully to deal with this type of conversion.
Schema and Metadata
JSON Schema
JSON Schema[16] specifies a JSON-based format to define the structure of JSON data for validation, documentation, and interaction control. A JSON Schema provides a contract for the JSON data required by a given application, and how that data can be modified. JSON Schema is based on the concepts from XML Schema, RelaxNG, and Kwalify, but is JSON-based. The JSON data schema can be used to validate JSON data; the same serialization/deserialization tools can be used both for the schema and data. The schema is self-describing.
JSON Schema is an Internet Draft, currently version 4.[17] There are several validators available for different programming languages,[18] each with varying levels of conformance.
Example JSON Schema (draft 3):
{
"$schema": "http://json-schema.org/draft-03/schema#",
"name": "Product",
"type": "object",
"properties": {
"id": {
"type": "number",
"description": "Product identifier",
"required": true
},
"name": {
"type": "string",
"description": "Name of the product",
"required": true
},
"price": {
"type": "number",
"minimum": 0,
"required": true
},
"tags": {
"type": "array",
"items": {
"type": "string"
}
},
"stock": {
"type": "object",
"properties": {
"warehouse": {
"type": "number"
},
"retail": {
"type": "number"
}
}
}
}
}
The JSON Schema above can be used to test the validity of the JSON code below:
{
"id": 1,
"name": "Foo",
"price": 123,
"tags": [ "Bar", "Eek" ],
"stock": {
"warehouse": 300,
"retail": 20
}
}
MIME type
The official MIME type for JSON text is "application/json
".[19] Although most modern implementations have adopted the official MIME type, many applications continue to provide legacy support for other MIME types. Many service providers, browsers, servers, web applications, libraries, frameworks, and APIs use, expect, or recognize the (unofficial) MIME type "text/json
" or the content-type "text/javascript
". Notable examples include the Google Search API,[20] Yahoo!,[20][21] Flickr,[20] Facebook API,[22] Lift framework,[23] Dojo Toolkit 0.4,[24] etc.
Applications
JSON-RPC
JSON-RPC is an RPC protocol built on JSON, as a replacement for XML-RPC or SOAP. It is a simple protocol that defines only a handful of data types and commands. JSON-RPC lets a system send notifications (information to the server that does not require a response) and multiple calls to the server that can be answered out of order. Example of a JSON-RPC 2.0 request and response using positional parameters.
--> {"jsonrpc": "2.0", "method": "subtract", "params": [42, 23], "id": 1}
<-- {"jsonrpc": "2.0", "result": 19, "id": 1}
Ajax
JSON is often used in Ajax techniques. Ajax is a term for the ability of a webpage to request new data after it has loaded into the web browser, usually in response to user actions on the displayed webpage. As part of the Ajax model, the new data is usually incorporated into the user interface display dynamically the moment it arrives back from the server. For example when the user is typing into a search box, client-side code sends what they type to a server that will respond with a possible list of items from its database. These might be displayed in a drop-down list beneath the search box. The user may then stop typing and select the relevant string directly. When it was originally implemented in the mid-2000s, Ajax commonly used XML as the data interchange format. Now many developers use JSON to pass the Ajax updates between the server and the client.[25]
The following JavaScript code is just one example of a client using XMLHttpRequest to request data in JSON format from a server. (The server-side programming is omitted; it must be set up to service requests to the url
containing a JSON-formatted string.)
var my_JSON_object;
var http_request = new XMLHttpRequest();
http_request.open("GET", url, true);
http_request.onreadystatechange = function () {
var done = 4, ok = 200;
if (http_request.readyState === done && http_request.status === ok) {
my_JSON_object = JSON.parse('''http_request.responseText''');
}
};
http_request.send(null);
Security issues
Although JSON is intended solely as a data serialization format, its design as a non-strict subset of the JavaScript scripting language poses several security concerns. These concerns center on the use of a JavaScript interpreter to execute JSON text dynamically as embedded JavaScript. This exposes a program to errant or malicious scripts. This is a serious issue when dealing with data retrieved from the Internet. This easy and popular but risky technique exploits JSON's compatibility with the JavaScript eval()
function, which is described below.
JavaScript eval()
Because most JSON-formatted text is also syntactically legal JavaScript code, a seductively easy way for a JavaScript program to parse JSON-formatted data is to use the built-in JavaScript eval()
function, which was designed to evaluate JavaScript expressions. Rather than using a JSON-specific parser, the JavaScript interpreter itself is used to execute the JSON data producing native JavaScript objects. This technique is terribly risky, however, if there is any chance that the JSON data might contain arbitrary JavaScript code, which would then be executed also.
Unless precautions are taken to validate the data first, the eval technique is subject to security vulnerabilities when the data and the entire JavaScript environment are not within the control of a single trusted source. For example, if the data is itself not trusted, it is subject to malicious JavaScript code injection attacks. Such breaches of trust also can create vulnerabilities for data theft, authentication forgery, and other potential misuse of data and resources.
As a workaround, a regular expression can be used to partially validate the data prior to invoking eval()
. The RFC that defines JSON (RFC 4627) suggests using the following code to validate JSON before evaluating it (the variable 'text' is the input JSON):[26]
var my_JSON_object = !(/[^,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t]/.test(
text.replace(/"(\\.|[^"\\])*"/g, ''))) && eval('(' + text + ')');
A new function, JSON.parse()
, was thus developed as a safer alternative to eval
. It is specifically intended to process JSON data and not JavaScript. It was originally planned for inclusion in the Fourth Edition of the ECMAScript standard,[27] but this did not occur. It was first added to the Fifth Edition,[28] and is now supported by the major browsers given below. For older ones, a compatible JavaScript library is available at JSON.org.
An additional issue when parsing JSON using the eval()
function is that there are some Unicode characters that are valid in JSON strings but invalid in JavaScript, so additional escaping may be needed in some cases.[29]
Native encoding and decoding in browsers
Recent Web browsers now either have or are working on native JSON encoding/decoding. Not only does this eliminate the eval()
security problem above, but it can also increase performance compared to the JavaScript libraries commonly used before. As of June 2009 the following browsers have or will have native JSON support, via JSON.parse()
and JSON.stringify()
:
- Mozilla Firefox 3.5+[30]
- Microsoft Internet Explorer 8+[31]
- Opera 10.5+[32]
- WebKit-based browsers (Apple Safari)[33]
- Blink-based browsers (e.g. Google Chrome, Opera)
At least five popular JavaScript libraries have committed to use native JSON, if available:
The default character encoding for JSON is UTF-8; it also supports UTF-16 and UTF-32.
Object references
The JSON standard does not support object references, but the Dojo Toolkit illustrates how conventions can be adopted to support such references using standard JSON. Specifically, the dojox.json.ref module provides support for several forms of referencing including circular, multiple, inter-message, and lazy referencing.[39][40] Alternatively, non-standard solutions exist such as the use of Mozilla JavaScript Sharp Variables, although this functionality has been removed in Firefox version 12.[41]
Comparison with other formats
JSON is promoted as a low-overhead alternative to XML as both of these formats have widespread support for creation, reading and decoding in the real-world situations where they are commonly used.[42] Apart from XML, examples could include OGDL, YAML and CSV. Also, Google Protocol Buffers can fill this role, although it is not a data interchange language.
YAML
YAML is almost, but not entirely, a superset of JSON. For example, escaping a slash (/) with a backslash (\) is valid JSON, but not valid YAML. (This is common practice when injecting JSON into HTML to protect against cross-site scripting attacks.) Nonetheless, many YAML parsers can natively parse the output from many JSON encoders.[43]
XML
XML has been used to describe structured data and to serialize objects. Various XML-based protocols exist to represent the same kind of data structures as JSON for the same kind of data interchange purposes. When data is encoded in XML, the result is typically larger than an equivalent encoding in JSON, mainly because of XML's closing tags. Yet, if the data is compressed using an algorithm like gzip, there is little difference because compression is good at saving space when a pattern is repeated.
When used without an XML schema, XML values don't have a specific data type.
Samples
JSON sample
{
"firstName": "John",
"lastName": "Smith",
"age": 25,
"address": {
"streetAddress": "21 2nd Street",
"city": "New York",
"state": "NY",
"postalCode": "10021"
},
"phoneNumber": [
{
"type": "home",
"number": "212 555-1239"
},
{
"type": "fax",
"number": "646 555-4567"
}
],
"gender":{
"type":"male"
}
}
Both of the following examples carry the same kind of information as the JSON example above in different ways.
YAML sample
The above JSON code is also entirely valid YAML; however, YAML also offers an alternative syntax intended to be more human-accessible by replacing nested delimiters like {}
, []
, and "
marks with structured whitespace indents.[43]
---
firstName: John
lastName: Smith
age: 25
address:
streetAddress: 21 2nd Street
city: New York
state: NY
postalCode: 10021
phoneNumber:
-
type: home
number: 212 555-1234
-
type: fax
number: 646 555-4567
gender:
type: male
XML samples
<person>
<firstName>John</firstName>
<lastName>Smith</lastName>
<age>25</age>
<address>
<streetAddress>21 2nd Street</streetAddress>
<city>New York</city>
<state>NY</state>
<postalCode>10021</postalCode>
</address>
<phoneNumbers>
<phoneNumber type="home">212 555-1234</phoneNumber>
<phoneNumber type="fax">646 555-4567</phoneNumber>
</phoneNumbers>
<gender>
<type>male</type>
</gender>
</person>
The properties can also be serialized using attributes instead of tags:
<person firstName="John" lastName="Smith" age="25">
<address streetAddress="21 2nd Street" city="New York" state="NY" postalCode="10021" />
<phoneNumbers>
<phoneNumber type="home" number="212 555-1234"/>
<phoneNumber type="fax" number="646 555-4567"/>
</phoneNumbers>
<gender type="male"/>
</person>
The XML encoding may therefore be comparable in length to the equivalent JSON encoding. A wide range of XML processing technologies exist, from the Document Object Model to XPath and XSLT. XML can also be styled for immediate display using CSS. XHTML is a form of XML so that elements can be passed in this form ready for direct insertion into webpages using client-side scripting.
See also
- BOND - A JSON format file for exchange of configurations and data in behavioral neuroscience
- S-expression - the comparable LISP format for trees as text.
- JSONP – JSON with Padding, a pattern of usage commonly employed when retrieving JSON across domains
- Binary encodings for JSON
- GeoJSON - an open format for encoding a variety of geographic data structures
- JSON-LD - JavaScript Object Notation for Linked Data, currently a W3C Recommendation
- JSON-RPC
- SOAPjr – a hybrid of SOAP and JR (JSON-RPC)
- JsonML
- Jayrock - an open source implementation of JSON for the .NET Framework.
- qdFoxJSON - a JSON implementation for Visual FoxPro.
References
- ^ "Doug Crockford "Google Tech Talks: JavaScript: The Good Parts"". 7 February 2009.
- ^ Bray, Tim. "JSON Redux AKA RFC7159". Ongoing. Retrieved 16 March 2014.
- ^ Video: Douglas Crockford — The JSON Saga, on Yahoo! Developer Network. In the video Crockford states: "I do not claim to have invented JSON ... What I did was I found it, I named it, I described how it was useful. ... So, the idea's been around there for a while. What I did was I gave it a specification, and a little Web site."
- ^
"Chip Morningstar Biography". undated.
{{cite web}}
: Check date values in:|date=
(help) - ^ "State Software Breaks Through Web App Development Barrier With State Application Framework: Software Lets Developers Create Truly Interactive Applications; Reduces Costs, Development Time and Improves User Experience". PR Newswire. February 12, 2002.
- ^ Yahoo!. "Using JSON with Yahoo! Web services". Archived from the original on October 11, 2007. Retrieved July 3, 2009.
- ^ Google. "Using JSON with Google Data APIs". Retrieved July 3, 2009.
{{cite web}}
:|author=
has generic name (help) - ^ Crockford, Douglas (May 28, 2009). "Introducing JSON". json.org. Retrieved July 3, 2009.
- ^ Magnus Holm. "JSON: The JavaScript subset that isn't".
- ^ Magnus Holm (May 15, 2011), "JSON: The JavaScript subset that isn't", The timeless repository, 9212af0a8d2124b92a7e4c6355007e4b4b0ae71d, retrieved 2013-01-11
- ^ "RFC Conformance". Jansson. Retrieved 16 March 2014.
- ^ Standard ECMA-262
- ^ RFC 7159
- ^ jquery - How to format a JSON date? - Stack Overflow
- ^ Dates and JSON - Tales from the Evil Empire
- ^ JSON Schema
- ^ JSON Schema draft 4
- ^ JSON Schema implementations
- ^ IANA | Application Media Types
- ^ a b c Faraday Stack pull request
- ^ Yahoo!, JavaScript, and JSON
- ^ AFNetworking pull request 148
- ^ Lift framework source
- ^ Dojo Toolkit 0.4 /src/io/BrowserIO.js
- ^ Garrett, Jesse James (18 February 2005). "Ajax: A New Approach to Web Applications". Adaptive Path. Retrieved 19 March 2012.
- ^ Douglas Crockford (July 2006). "IANA Considerations". The application/json Media Type for JavaScript Object Notation (JSON). IETF. sec. 6. doi:10.17487/RFC4627. RFC 4627. Retrieved October 21, 2009.
- ^ Crockford, Douglas (December 6, 2006). "JSON: The Fat-Free Alternative to XML". Retrieved July 3, 2009.
- ^ "ECMAScript Fifth Edition" (PDF). Retrieved March 18, 2011.
- ^ "JSON: The JavaScript subset that isn't". Magnus Holm. Retrieved 16 May 2011.
- ^ "Using Native JSON". June 30, 2009. Retrieved July 3, 2009.
- ^ Barsan, Corneliu (September 10, 2008). "Native JSON in IE8". Retrieved July 3, 2009.
- ^ "Web specifications supported in Opera Presto 2.5". March 10, 2010. Retrieved March 29, 2010.
- ^ Hunt, Oliver (June 22, 2009). "Implement ES 3.1 JSON object". Retrieved July 3, 2009.
- ^ "YUI 2: JSON utility". September 1, 2009. Retrieved October 22, 2009.
- ^ "Learn JSON". April 7, 2010. Retrieved April 7, 2010.
- ^ "Ticket #4429". May 22, 2009. Retrieved July 3, 2009.
- ^ "Ticket #8111". June 15, 2009. Retrieved July 3, 2009.
- ^ "Ticket 419". October 11, 2008. Retrieved July 3, 2009.
- ^ Zyp, Kris (June 17, 2008). "JSON referencing in Dojo". Retrieved July 3, 2009.
- ^ von Gaza, Tys (Dec 7, 2010). "JSON referencing in jQuery". Retrieved Dec 7, 2010.[dead link]
- ^ "Sharp variables in JavaScript". Retrieved 21 April 2012.
- ^ "JSON: The Fat-Free Alternative to XML". json.org. Retrieved 14 March 2011.
- ^ a b YAML Version 1.2
External links
- Format home page
- RFC 7159 - The JavaScript Object Notation (JSON) Data Interchange Format
- ECMA-404 - The JSON Data Interchange Format