Content deleted Content added
→History: Add citation details for ECMA-404 (1st ed.), including current link. |
m Reverted edits by 217.165.235.224 (talk) (HG) (3.4.12) |
||
(25 intermediate revisions by 14 users not shown) | |||
Line 25:
== Naming and pronunciation ==
The 2017 [[international standard]] (ECMA-404 and ISO/IEC 21778:2017) specifies that "JSON" is "pronounced {{IPAc-en|ˈ|dʒ|eɪ|·|s|ə|n}}, as in '[[Jason]] and The [[Argonauts]]{{'"}}.<ref name=":0"/><ref name="ecma2017">{{cite web |url=https://ecma-international.org/publications-and-standards/standards/ecma-404/ |title=ECMA-404: The JSON Data Interchange Syntax |publisher=[[Ecma International]] |date=December 2017 |edition=2nd |access-date=2024-04-29 |page=iii, footnote |url-status=live |archive-url=https://web.archive.org/web/20191027160438/www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf |archive-date=2019-10-27 |ref=ecma2017}}</ref> The first (2013) edition of ECMA-404 did not address the pronunciation.<ref name="ecma2013" /> The ''UNIX and Linux System Administration Handbook'' states
== Standards ==
Line 34:
JSON grew out of a need for a real-time server-to-browser session communication protocol without using browser plugins such as [[Adobe Flash|Flash]] or [[Java (programming language)|Java]] applets, the dominant methods used in the early 2000s.<ref name = "Edu4java, 2014" >{{cite web | url = http://www.edu4java.com/en/java/unofficial-java-history.html | title = Unofficial Java History | access-date = 2019-08-30 | date = 2014-05-26 | website = Edu4Java | quote = In 1996, Macromedia launches Flash technology which occupies the space left by Java and ActiveX, becoming the de facto standard for animation on the client side. | archive-url = https://web.archive.org/web/20140526235903/http://www.edu4java.com/en/java/unofficial-java-history.html | archive-date = 2014-05-26 | df = dmy-all}}</ref>
Crockford first specified and popularized the JSON format.<ref name="saga"/> The acronym originated at State Software, a company
A precursor to the JSON libraries was used in a children's digital asset trading game project named [[Cartoon Orbit]] at Communities.com {{Citation needed|date=November 2022}} (the State
JSON was based on a [[subset]] of the [[JavaScript]] scripting language (specifically, Standard [[Ecma International|ECMA]]-262 3rd Edition—December 1999<ref>{{cite web | url = http://json.org | title = Introducing JSON | publisher = json.org |first=Douglas |last=Crockford |author-link=Douglas Crockford |date=May 28, 2009 |access-date=July 3, 2009 |quote=It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999.}}</ref>) and is commonly used with JavaScript, but it is a [[Language-independent specification|language-independent]] data format. Code for [[parsing]] and generating JSON data is readily available in many [[programming languages]]. JSON's website lists JSON [[language binding|libraries]] by language.
In October 2013, [[Ecma International]] published the first edition of its JSON standard ECMA-404.<ref name="ecma2013">{{cite web |date=October 2013 |edition=1st |title=ECMA-404: The JSON Data Interchange Format |url=https://ecma-international.org/publications-and-standards/standards/ecma-404/ |access-date=20 November 2023 |publisher=[[
Crockford added a clause to the JSON license stating
== Syntax ==
Line 94:
JSON's basic data types are:
* Number: a signed decimal number that may contain a fractional part and may use exponential [[E notation]]
* [[String (computer science)|String]]: a sequence of [[Empty string|zero]] or more [[Unicode]] characters. Strings are delimited with double quotation marks and support a backslash [[Escape character|escaping]] syntax.
* [[Boolean datatype|Boolean]]: either of the values <code>true</code> or <code>false</code>
* [[Array data structure|Array]]: an [[List (abstract data type)|ordered list]] of zero or more elements, each of which may be of any type. Arrays use [[square bracket]] notation with comma-separated elements.
* [[Object (computer science)|Object]]: a collection of [[Attribute–value pair|name–value pairs]] where the names (also called keys) are strings. The current ECMA standard states
* <code>[[Nullable type|null]]</code>: an empty value, using the word <code>null</code>
Line 105:
Early versions of JSON (such as specified by {{IETF RFC|4627}}) required that a valid JSON text must consist of only an object or an array type, which could contain other types within them. This restriction was dropped in {{IETF RFC|7158}}, where a JSON text was redefined as any serialized value.
Numbers in JSON are agnostic with regard to their representation within programming languages. While this allows for numbers of [[Arbitrary-precision arithmetic|arbitrary precision]] to be serialized, it may lead to portability issues. For example, since no differentiation is made between integer and floating-point values, some implementations may treat <code>42</code>, <code>42.0</code>, and <code>4.2E+1</code> as the same number, while others may not. The JSON standard makes no requirements regarding implementation details such as [[Arithmetic overflow|overflow]], [[Arithmetic underflow|underflow]], loss of precision, rounding, or [[signed zeros]], but it does recommend expecting no more than [[IEEE 754]] [[Double-precision floating-point format|binary64]] precision for "good interoperability". There is no inherent precision loss in serializing a machine-level binary representation of a floating-point number (like binary64) into a human-readable decimal representation (like numbers in JSON)
Comments were intentionally excluded from JSON. In 2012, Douglas Crockford described his design decision thus: "I removed comments from JSON because I saw people were using them to hold parsing directives, a practice which would have destroyed interoperability."<ref name=DouglasCrockfordComments>{{cite web |last=Crockford |first=Douglas |title=Comments in JSON |date=2012-04-30 |url=https://plus.google.com/+DouglasCrockfordEsq/posts/RK8qyGVaGSr |archive-url=https://archive.today/20150704102718/https://plus.google.com/+DouglasCrockfordEsq/posts/RK8qyGVaGSr |archive-date=2015-07-04 |url-status=dead |quote=I removed comments from JSON because I saw people were using them to hold parsing directives, a practice which would have destroyed interoperability. I know that the lack of comments makes some people sad, but it shouldn't. Suppose you are using JSON to keep configuration files, which you would like to annotate. Go ahead and insert all the comments you like. Then pipe it through [[Minification_(programming)#History|JSMin]] before handing it to your JSON parser. |access-date=2019-08-30 }}</ref>
Line 113:
== Interoperability ==
* Certain JSON implementations only accept JSON texts
* The specifications allow JSON objects
* The specifications specifically say that the order of members in JSON objects is not significant. For interoperability, applications should avoid assigning meaning to member ordering even if the parsing software makes that ordering visible.
* While the specifications place no limits on the magnitude or precisions of JSON number literals, the widely
* While the specifications do not constrain the character encoding of the Unicode characters in a JSON text, the vast majority of implementations assume [[UTF-8]] encoding; for interoperability, applications should always and only encode JSON messages in UTF-8.
* The specifications do not forbid transmitting byte sequences that
* The specification does not constrain how applications go about comparing Unicode strings. For interoperability, applications should always perform such comparisons code unit by code unit.
In 2015, the IETF published
=== Semantics ===
While JSON provides a syntactic framework for data interchange, unambiguous data interchange also requires agreement between producer and consumer on the semantics of specific use of the JSON syntax.<ref>{{
== Metadata and schema ==
The official [[MIME type]] for JSON text is <code>application/json</code>,<ref>{{cite web|url=https://www.iana.org/assignments/media-types/application/index.html|title=Media Types|work=iana.org|access-date=13 September 2015}}</ref> and most modern implementations have adopted this. Legacy MIME types include <code>text/json</code>, <code>text/x-json</code>, and <code>text/javascript</code>.<ref>{{Cite web |date=2023-01-13 |title=Correct Content-Type Header for JSON |url=https://reqbin.com/req/abghm4zf/json-content-type |access-date=2024-03-23 |website=ReqBin}}</ref>
''JSON Schema'' specifies a JSON-based format to define the structure of JSON data for validation, documentation, and interaction control. It provides a contract for the JSON data required by a given application
The JSON standard does not support object [[Reference (computer science)|references]], but an [[IETF]] draft standard for JSON-based object references exists.<ref>{{cite journal |last=Zyp |first=Kris |editor-last=Bryan |editor-first=Paul C. |title=JSON Reference: draft-pbryan-zyp-json-ref-03 |website=Internet Engineering Task Force |date=September 16, 2012|url=https://datatracker.ietf.org/doc/html/draft-pbryan-zyp-json-ref-03 }}</ref>
Line 139:
[[JSON-RPC]] is a [[remote procedure call]] (RPC) protocol built on JSON, as a replacement for [[XML-RPC]] or [[SOAP]]. It is a simple protocol that defines only a handful of data types and commands. JSON-RPC lets a system send notifications (information to the server that does not require a response) and multiple calls to the server that can be answered out of order.
[[Asynchronous JavaScript and JSON]] (or AJAJ) refers to the same [[dynamic web page]] methodology as [[Ajax (programming)|Ajax]], but instead of [[XML]], JSON is the data format. AJAJ is a web development technique that provides for the ability of a [[
JSON has seen [[ad hoc]] usage as a [[configuration file|configuration language]]. However, it does not support [[Comment (computer programming)|comments]].
Line 149:
==Safety==
JSON being a subset of JavaScript can lead to the misconception that it is safe to pass JSON texts to the JavaScript <code>[[eval]]()</code> function. This is not safe, due to certain valid JSON texts, specifically those containing {{unichar|2028|LINE SEPARATOR}} or {{unichar|2029|PARAGRAPH SEPARATOR}}, not being valid JavaScript code until JavaScript specifications were updated in 2019, and so older engines may not support it.<ref name="Magnus Holm">{{cite web|title=JSON: The JavaScript subset that isn't|url=http://timelessrepo.com/json-isnt-a-javascript-subset|publisher=Magnus Holm|access-date=16 May 2011|archive-date=May 13, 2012|archive-url=https://web.archive.org/web/20120513012409/http://timelessrepo.com/json-isnt-a-javascript-subset|url-status=dead}}</ref> To avoid the many pitfalls caused by executing arbitrary code from the Internet, a new function, {{code|lang=javascript|code=JSON.parse()}}, was first added to the fifth edition of ECMAScript,<ref>{{cite web|url=https://ecma-international.org/publications-and-standards/standards/ecma-262/|title=ECMA-262: ECMAScript Language Specification |edition=5th |date=December 2009|access-date=March 18, 2011|archive-url=https://web.archive.org/web/20110414214458/http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-262.pdf|archive-date=April 14, 2011|url-status=live|df=mdy-all}}</ref> which as of 2017 is supported by all major browsers. For non-supported browsers, an API-compatible JavaScript library is provided by [[Douglas Crockford]].<ref>{{cite web|url=https://github.com/douglascrockford/JSON-js/blob/master/json2.js|title=douglascrockford/JSON-js|website=GitHub|date=2019-08-13}}</ref> In addition, the TC39 proposal [https://github.com/tc39/proposal-json-superset "Subsume JSON"] made [[ECMAScript]] a strict JSON superset as of the language's 2019 revision.<ref name=ECMATC39>{{cite web |title=Subsume JSON: Proposal to make all JSON text valid ECMA-262 |url=https://tc39.es/proposal-json-superset/ |publisher=Ecma TC39 |access-date=27 August 2019 |date=23 August 2019}}</ref><ref name=ECMATC39Stage4>{{cite web |title=Advance to Stage 4 - tc39/proposal-json-superset |url=https://github.com/tc39/proposal-json-superset/commit/0604b6083e18fe033a1520388b8c6146bcd79e23|website=GitHub|date=May 22, 2018}}</ref>
Various JSON parser implementations have suffered from [[denial-of-service attack]] and [[mass assignment vulnerability]].<ref>{{cite web | url=https://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/ | title=Denial of Service and Unsafe Object Creation Vulnerability in JSON (CVE-2013-0269) | access-date=January 5, 2016}}</ref><ref>{{cite web | url=http://tools.cisco.com/security/center/viewAlert.x?alertId=31048 | title=Microsoft .NET Framework JSON Content Processing Denial of Service Vulnerability | archive-url=https://web.archive.org/web/20181106233952/http://tools.cisco.com/security/center/viewAlert.x?alertId=31048 | access-date=January 5, 2016| archive-date=November 6, 2018 }}</ref>
|