infobox file format
mime = application/json
extension = .json
genre = Data interchange
standard = RFC 4627
computerdata interchange format. It is a text-based, human-readable format for representing simple data structures and associative arrays (called objects).
The JSON format is specified in RFC 4627 by
Douglas Crockford. The official Internet media typefor JSON is
application/json. The JSON file extension is
The JSON format is often used for transmitting structured data over a network connection in a process called
serialization.Its main application is in Ajax web application programming, where it serves as an alternative to the use of the XMLformat.
Although JSON was based on a subset of the
url = http://json.org | title = Introducing JSON | publisher = json.org ] ) and is commonly used with that language, it is considered to be a language-independent data format. Code for parsing and generating JSON data is readily available for a large variety of
programming languages. The [http://json.org/ json.org] website provides a comprehensive listing of existing JSON bindings, organized by language.
In December 2005, Yahoo! began offering some of its
web services optionally in JSON.cite web|url=http://developer.yahoo.net/common/json.html|title=Using JSON with Yahoo! Web services|author=Yahoo!] Google started offering JSON feeds for its GDataweb protocol in December 2006.cite web|url=http://code.google.com/apis/gdata/json.html|title=Using JSON with Google Data APIs|author=Google]
Data types, syntax and example
JSON's basic types are:
* Number (integer, real, or
* String (double-quoted
Unicodewith backslash escaping)
* Boolean (
Array(an ordered sequence of values, comma-separated and enclosed in square brackets)
* Object (collection of key:value pairs, comma-separated and enclosed in
The following example shows the JSON representation of an object that describes a person. The object has string fields for first name and last name, contains an object representing the person's address, and contains a list of phone numbers (an array).
object literalnotation, one can then recreate the object describing John Smith with a simple
and the fields
p.phoneNumbers etc. are then accessible. The
eval()should only be used to parse JSON if the source of the JSON-formatted text is completely trusted; the execution of untrusted code is obviously dangerous. JSON parsers are available to process JSON input from less trusted sources.
There are several ways to verify the structure and data types inside a JSON object, much like an XML schema. JSON Schema is a specification for a JSON-based format for defining the structure of JSON data. JSON Schema provides a contract for what JSON data is required for a given application and how it can be modified, much like what XML Schema provides for XML. JSON Schema is intended to provide validation, documentation, and interaction control of JSON data. JSON Schema is based on the concepts from XML Schema, RelaxNG, and Kwalify, but is intended to be JSON-based, so that JSON data in the form of a schema can be used to validate JSON data, the same serialization/deserialization tools can be used for the schema and data, and it can be self descriptive. cite web|url=http://www.json.com/json-schema-proposal/|title=JSON Schema Proposal |author=Json.Com
Using JSON in Ajax
XMLHttpRequestto request an object in JSON format from the server. (The server-side programming is omitted; it has to be set up to respond to requests at
urlwith a JSON-formatted string.)
Note that the use of
XMLHttpRequestin this example is not cross-browsercompatible; syntactic variations are available for Internet Explorer, Opera, Safari, and Mozilla-based browsers. The usefulness of XMLHttpRequest is limited by the same origin policy: the URL replying to the request must reside within the same DNS domain as the server that hosts the page containing the request. Alternatively, the JSONPapproach incorporates the use of an encoded callback function passed between the client and server to allow the client to load JSON-encoded data from third-party domains and to notify the caller function upon completion, although this imposes some security risks and additional requirements upon the server.
Browsers can also use
<elements to asynchronously request JSON data in a
iframe> cross-browserfashion, or use simple
<form action="url_to_cgi_script" target="name_of_hidden_iframe">submissions. These approaches were prevalent prior to the advent of widespread support for XMLHttpRequest.
<script>tags can also be used to transport JSON data. With this technique it is possible to get around the overly restrictive
same origin policybut it is insecure. [http://json.org/JSONRequest.html JSONRequest] has been proposed as a safer alternative.
JSON and PHP
As of version 5.2, PHP provides the "json_encode" function to encode JSON strings. The following code shows how to return a JSON format from the server:
It is also possible to easily convert AJAX PHP scripts that return HTML to return JSON format response using PHP's "ob_XXX" functions like so:
code injectionattacks; unless some additional means is used to validate the data first. Regular expressions are sometimes used to perform this check prior to invoking
eval. Also, such breaches of trust may create vulnerabilities for
data theft, authentication forgery, and other potential misuse of data and resources. The RFCthat defines JSON [http://www.ietf.org/rfc/rfc4627.txt?number=4627] suggests using the following code to validate JSON before eval'ing it (the variable 'text' is the input JSON):
A new function,
parseJSON(), has been proposed as a safer alternative to
Cross-site request forgery
Naïve deployments of JSON are subject to
cross-site request forgeryattacks (CSRF or XSRF). [ [http://jeremiahgrossman.blogspot.com/2006/01/advanced-web-attack-techniques-using.html Advanced Web Attack Techniques using GMail] – Jeremiah Grossman, WhiteHat Security] Because the HTML
<script>tag does not respect the
same origin policyin web browser implementations, a malicious page can request and obtain JSON data belonging to another site. This will allow the JSON-encoded data to be evaluated in the context of the malicious page, possibly divulging passwords or other sensitive data if the user is currently logged into the other site.
cross-site request forgery.
Comparison with other formats
XMLis often used to describe structured data and to serialize objects. Various XML-based protocols exist to represent the same kind of data structures as JSON for the same kind of data interchange purposes. But because they use XML, which is a general purpose markup language, they are arguably more complex than JSON, which represents data structures in simple text in a form specifically designed for data interchange. Both lack a rich (i.e., explicit) mechanism for representing large binary data types such as image data (although binary data can be "stringified" for both by converting to a base64or similar representation).
Both functionally and syntactically, JSON is effectively a subset of
YAML. Notably, the most widespread YAML library also parses JSON. [ [http://redhanded.hobix.com/inspect/yamlIsJson.html YAML is JSON] , RedHanded, 08 Apr 2005.] Strictly speaking, the syntax is not quite a perfect subset, primarily because YAML lacks native handling of some extended character sets allowed in JSON (e.g. unicode like UTF-32) and requires comma separators to be followed by a space. The most distinguishing point of comparison is that YAML offers the following syntax enrichments which have no corresponding expression in JSON:;Relational :::YAML offers syntax for relational data: rather than repeating identical data later in a document, a YAML document can refer to an anchor earlier in the file/stream. Recursive structures (for example, an array containing itself) can be expressed this way. [For example, a film data base might list actors (and their attributes) under a Movie's cast, and also list Movies (and their attributes) under an Actor's portfolio.] ;Extensible :::YAML also offers extensible data types beyond primitives (i.e beyond strings, floats, ints, bools) which can include class-type declarations or Unicode types.;Blocks :::YAML uses a block-indent syntax to allow formatting of structured data without use of additional characters (ie: braces, brackets, quotation marks, etc.). [Besides giving YAML a different appearance than JSON, This block-indent device permits the encapuslation of text from other markup languages or even JSON in the other languages native literal style and without escaping of colliding sigils.]
JSONP or "JSON with padding" is a JSON extension wherein the name of a callback function is specified as an input argument of the call itself. The original proposition appears to have been made in the MacPython blog in 2005 [cite web|url=http://bob.pythonmac.org/archives/2005/12/05/remote-json-jsonp/ |title=from __future__ import * » Remote JSON - JSONP |publisher=Bob.pythonmac.org |date= |accessdate=2008-09-08] and is now used by many
Web 2.0applications such as Dojo ToolkitApplications or Google Toolkit Applications [http://www.gwtapps.com/?p=42] . Further extensions of this protocol have been proposed by considering additional input arguments as, for example, is the case of JSONPP [http://sites.google.com/a/s3db.org/s3db/documentation/mis/json-jsonp-jsonpp] supported by S3DBweb services.
Because JSONP makes use of script tags, calls are essentially open to the world. For that reason, JSONP may be inappropriate to carry sensitive data.cite web|url=http://www.riaspot.com/blogs/entry/JSONP-for-Cross-Site-XHR|title=JSON P for Cross Site XHR |author=RIAspot]
* [http://www.json.org Format home page]
* RFC 4627, current formal JSON specification.
* [http://redhanded.hobix.com/inspect/yamlIsJson.html Relationship between JSON and YAML]
* [http://blogs.sun.com/bblfish/entry/the_limitations_of_json The Limitations of JSON]
* [http://msdn.microsoft.com/en-us/library/bb299886.aspx JSON-Introduction By Microsoft]
Wikimedia Foundation. 2010.
Look at other dictionaries:
JSON-RPC — is a remote procedure call protocol encoded in JSON. It is a very simple protocol (and very similar to XML RPC), defining only a handful of data types and commands. In contrast to XML RPC or SOAP, it allows for bidirectional communication between … Wikipedia