|
JSON (JavaScript Object Notation) (Pronounced like Jason, IPA /dʒeɪsən/) is a lightweight computer data interchange format. It is a text-based, human-readable format for representing simple data structures and associative arrays (called objects). The JSON format is specified in RFC 4627 by Douglas Crockford. The official Internet media type for JSON is application/json. Articles with similar titles include the NATO phonetic alphabet, which has also informally been called the “International Phonetic Alphabetâ€. For information on how to read IPA transcriptions of English words, see IPA chart for English. ...
This article is about the machine. ...
A binary tree, a simple type of branching linked data structure. ...
An associative array (also map, hash, dictionary, finite map, lookup table, and in query-processing an index or index file) is an abstract data type composed of a collection of keys and a collection of values, where each key is associated with one value. ...
Douglas Crockford is a developer who currently works for Yahoo!. He is known for his work in video game design, including the porting of Maniac Mansion. ...
An Internet media type,[1] originally called a MIME type after MIME and sometimes a Content-type after the name of a header in several protocols whose value is such a type, is a two-part identifier for file formats on the Internet. ...
The JSON format is often used for transmitting structured data over a network connection in a process called serialization. Its main application is in Ajax web application programming, where it serves as an alternative to the traditional use of the XML format. In computer science, in the context of data storage and transmission, serialization is the process of saving an object onto a storage medium (such as a file, or a memory buffer) or to transmit it across a network connection link, either in binary form, or in some human-readable text...
“AJAX†redirects here. ...
The Extensible Markup Language (XML) is a general-purpose markup language. ...
Although JSON was based on a subset of the JavaScript programming language (specifically, Standard ECMA-262 3rd Edition—December 1999[1]) and is commonly used with that language, it is considered to be a language-independent data format. Code for parsing and generating JSON data is readily available for a large variety of programming languages. The json.org website provides a comprehensive listing of existing JSON bindings, organized by language. It has been suggested that Client-side JavaScript be merged into this article or section. ...
Ecma International is an international membership-based standards organization for information and communication systems. ...
A language-independent specification (LIS) is a programming language specification providing a common interface usable for defining semantics applicable toward arbitrary language bindings; in other words, LISs are language-agnostic. ...
Other listings of programming languages are: Categorical list of programming languages Generational list of programming languages Chronological list of programming languages Note: Esoteric programming languages have been moved to the separate List of esoteric programming languages. ...
In computer science, binding refers to the creation of a simple reference to something which is larger and more complicated and used frequently. ...
In December 2005, Yahoo! began offering some of its Web Services optionally in JSON.[2] Google started offering JSON feeds for its GData web protocol in December 2006.[3] A web service is a collection of protocols and standards used for exchanging data between applications. ...
GData provides a simple standard protocol for reading and writing data on the internet. ...
Supported data types, syntax and example
JSON's basic types are The following example shows the JSON representation of an object that describes a person. The object has string fields for first name and last name, contains an object representing the person's address, and contains a list of phone numbers (an array). A floating-point number is a digital representation for a number in a certain subset of the rational numbers, and is often used to approximate an arbitrary real number on a computer. ...
In computer programming and formal language theory, (and other branches of mathematics), a string is an ordered sequence of symbols. ...
The Unicode Standard, Version 5. ...
In computing and telecommunication, an escape character is one which has a special meaning in a sequence of characters. ...
In computer science, the Boolean datatype, sometimes called the logical datatype, is a primitive datatype having two values: one and zero (which are equivalent to true and false). ...
This article does not cite any references or sources. ...
For technical reasons, :) and some similar combinations starting with : redirect here. ...
An associative array (also map, hash, dictionary, finite map, lookup table, and in query-processing an index or index file) is an abstract data type composed of a collection of keys and a collection of values, where each key is associated with one value. ...
For technical reasons, :) and some similar combinations starting with : redirect here. ...
In computer programming, null is a special value for a pointer (or other kind of reference) used to signify that the pointer intentionally does not have a target. ...
{ "firstName": "John", "lastName": "Smith", "address": { "streetAddress": "21 2nd Street", "city": "New York", "state": "NY", "postalCode": 10021 }, "phoneNumbers": [ "212 732-1234", "646 123-4567" ] } Suppose the above text is contained in the JavaScript string variable JSON_text. Since JSON is a subset of JavaScript's object literal notation, one can then recreate the object describing John Smith with a simple eval(): In Computer Science, a literal is a notation for representing a fixed value in source code, eg string literal. ...
In some programming languages, eval is a function which evaluates a string as though it were an expression and returns a result; in others, it executes multiple lines of code as though they had been included instead of the line including the eval. ...
var p = eval("(" + JSON_text + ")"); and the fields p.firstName, p.address.city, p.phoneNumbers[0] etc. are then accessible. Parentheses are necessary because bare objects are not valid JavaScript.
In general, eval() should only be used to parse JSON if the source of the JSON-formatted text is completely trusted; the execution of untrusted code is obviously dangerous. JSON parsers are available to process JSON input from less trusted sources.
Using JSON in Ajax The following Javascript code shows how the client can use an XMLHttpRequest to request an object in JSON format from the server. (The server-side programming is omitted; it has to be set up to respond to requests at url with a JSON-formatted string.) XMLHttpRequest (XHR) is an API that can be used by JavaScript, and other web browser scripting languages to transfer XML and other text data to and from a web server using HTTP, by establishing an independent communication channel between a web pages Client-Side and Server-Side. ...
var the_object; var http_request = new XMLHttpRequest(); http_request.open("GET", url, true); http_request.onreadystatechange = function () { if (http_request.readyState == 4) { if (http_request.status == 200) { the_object = eval("(" + http_request.responseText + ")"); } else { alert("There was a problem with the URL."); } http_request = null; } }; Note that the use of XMLHttpRequest in this example is not cross-browser; syntactic variations are available on Internet Explorer, Opera, Safari, and Mozilla-based browsers. The usefulness of XMLHttpRequest is limited by the same origin policy: the URL replying to the request must reside on the same host that served the current page. XMLHttpRequest (XHR) is an API that can be used by JavaScript, and other web browser scripting languages to transfer XML and other text data to and from a web server using HTTP, by establishing an independent communication channel between a web pages Client-Side and Server-Side. ...
Cross-browser refers to the ability for a website, web application, HTML construct or client-side script to support multiple web browsers. ...
For other uses, see Syntax (disambiguation). ...
Windows Internet Explorer (formerly Microsoft Internet Explorer, abbreviated MSIE), commonly abbreviated to IE, is a series of proprietary graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems starting in 1995. ...
Opera is an Internet suite which handles common internet-related tasks, including visiting web sites, sending and receiving e-mail messages, managing contacts, and online chat. ...
Safari is a web browser developed by Apple Inc. ...
Mozilla was the official, public, original name of Mozilla Application Suite by the Mozilla Foundation, nowadays called SeaMonkey suite. ...
In computing, the same origin policy is an important security measure for client-side scripting (mostly JavaScript). ...
Browsers can also use <iframe> elements to asynchronously request JSON data in a cross-browser fashion, or use simple <form action="url_to_cgi_script" target="name_of_hidden_iframe"> submissions. These approaches were prevalent prior to the advent of widespread support for XMLHttpRequest. IFRAME is a tag used in web page designing. ...
Cross-browser refers to the ability for a website, web application, HTML construct or client-side script to support multiple web browsers. ...
Dynamic <script> tags can also be used to transport JSON data. With this technique it is possible to get around the overly restrictive same origin policy but it is insecure. JSONRequest has been proposed as a safer alternative. In computing, an HTML element indicates structure in an HTML document and a way of hierarchically arranging content. ...
In computing, the same origin policy is an important security measure for client-side scripting (mostly JavaScript). ...
Security issues JSON is a self-contained unambiguous data representation format, and since it carries no executable or algorithmic meaning, it is inherently secure by itself. Security issues can arise, however, if a program incorrectly processes JSON-formatted data as though it were something else. Since the JSON syntax is, by design, a subset of the JavaScript syntax, most security concerns involve having a JavaScript interpreter directly process JSON text as though it were JavaScript source code.
JavaScript eval() Because most JSON-formatted text is also syntactically legal JavaScript code, an easy way for a JavaScript program to parse JSON-formatted data is to use the built-in JavaScript eval() function. Rather than using a JSON-specific parser, the JavaScript interpreter itself is used to execute the JSON data to produce native JavaScript objects. This technique relies on intentionally misrepresenting the format of the input text as being JavaScript rather than JSON.
Using the eval technique can be safe as long as everything, including both the JSON data and the entire JavaScript environment, is within the control of a single trusted source. In a web browser environment, however, this unified trust of all the components does not exist, allowing security to be breached. If the JSON data is itself not trusted, it would be possible to embed rogue JavaScript code inside the supposed JSON data. In addition, if the entire JavaScript environment is not trusted (including all the code loaded into the environment), then it is theoretically possible to intercept the evaluation of the JSON data.
The parseJSON method is a safe alternative to eval. It will likely be included in the Fourth Edition of the ECMAScript standard. It is available now as a JavaScript library at http://www.JSON.org/json.js
Cross-site request forgery Naive deployments of JSON are subject to cross-site request forgery attacks (CSRF or XSRF). [4] Because the HTML <script> tag does not respect the same origin policy in web browser implementations, a malicious page can request and obtain JSON data belonging to another site. This will allow the JSON-encoded data to be evaluated in the context of the malicious page, possibly divulging passwords or other sensitive data if the user is currently logged into the other site. (Although the JSON data, as an object literal, would normally evaluate to a constant, and so not be visible to the attacker, by overriding the Array() prototype, the attacker can feed the JSON data through their own interceptor.) Cross-site request forgery, also known as one click attack or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a kind of malicious exploit of websites. ...
In computing, an HTML element indicates structure in an HTML document and a way of hierarchically arranging content. ...
In computing, the same origin policy is an important security measure for client-side scripting (mostly JavaScript). ...
In Computer Science, a literal is a notation for representing a fixed value in source code, eg string literal. ...
Most fixes for this class of attacks involve wrapping or otherwise altering the JSON-formatted data so that it can not be interpreted as valid JavaScript code. One such method is to wrap the JSON-formatted text, such as inside a multi-line JavaScript comment (/* ... */), and then to unwrap it before parsing it. If a <script> element were to reference the wrapped data, the JavaScript interpreter would not execute any of the JSON data. This will not work if the attack uses an <iframe> element, although such an attack should be prevented by the same origin policy. Alternatives include magic cookie methods (but not HTTP cookies, since these will be sent by the browser as usual). A supplementary fix is to set the web server to refuse to serve JSON when an HTTP referer other than a trusted site is provided; this could, however, cause problems with clients that have been configured to omit or spoof referrer information. IFRAME is a tag used in web page designing. ...
In computing, the same origin policy is an important security measure for client-side scripting (mostly JavaScript). ...
In computer programming, a magic cookie or cookie is a token or short packet of data passed between communicating programs, where the data is typically not meaningful to the recipient program. ...
This article is about the HTTP state mechanism. ...
The referer, or HTTP referer, identifies, from the point of view of an internet webpage or resource, the address of the webpage (commonly the URL, the more generic URI or the i18n updated IRI) of the resource which links to it. ...
Comparison with other formats
XML XML is often used to describe structured data and to serialize objects. Unlike JSON, however, which is simply a way to represent data structures, XML is a complete markup language. This makes XML significantly more complex than JSON, which is specifically designed as a data interchange format, not a markup language. A notably absent feature in JSON is the concept of format definition header commonly used in the XML specification for data validation. Both lack a rich (i.e., explicit) mechanism for representing large binary data types such as image data (although binary data can be stringified for both by converting to a base64 or similar representation). The Extensible Markup Language (XML) is a general-purpose markup language. ...
A specialized markup language using SGML is used to write the electronic version of the Oxford English Dictionary. ...
A blob is a collection of binary data stored as a single entity in a database management system. ...
A data type is a constraint placed upon the interpretation of data in a type system in computer programming. ...
YAML With the exception of comment strings, JSON is entirely[1] a subset of YAML. YAML offers the following syntax enrichments: YAML (Rhymes with camel) (IPA pronunciation: ) is a human-readable data serialization format that takes concepts from languages such as XML, C, Python, Perl, as well as the format for electronic mail as specified by RFC 2822. ...
- Blocks:>
- YAML's versatile block-indent syntax allows formatting of structured data in a manner visually uncluttered by quotations, escapes, commas,semicolons, braces and brackets, making it exceptionally human readable. Indeed, this very wiki-section is 100% well-formed YAML and resolves to hashmap collection with the indented text strings as the values.[5]
- Extensible:>
- YAML also offers a simple format for extensible data types beyond primitives (i.e beyond strings, floats, ints, bools) which can include class-type declarations.
- Relational:>
- Additionally, YAML offers syntax for relational data: rather than repeating identical data later in a document, a YAML document can refer to an anchor earlier in the file/stream.
- Security:>
- Because the YAML format is not associated with executable language syntax like JSON is to JavaScript, it enforces avoidance of the security pitfall of using a built-in interpreter to evaluate code into native data structures.
See also “AJAX†redirects here. ...
It has been suggested that Client-side JavaScript be merged into this article or section. ...
JSON-RPC is a remote procedure call protocol encoded in JSON. It is a very simple protocol (and very similar to XML-RPC), defining only a handful of data types and commands. ...
The JSON Markup Language (JsonML) is a lightweight markup language which is used as a mapping between XML and JSON (JavaScript Object Notation). ...
An S-expression (S stands for symbolic) is a convention for representing data or an expression in a computer program in a text form. ...
YAML (Rhymes with camel) (IPA pronunciation: ) is a human-readable data serialization format that takes concepts from languages such as XML, C, Python, Perl, as well as the format for electronic mail as specified by RFC 2822. ...
References
External links
Tutorials |
Feeds |
Contact