JSON: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 19:57, 5 May 2024 edit W.andrea (talk \| contribs) Extended confirmed users 4,325 edits →‎History: Add citation details for ECMA-404 (1st ed.), including current link. ← Previous edit		Latest revision as of 11:04, 14 June 2024 edit undo Ae245 (talk \| contribs) Extended confirmed users, Rollbackers 6,671 edits m Reverted edits by 217.165.235.224 (talk) (HG) (3.4.12) Tags: Huggle Rollback
(25 intermediate revisions by 14 users not shown)
Line 25: == Naming and pronunciation == The 2017 [[international standard]] (ECMA-404 and ISO/IEC 21778:2017) specifies that "JSON" is "pronounced {{IPAc-en\|ˈ\|dʒ\|eɪ\|·\|s\|ə\|n}}, as in '[[Jason]] and The [[Argonauts]]{{'"}}.<ref name=":0"/><ref name="ecma2017">{{cite web \|url=https://ecma-international.org/publications-and-standards/standards/ecma-404/ \|title=ECMA-404: The JSON Data Interchange Syntax \|publisher=[[Ecma International]] \|date=December 2017 \|edition=2nd \|access-date=2024-04-29 \|page=iii, footnote \|url-status=live \|archive-url=https://web.archive.org/web/20191027160438/www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf \|archive-date=2019-10-27 \|ref=ecma2017}}</ref> The first (2013) edition of ECMA-404 did not address the pronunciation.<ref name="ecma2013" /> The ''UNIX and Linux System Administration Handbook'' states ~~that~~, "[[Douglas Crockford]], who named and promoted the JSON format, says it's pronounced like the name Jason. But somehow, 'JAY-sawn'{{efn\|{{IPAc-en\|ˈ\|dʒ\|eɪ\|ˌ\|s\|ɒ\|n}}, assuming the [[cot-caught merger]]}} seems to have become more common in the technical community."<ref>{{cite book \|last1=Nemeth \|first1=Evi \|last2=Snyder \|first2=Garth \|last3=Hein \|first3=Trent R. \|last4=Whaley \|first4=Ben \|last5=Mackin \|first5=Dan \|title=UNIX and Linux System Administration Handbook \|date=2017 \|publisher=Addison-Wesley Professional \|isbn=9780134278292 \|edition=5th \|chapter-url=https://books.google.com/books?id=f7M1DwAAQBAJ&pg=PT1125 \|access-date=29 October 2019 \|language=en \|chapter=19: Web Hosting}}</ref> Crockford said in 2011, "There's a lot of argument about how you pronounce that, but I strictly don't care."<ref name="saga"/> == Standards == Line 34: JSON grew out of a need for a real-time server-to-browser session communication protocol without using browser plugins such as [[Adobe Flash\|Flash]] or [[Java (programming language)\|Java]] applets, the dominant methods used in the early 2000s.<ref name = "Edu4java, 2014" >{{cite web \| url = http://www.edu4java.com/en/java/unofficial-java-history.html \| title = Unofficial Java History \| access-date = 2019-08-30 \| date = 2014-05-26 \| website = Edu4Java \| quote = In 1996, Macromedia launches Flash technology which occupies the space left by Java and ActiveX, becoming the de facto standard for animation on the client side. \| archive-url = https://web.archive.org/web/20140526235903/http://www.edu4java.com/en/java/unofficial-java-history.html \| archive-date = 2014-05-26 \| df = dmy-all}}</ref> Crockford first specified and popularized the JSON format.<ref name="saga"/> The acronym originated at State Software, a company ~~co-founded~~cofounded by Crockford and others in March 2001. The ~~co-founders~~cofounders agreed to build a system that used standard browser capabilities and provided an [[abstraction layer]] for Web developers to create stateful Web applications that had a persistent duplex connection to a Web server by holding two [[Hypertext Transfer Protocol]] (HTTP) connections open and recycling them before standard browser time-outs if no further data were exchanged. The ~~co-founders~~cofounders had a round-table discussion and voted on whether to call the data format JSML (JavaScript Markup Language) or JSON (JavaScript Object Notation), as well as under what [[Software license\|license]] type to make it available. The JSON.org<ref>{{cite web\|url=http://json.org/\|title=JSON\|website=json.org}}</ref> website was launched in 2001. In December 2005, [[Yahoo!]] began offering some of its [[Web service]]s in JSON.<ref name="yahoo">{{cite web \|url= http://developer.yahoo.com/common/json.html \|title= Using JSON with Yahoo! Web services \|author= Yahoo! \|access-date= July 3, 2009 \| archive-url = https://web.archive.org/web/20071011085815/http://developer.yahoo.com/common/json.html \|archive-date= October 11, 2007 }}</ref> A precursor to the JSON libraries was used in a children's digital asset trading game project named [[Cartoon Orbit]] at Communities.com {{Citation needed\|date=November 2022}} (the State ~~co-founders~~cofounders had all worked at this company previously) for Cartoon Network {{Citation needed\|date=November 2022}}, which used a browser side plug-in with a proprietary messaging format to manipulate [[Dynamic HTML\|DHTML]] elements (this system is also owned by 3DO {{Citation needed\|date=November 2022}}). Upon discovery of early [[Ajax (programming)\|Ajax]] capabilities, digiGroups, Noosh, and others used frames to pass information into the user browsers' visual field without refreshing a Web application's visual context, realizing real-time rich Web applications using only the standard HTTP, HTML, and JavaScript capabilities of Netscape 4.0.5+ and IEInternet Explorer 5+. Crockford then found that JavaScript could be used as an object-based messaging format for such a system. The system was sold to [[Sun Microsystems]], [[Amazon.com]], and [[Electronic Data Systems\|EDS]]. JSON was based on a [[subset]] of the [[JavaScript]] scripting language (specifically, Standard [[Ecma International\|ECMA]]-262 3rd Edition—December 1999<ref>{{cite web \| url = http://json.org \| title = Introducing JSON \| publisher = json.org \|first=Douglas \|last=Crockford \|author-link=Douglas Crockford \|date=May 28, 2009 \|access-date=July 3, 2009 \|quote=It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999.}}</ref>) and is commonly used with JavaScript, but it is a [[Language-independent specification\|language-independent]] data format. Code for [[parsing]] and generating JSON data is readily available in many [[programming languages]]. JSON's website lists JSON [[language binding\|libraries]] by language. In October 2013, [[Ecma International]] published the first edition of its JSON standard ECMA-404.<ref name="ecma2013">{{cite web \|date=October 2013 \|edition=1st \|title=ECMA-404: The JSON Data Interchange Format \|url=https://ecma-international.org/publications-and-standards/standards/ecma-404/ \|access-date=20 November 2023 \|publisher=[[~~ECMA~~Ecma International]] \|language=en \|archive-url=https://web.archive.org/web/20131101200049/www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf \|archive-date=2013-11-01 \|url-status=live}}</ref> That same year, {{IETF RFC\|7158}} used ECMA-404 as a reference. In 2014, {{IETF RFC\|7159}} became the main reference for JSON's Internet uses, superseding {{IETF RFC\|4627}} and {{IETF RFC\|7158}} (but preserving ECMA-262 and ECMA-404 as main references). In November 2017, [[ISO/IEC JTC 1/SC 22]] published ISO/IEC 21778:2017<ref name=":0" /> as an international standard. On 13 December 13, 2017, the [[Internet Engineering Task Force]] obsoleted {{IETF RFC\|7159}} when it published {{IETF RFC\|8259}}, which is the current version of the [[Internet Standard]] STD 90.<ref>{{cite journal \|url=https://datatracker.ietf.org/doc/rfc8259/history/ \|title=History for draft-ietf-jsonbis-rfc7159bis-04 \|website=IETF Datatracker \|date=December 2017 \|publisher=Internet Engineering Task Force \|access-date=2019-10-24 \|quote=2017-12-13 [...] RFC published \|last1=Bray \|first1=Tim }}</ref><ref>{{cite journal \| url = https://datatracker.ietf.org/doc/rfc8259/ \|title=RFC 8259 - The JavaScript Object Notation (JSON) Data Interchange Format \|website=IETF Datatracker \|date=December 13, 2017 \|publisher=Internet Engineering Task Force \|access-date=2019-10-24 \|quote=Type: RFC - Internet Standard (December 2017; Errata); Obsoletes RFC 7159; Also known as STD 90 \|last1=Bray \|first1=Tim }}</ref> Crockford added a clause to the JSON license stating ~~that~~, "The Software shall be used for Good, not Evil", in order to [[Open-source model\|open-source]] the JSON libraries while mocking corporate lawyers and those who are overly pedantic. On the other hand, this clause led to [[license compatibility]] problems of the JSON license with other [[open-source license]]s, assince [[open-source software]] and [[free software]] usually imply no restrictions on the purpose of use.<ref>"[https://lwn.net/Articles/707510/ Apache and the JSON license]" on LWN.net by Jake Edge (November 30, 2016).</ref> == Syntax == Line 94: JSON's basic data types are: * Number: a signed decimal number that may contain a fractional part and may use exponential [[E notation]], but cannot include non-numbers such as [[NaN]]. The format makes no distinction between integer and floating-point. JavaScript uses [[IEEE 754\|IEEE-754]] [[double-precision floating-point format]] for all its numeric values (later also supporting [[Arbitrary-precision arithmetic\|BigInt]]<ref>{{cite web \|title=BigInt - MDN Web doc glossary \|url=https://developer.mozilla.org/en-US/docs/Glossary/BigInt \|website=Mozilla \|access-date=18 October 2020}}</ref>), but other languages implementing JSON may encode numbers differently. * [[String (computer science)\|String]]: a sequence of [[Empty string\|zero]] or more [[Unicode]] characters. Strings are delimited with double quotation marks and support a backslash [[Escape character\|escaping]] syntax. * [[Boolean datatype\|Boolean]]: either of the values <code>true</code> or <code>false</code> * [[Array data structure\|Array]]: an [[List (abstract data type)\|ordered list]] of zero or more elements, each of which may be of any type. Arrays use [[square bracket]] notation with comma-separated elements. * [[Object (computer science)\|Object]]: a collection of [[Attribute–value pair\|name–value pairs]] where the names (also called keys) are strings. The current ECMA standard states:, "The JSON syntax does not impose any restrictions on the strings used as names, does not require that name strings be unique, and does not assign any significance to the ordering of name/value pairs."<ref>{{~~Cite book~~harvnb\|~~url~~ref=~~https://www.ecma-international.org/publications/files/ECMA-ST/~~ecma2017\|ECMA-404~~.pdf#page=11\|title=The~~, ~~JSON~~2nd ~~Data Interchange Syntax\|date=December 2017\|publisher=[[Ecma International]]\|edition=2nd~~ed.\|page=3~~\|quote=~~}}: "The JSON syntax does not impose any restrictions on the strings used as names, does not require that name strings be unique, and does not assign any significance to the ordering of name/value pairs.}}"</ref> Objects are delimited with [[Braces (punctuation)#Braces\|curly brackets]] and use commas to separate each pair, while within each pair, the colon ':' character separates the key or name from its value. * <code>[[Nullable type\|null]]</code>: an empty value, using the word <code>null</code> Line 105: Early versions of JSON (such as specified by {{IETF RFC\|4627}}) required that a valid JSON text must consist of only an object or an array type, which could contain other types within them. This restriction was dropped in {{IETF RFC\|7158}}, where a JSON text was redefined as any serialized value. Numbers in JSON are agnostic with regard to their representation within programming languages. While this allows for numbers of [[Arbitrary-precision arithmetic\|arbitrary precision]] to be serialized, it may lead to portability issues. For example, since no differentiation is made between integer and floating-point values, some implementations may treat <code>42</code>, <code>42.0</code>, and <code>4.2E+1</code> as the same number, while others may not. The JSON standard makes no requirements regarding implementation details such as [[Arithmetic overflow\|overflow]], [[Arithmetic underflow\|underflow]], loss of precision, rounding, or [[signed zeros]], but it does recommend expecting no more than [[IEEE 754]] [[Double-precision floating-point format\|binary64]] precision for "good interoperability". There is no inherent precision loss in serializing a machine-level binary representation of a floating-point number (like binary64) into a human-readable decimal representation (like numbers in JSON), and back, since there exist published algorithms to do this exactly and optimally.<ref>{{cite web \| url=https://cseweb.ucsd.edu/~mandrysc/pub/dtoa.pdf \| title=Printing Floating-Point Numbers - An Always Correct Method \| last1=Andrysco \| first1=Marc \| last2=Jhala \| first2=Ranjit \| last3=Lerner \| first3=Sorin \|access-date=2019-07-27}}</ref> Comments were intentionally excluded from JSON. In 2012, Douglas Crockford described his design decision thus: "I removed comments from JSON because I saw people were using them to hold parsing directives, a practice which would have destroyed interoperability."<ref name=DouglasCrockfordComments>{{cite web \|last=Crockford \|first=Douglas \|title=Comments in JSON \|date=2012-04-30 \|url=https://plus.google.com/+DouglasCrockfordEsq/posts/RK8qyGVaGSr \|archive-url=https://archive.today/20150704102718/https://plus.google.com/+DouglasCrockfordEsq/posts/RK8qyGVaGSr \|archive-date=2015-07-04 \|url-status=dead \|quote=I removed comments from JSON because I saw people were using them to hold parsing directives, a practice which would have destroyed interoperability. I know that the lack of comments makes some people sad, but it shouldn't. Suppose you are using JSON to keep configuration files, which you would like to annotate. Go ahead and insert all the comments you like. Then pipe it through [[Minification_(programming)#History\|JSMin]] before handing it to your JSON parser. \|access-date=2019-08-30 }}</ref> Line 113: == Interoperability == ~~[https://www.rfc-editor.org/rfc/rfc8259.html~~{{IETF RFC \|8259]}} describes certain aspects of JSON syntax ~~which~~that, while legal per the specifications, can cause interoperability problems. * Certain JSON implementations only accept JSON texts ~~which represent~~representing an object or an array. For interoperability, applications interchanging JSON should transmit messages ~~which~~that are objects or arrays. * The specifications allow JSON objects ~~which~~that contain multiple members with the same name. The behavior of implementations processing objects with duplicate names is unpredictable. For interoperability, applications should avoid duplicate names when transmitting JSON objects. * The specifications specifically say that the order of members in JSON objects is not significant. For interoperability, applications should avoid assigning meaning to member ordering even if the parsing software makes that ordering visible. * While the specifications place no limits on the magnitude or precisions of JSON number literals, the widely- used JavaScript implementation stores them as IEEE754 "binary64" quantities. For interoperability, applications should avoid transmitting numbers ~~which~~that cannot be represented in this way, for example, 1E400 or 3.141592653589793238462643383279. * While the specifications do not constrain the character encoding of the Unicode characters in a JSON text, the vast majority of implementations assume [[UTF-8]] encoding; for interoperability, applications should always and only encode JSON messages in UTF-8. * The specifications do not forbid transmitting byte sequences that ~~do not correctly~~incorrectly represent Unicode characters. For interoperability, applications should transmit messages containing no such byte sequences. * The specification does not constrain how applications go about comparing Unicode strings. For interoperability, applications should always perform such comparisons code unit by code unit. In 2015, the IETF published ~~[https://www.rfc-editor.org/rfc/rfc7493.html~~{{IETF ~~RFC7493]~~RFC\|7493}}, describing the "I-JSON Message Format", a restricted profile of JSON ~~which~~that constrains the syntax and processing of JSON to avoid, as much as possible, these interoperability issues. === Semantics === While JSON provides a syntactic framework for data interchange, unambiguous data interchange also requires agreement between producer and consumer on the semantics of specific use of the JSON syntax.<ref>{{~~cite web~~ harvnb\|~~date~~ref=~~December 2017~~ ecma2017\|~~title=The JSON Data Interchange Syntax \|url=https://www.ecma-international.org/wp-content/uploads/~~ECMA-~~404_2nd_edition_december_2017.pdf~~404, ~~\|access-date=27 October 2019~~2nd ed.\|~~publisher~~p=~~Ecma~~iii}}: ~~International \|quote=~~"The JSON syntax is not a specification of a complete data interchange. Meaningful data interchange requires agreement between a producer and consumer on the semantics attached to a particular use of the JSON syntax. What JSON does provide is the syntactic framework to which such semantics can be attached}}"</ref> One example of where such an agreement is necessary is the serialization of data types that are not part of the JSON standard, for example, dates and [[Regular expression\|regular expressions]]. == Metadata and schema == The official [[MIME type]] for JSON text is <code>application/json</code>,<ref>{{cite web\|url=https://www.iana.org/assignments/media-types/application/index.html\|title=Media Types\|work=iana.org\|access-date=13 September 2015}}</ref> and most modern implementations have adopted this. Legacy MIME types include <code>text/json</code>, <code>text/x-json</code>, and <code>text/javascript</code>.<ref>{{Cite web \|date=2023-01-13 \|title=Correct Content-Type Header for JSON \|url=https://reqbin.com/req/abghm4zf/json-content-type \|access-date=2024-03-23 \|website=ReqBin}}</ref> ''JSON Schema'' specifies a JSON-based format to define the structure of JSON data for validation, documentation, and interaction control. It provides a contract for the JSON data required by a given application, and how that data can be modified.<ref>{{cite web\|url=https://json-schema.org//\|title=JSON Schema and Hyper-Schema\|work=json-schema.org\|access-date=8 June 2021}}</ref> JSON Schema is based on the concepts from [[XML Schema (W3C)\|XML Schema]] (XSD) but is JSON-based. As in XSD, the same serialization/deserialization tools can be used both for the schema and data, and it is self-describing. It is specified in an [[Internet Draft]] at the IETF, with the latest version as of 2024 being "Draft 2020-12".<ref>{{Cite web \|title=JSON Schema - Specification Links \|url=https://json-schema.org/specification-links \|access-date=2024-03-22 \|website=json-schema.org}}</ref> There are several validators available for different programming languages,<ref>{{cite web\|url=https://json-schema.org/implementations.html\|title=JSON Schema Implementations\|work=json-schema.org\|access-date=8 June 2021}}</ref> each with varying levels of conformance. The standard filename extension is .json.<ref>{{cite journal \|url=https://datatracker.ietf.org/doc/html/rfc8259#section-11 \|title=11. IANA Considerations \|journal=RFC 8259: The JavaScript Object Notation (JSON) Data Interchange Format \|date=December 2017 \|publisher=[[IETF]] \|last1=Bray \|first1=Tim \|editor-first1=T. \|editor-last1=Bray \|doi=10.17487/RFC8259 \|s2cid=263868313 }}</ref> The JSON standard does not support object [[Reference (computer science)\|references]], but an [[IETF]] draft standard for JSON-based object references exists.<ref>{{cite journal \|last=Zyp \|first=Kris \|editor-last=Bryan \|editor-first=Paul C. \|title=JSON Reference: draft-pbryan-zyp-json-ref-03 \|website=Internet Engineering Task Force \|date=September 16, 2012\|url=https://datatracker.ietf.org/doc/html/draft-pbryan-zyp-json-ref-03 }}</ref> Line 139: [[JSON-RPC]] is a [[remote procedure call]] (RPC) protocol built on JSON, as a replacement for [[XML-RPC]] or [[SOAP]]. It is a simple protocol that defines only a handful of data types and commands. JSON-RPC lets a system send notifications (information to the server that does not require a response) and multiple calls to the server that can be answered out of order. [[Asynchronous JavaScript and JSON]] (or AJAJ) refers to the same [[dynamic web page]] methodology as [[Ajax (programming)\|Ajax]], but instead of [[XML]], JSON is the data format. AJAJ is a web development technique that provides for the ability of a [[~~webpage~~web page]] to request new data after it has loaded into the [[web browser]]. Typically, it renders new data from the server in response to user actions on that ~~webpage~~web page. For example, what the user types into a [[Text box\|search box]], [[Client-side scripting\|client-side code]] then sends to the server, which immediately responds with a [[drop-down list]] of matching [[database]] items. JSON has seen [[ad hoc]] usage as a [[configuration file\|configuration language]]. However, it does not support [[Comment (computer programming)\|comments]]. Line 149: ==Safety== JSON being a subset of JavaScript can lead to the misconception that it is safe to pass JSON texts to the JavaScript <code>[[eval]]()</code> function. This is not safe, due to certain valid JSON texts, specifically those containing {{unichar\|2028\|LINE SEPARATOR}} or {{unichar\|2029\|PARAGRAPH SEPARATOR}}, not being valid JavaScript code until JavaScript specifications were updated in 2019, and so older engines may not support it.<ref name="Magnus Holm">{{cite web\|title=JSON: The JavaScript subset that isn't\|url=http://timelessrepo.com/json-isnt-a-javascript-subset\|publisher=Magnus Holm\|access-date=16 May 2011\|archive-date=May 13, 2012\|archive-url=https://web.archive.org/web/20120513012409/http://timelessrepo.com/json-isnt-a-javascript-subset\|url-status=dead}}</ref> To avoid the many pitfalls caused by executing arbitrary code from the Internet, a new function, {{code\|lang=javascript\|code=JSON.parse()}}, was first added to the fifth edition of ECMAScript,<ref>{{cite web\|url=https://ecma-international.org/publications-and-standards/standards/ecma-262/\|title=ECMA-262: ECMAScript Language Specification \|edition=5th \|date=December 2009\|access-date=March 18, 2011\|archive-url=https://web.archive.org/web/20110414214458/http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-262.pdf\|archive-date=April 14, 2011\|url-status=live\|df=mdy-all}}</ref> which as of 2017 is supported by all major browsers. For non-supported browsers, an API-compatible JavaScript library is provided by [[Douglas Crockford]].<ref>{{cite web\|url=https://github.com/douglascrockford/JSON-js/blob/master/json2.js\|title=douglascrockford/JSON-js\|website=GitHub\|date=2019-08-13}}</ref> In addition, the TC39 proposal [https://github.com/tc39/proposal-json-superset "Subsume JSON"] made [[ECMAScript]] a strict JSON superset as of the language's 2019 revision.<ref name=ECMATC39>{{cite web \|title=Subsume JSON: Proposal to make all JSON text valid ECMA-262 \|url=https://tc39.es/proposal-json-superset/ \|publisher=Ecma TC39 \|access-date=27 August 2019 \|date=23 August 2019}}</ref><ref name=ECMATC39Stage4>{{cite web \|title=Advance to Stage 4 - tc39/proposal-json-superset \|url=https://github.com/tc39/proposal-json-superset/commit/0604b6083e18fe033a1520388b8c6146bcd79e23\|website=GitHub\|date=May 22, 2018}}</ref> Various JSON parser implementations have suffered from [[denial-of-service attack]] and [[mass assignment vulnerability]].<ref>{{cite web \| url=https://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/ \| title=Denial of Service and Unsafe Object Creation Vulnerability in JSON (CVE-2013-0269) \| access-date=January 5, 2016}}</ref><ref>{{cite web \| url=http://tools.cisco.com/security/center/viewAlert.x?alertId=31048 \| title=Microsoft .NET Framework JSON Content Processing Denial of Service Vulnerability \| archive-url=https://web.archive.org/web/20181106233952/http://tools.cisco.com/security/center/viewAlert.x?alertId=31048 \| access-date=January 5, 2016\| archive-date=November 6, 2018 }}</ref>