JSON (i.e., "Jason"), short for JavaScript Object Notation, is a lightweight computer
Computer
A computer is a machine that manipulates Data according to a list of Code .The first devices that resemble modern computers date to the mid-20th century , although the computer concept and various machines similar to computers existed earlier.... data interchange format. It is a text-based, human-readable format for representing simple data structure
Data structure
A data structure in computer science is a way of storing data in a computer so that it can be used efficiently. It is an organization of mathematical and logical concepts of data.... s and associative array
Associative array
An associative array is an abstract data type composed of a Collection of unique keys and a collection of values, where each key is associated with one value .... s (called objects).
Douglas Crockford is a senior JavaScript Architect at Yahoo! He is well known for his work in introducing JSON . He has also worked on the computerization of media at Atari, Lucasfilm, and Paramount Pictures.... . The official Internet media type
Internet media type
An Internet media type, originally called a MIME type after MIME and sometimes a Content-type after the name of a header in several protocols whose value is such a type, is a two-part identifier for file formats on the Internet.... for JSON is application/json. The JSON file extension is .json.
The JSON format is often used for transmitting structured data over a network connection in a process called serialization
Serialization
In computer science, in the context of data storage and transmission, serialization is the process of converting an object into a sequence of bits so that it can be stored on a storage medium or transmitted across a computer network connection link.... .
Its main application is in Ajax
Ajax (programming)
Ajax, or AJAX , is a group of interrelated web development techniques used to create interactive web applications or rich Internet applications.... web application programming, where it serves as an alternative to the use of the XML format.
Although JSON was based on a subset of the JavaScript
JavaScript
JavaScript is a scripting language widely used for client-side web development. It was the originating Programming language dialect of the ECMAScript standard.... programming language
(specifically, Standard ECMA
Ecma International
'Ecma International' is an international, private non-profit standards organization for information and communication systems. It acquired its name in 1994, when the European Computer Manufacturers Association changed its name to reflect the organization's international reach.... -262 3rd Edition—December 1999) and is commonly used with that language, it is considered to be a language-independent
Language-independent specification
A language-independent specification is a programming language specification providing a common interface usable for defining Formal semantics of programming languages applicable toward arbitrary language Binding ; in other words, LISs are language-agnostic.... data format.
Discussion
Ask a question about 'JSON'
Start a new discussion about 'JSON'
Answer questions from other users
Full Discussion Forum
Encyclopedia
JSON (i.e., "Jason"), short for JavaScript Object Notation, is a lightweight computer
Computer
A computer is a machine that manipulates Data according to a list of Code .The first devices that resemble modern computers date to the mid-20th century , although the computer concept and various machines similar to computers existed earlier.... data interchange format. It is a text-based, human-readable format for representing simple data structure
Data structure
A data structure in computer science is a way of storing data in a computer so that it can be used efficiently. It is an organization of mathematical and logical concepts of data.... s and associative array
Associative array
An associative array is an abstract data type composed of a Collection of unique keys and a collection of values, where each key is associated with one value .... s (called objects).
Douglas Crockford is a senior JavaScript Architect at Yahoo! He is well known for his work in introducing JSON . He has also worked on the computerization of media at Atari, Lucasfilm, and Paramount Pictures.... . The official Internet media type
Internet media type
An Internet media type, originally called a MIME type after MIME and sometimes a Content-type after the name of a header in several protocols whose value is such a type, is a two-part identifier for file formats on the Internet.... for JSON is application/json. The JSON file extension is .json.
The JSON format is often used for transmitting structured data over a network connection in a process called serialization
Serialization
In computer science, in the context of data storage and transmission, serialization is the process of converting an object into a sequence of bits so that it can be stored on a storage medium or transmitted across a computer network connection link.... .
Its main application is in Ajax
Ajax (programming)
Ajax, or AJAX , is a group of interrelated web development techniques used to create interactive web applications or rich Internet applications.... web application programming, where it serves as an alternative to the use of the XML format.
Although JSON was based on a subset of the JavaScript
JavaScript
JavaScript is a scripting language widely used for client-side web development. It was the originating Programming language dialect of the ECMAScript standard.... programming language
(specifically, Standard ECMA
Ecma International
'Ecma International' is an international, private non-profit standards organization for information and communication systems. It acquired its name in 1994, when the European Computer Manufacturers Association changed its name to reflect the organization's international reach.... -262 3rd Edition—December 1999) and is commonly used with that language, it is considered to be a language-independent
Language-independent specification
A language-independent specification is a programming language specification providing a common interface usable for defining Formal semantics of programming languages applicable toward arbitrary language Binding ; in other words, LISs are language-agnostic.... data format. Code for parsing and generating JSON data is readily available for a large variety of programming languages. The website provides a comprehensive listing of existing JSON bindings
Binding (computer science)
In computer science, binding is the creation of a simple reference to something that is larger and more complicated and used frequently. The simple reference can be used instead of having to repeat the larger thing.... , organized by language.
In December 2005, Yahoo! began offering some of its web service
Web service
A Web service is defined by the W3C as "a software system designed to support interoperability Machine to Machine interaction over a computer network".... s optionally in JSON. Google started offering JSON feeds for its GData
GData
GData provides a simple standard protocol for reading and writing data on the Internet, designed by Google. GData combines common XML-based syndication formats with a feed-publishing system based on the Atom Publishing Protocol, plus some extensions for handling queries.... web protocol in December 2006.
In computing, floating point describes a system for numerical representation in which a String of digits represents a rational number.The term floating point refers to the fact that the radix point can "float": that is, it can be placed anywhere relative to the Significant figures of the number.... )
In computer programming and some branches of mathematics, a string is an ordered sequence of symbols. These symbols are chosen from a predetermined set or alphabet.... (double-quoted Unicode
Unicode
Unicode is a computing industry standard allowing computers to consistently represent and manipulate Character expressed in most of the world's writing systems.... with backslash escaping
Escape character
In computing and telecommunication, an escape character is a single character which in a sequence of characters signifies that what is to follow takes an alternative interpretation.... )
In computer science, the Boolean algebra datatype, sometimes called the logical datatype, is a primitive datatype having one of two values: Truth value and false.... (true and false)
In computer science, an array is a data structure consisting of a group of element s that are accessed by index . In most programming languages each element has the same data type and the array occupies a contiguous area of computer memory.... (an ordered sequence of values, comma-separated and enclosed in square brackets)
An associative array is an abstract data type composed of a Collection of unique keys and a collection of values, where each key is associated with one value .... (collection of key:value pairs, comma-separated and enclosed in curly braces)
null
The following example shows the JSON representation of an object that describes a person. The object has string fields for first name and last name, contains an object representing the person's address, and contains a list of phone numbers (an array).
Suppose the above text is contained in the JavaScript string variable contact. Since JSON is a subset of JavaScript's object literal
Object literal
In computer science, a literal is a notation for representing a fixed Value in source code. Almost all programming languages have notations for atomic values such as integer s, floating-point numbers, string s, and Boolean datatype; some also have notations for enumerated type and compound values such as arrays, record s, and object s.... notation, one can then recreate the object describing John Smith with a simple eval
Eval
In some programming languages, eval is a subroutine which evaluates a string as though it were an expression and returns a result; in others, it executes multiple lines of code as though they had been included instead of the line including the eval.... :
var p = eval("(" + contact + ")");
and the fields p.firstName, p.address.city, p.phoneNumbers[0] etc. are then accessible. The contact variable must be wrapped in parentheses to avoid an ambiguity in JavaScript's syntax.
In general, eval should only be used to parse JSON if the source of the JSON-formatted text is completely trusted; the execution of untrusted code is obviously dangerous. JSON parsers are available to process JSON input from less trusted sources.
JSON Schema
There are several ways to verify the structure and data types inside a JSON object, much like an XML schema
XML Schema
XML Schema, published as a W3C recommendation in May 2001, is one of several XML schema. It was the first separate schema language for XML to achieve Recommendation status by the W3C.... . JSON Schema is a specification for a JSON-based format for defining the structure of JSON data. JSON Schema provides a contract for what JSON data is required for a given application and how it can be modified, much like what XML Schema provides for XML. JSON Schema is intended to provide validation, documentation, and interaction control of JSON data. JSON Schema is based on the concepts from XML Schema, RelaxNG, and Kwalify, but is intended to be JSON-based, so that JSON data in the form of a schema can be used to validate JSON data, the same serialization/deserialization tools can be used for the schema and data, and it can be self descriptive.
Using JSON in Ajax
The following Javascript code shows how the client can use an XMLHttpRequest
XMLHttpRequest
XMLHttpRequest is a Document Object Model Application programming interface that can be used inside a web browser scripting language, such as Javascript, to send an Hypertext Transfer Protocol directly to a web server and load the Response data directly back into the scripting language.... to request an object in JSON format from the server. (The server-side programming is omitted; it has to be set up to respond to requests at url with a JSON-formatted string.)
var the_object;
var http_request = new XMLHttpRequest;
http_request.open( "GET", url, true );
http_request.send(null);
http_request.onreadystatechange = function ;
XMLHttpRequest is a Document Object Model Application programming interface that can be used inside a web browser scripting language, such as Javascript, to send an Hypertext Transfer Protocol directly to a web server and load the Response data directly back into the scripting language.... in this example is not cross-browser
Cross-browser
Cross-browser refers to the ability for a website, web application, HTML construct or client-side scripting to support all the web browsers. The term cross-browser is often confused with multi-browser.... compatible; syntactic
Syntax
In linguistics, syntax is the study of the principles and rules for constructing Sentence s in natural languages. In addition to referring to the discipline, the term syntax is also used to refer directly to the rules and principles that govern the sentence structure of any individual language, as in "the Irish syntax".... variations are available for Internet Explorer
Internet Explorer
Windows Internet Explorer , commonly abbreviated to IE, is a series of graphical user interface web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems starting in 1995.... , Opera
Opera (web browser)
Opera is a web browser and Internet suite developed by the Opera Software company. Opera handles common Internet-related tasks such as displaying web sites, sending and receiving e-mail messages, managing contacts, IRC online chatting, downloading files via BitTorrent , and reading web feeds.... , Safari
Safari (web browser)
Safari is a web browser developed by Apple Inc.. First released as a beta on January 7, 2003 on the company's Mac OS X operating system, it became Apple's default browser beginning with Mac OS X v10.3, commonly known as "OS X Panther." Apple has also made Safari the native browser for the iPhone OS.... , and Mozilla
Mozilla
Mozilla was the official, public, original name of Mozilla Application Suite by the Mozilla Foundation, currently known as SeaMonkey internet suite.... -based browsers. The usefulness of XMLHttpRequest is limited by the same origin policy
Same origin policy
In computing, the same origin policy is an important computer security concept for a number of client-side scripting, such as JavaScript. In a nutshell, the policy permits scripts running on pages originating from the same site to access each other's methods and properties with no specific restrictions — but prevents access to most meth... : the URL replying to the request must reside within the same DNS domain as the server that hosts the page containing the request. Alternatively, the JSONP approach incorporates the use of an encoded callback function passed between the client and server to allow the client to load JSON-encoded data from third-party domains and to notify the caller function upon completion, although this imposes some security risks and additional requirements upon the server.
IFrame is an HTML element which makes it possible to embed an HTML document inside another HTML document.The size of the IFrame can be specified in the surrounding HTML page, so that the surrounding page can already be presented in the Web browser while the IFrame is still being loaded.... > elements to asynchronously request JSON data in a cross-browser
Cross-browser
Cross-browser refers to the ability for a website, web application, HTML construct or client-side scripting to support all the web browsers. The term cross-browser is often confused with multi-browser.... fashion, or use simple <form action="url_to_cgi_script" target="name_of_hidden_iframe"> submissions. These approaches were prevalent prior to the advent of widespread support for XMLHttpRequest.
In computing, an HTML element indicates structure in an HTML document and a way of hierarchically arranging content. More specifically, an HTML element is an Standard Generalized Markup Language element that meets the requirements of one or more of the HTML Document Type Definitions .... tags can also be used to transport JSON data. With this technique it is possible to get around the same origin policy
Same origin policy
In computing, the same origin policy is an important computer security concept for a number of client-side scripting, such as JavaScript. In a nutshell, the policy permits scripts running on pages originating from the same site to access each other's methods and properties with no specific restrictions — but prevents access to most meth... but it is insecure. has been proposed as a safer alternative.
Security issues
Although JSON is intended as a data serialization format, its design as a subset of the JavaScript programming language poses several security concerns. These concerns center on the use of a JavaScript interpreter to dynamically execute JSON text as JavaScript, thus exposing a program to errant or malicious script contained therein -- often a chief concern when dealing with data retrieved from the internet. While not the only way to process JSON, it is an easy and popular technique, stemming from JSON's design to be compatible with JavaScript's eval function, and illustrated by the preceding code examples.
JavaScript eval
Because most JSON-formatted text is also syntactically legal JavaScript code, an easy way for a JavaScript program to parse JSON-formatted data is to use the built-in JavaScript eval function, which was designed to evaluate JavaScript expressions. Rather than using a JSON-specific parser, the JavaScript interpreter itself is used to execute the JSON data to produce native JavaScript objects.
In computer security, the term vulnerability is applied to a weakness in a system which allows an attacker to violate the integrity of that system.... if the data and the entire JavaScript environment is not within the control of a single trusted source
Trusted system
In the security engineering subspecialty of computer science, a trusted system is a system that is relied upon to a specified extent to enforce a specified security policy.... . If the data is itself not trusted, for example, it may be subject to malicious JavaScript code injection
Code injection
Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by an attacker to introduce code into a computer program to change the course of execution.... attacks; unless some additional means is used to validate the data first. Regular expression
Regular expression
In computing, regular expressions provide a concise and flexible means for identifying strings of text of interest, such as particular characters, words, or patterns of characters.... s are sometimes used to perform this check prior to invoking eval. Also, such breaches of trust may create vulnerabilities for data theft
Data theft
Data theft is a growing problem primarily perpetrated by office workers with access to technology such as desktop computers and hand-held devices capable of storing digital information such as flash drives, iPods and even digital cameras.... , authentication forgery
Digital identity
Digital identity refers to the aspect of digital technology that is concerned with the mediation of people's experience of their own identity and the identity of other people and things.... , and other potential misuse of data and resources. The RFC
RFC
RFC, a three-letter initialism, may refer to:... that defines JSON suggests using the following code to validate JSON before eval'ing it (the variable 'text' is the input JSON) :
var my_JSON_object = !(/[^,:\[\]0-9.\-+Eaeflnr-u \n\r\t]/.test(
text.replace(/"(\\.|[^"\\])*"/g, ))) &&
eval('(' + text + ')');
A new function, parseJSON, has been proposed as a safer alternative to eval, as it is specifically intended to process JSON data and not JavaScript. It will likely be included in the Fourth Edition of the ECMAScript
ECMAScript
ECMAScript is a scripting language, standardized by Ecma International in the ECMA-262 Specification . The language is widely used on the World Wide Web, and is often confused with JavaScript or JScript, the two major Programming language dialect from which ECMAScript was standardized.... standard as written in the article , though it is available now as a JavaScript library at http://www.JSON.org/json2.js
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.... attacks (CSRF or XSRF). Because the HTML <script>
HTML element
In computing, an HTML element indicates structure in an HTML document and a way of hierarchically arranging content. More specifically, an HTML element is an Standard Generalized Markup Language element that meets the requirements of one or more of the HTML Document Type Definitions .... tag does not respect the same origin policy
Same origin policy
In computing, the same origin policy is an important computer security concept for a number of client-side scripting, such as JavaScript. In a nutshell, the policy permits scripts running on pages originating from the same site to access each other's methods and properties with no specific restrictions — but prevents access to most meth... in web browser implementations, a malicious page can request and obtain JSON data belonging to another site. This will allow the JSON-encoded data to be evaluated in the context of the malicious page, possibly divulging passwords or other sensitive data if the user is currently logged into the other site.
This is only a problem if the server depends on the browser's Same Origin Policy to block the delivery of the data in the case of an improper request. There is no problem if the server determines the propriety of the request itself, only putting the data on the wire if the request is proper. Cookies are not by themselves adequate for determining if a request was authorized. Exclusive use of cookies is subject to cross-site request forgery
Cross-site request forgery
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.... .
Comparison with other formats
XML
XML is often used to describe structured data and to serialize objects. Various XML-based protocols exist to represent the same kind of data structures as JSON for the same kind of data interchange purposes. But because they use XML, which is a general purpose markup language
Markup language
A markup language is a set of codes that give instructions regarding the structure of a text or how it is to be displayed. Markup languages have been in use for centuries, and in recent years have been used in computer typesetting and word-processing systems to specify the formatting, layout, structure, and other elements of a document.... , they are arguably more complex than JSON, which represents data structures in simple text in a form specifically designed for data interchange (but in an uncompressed format) . Both lack a rich (i.e., explicit) mechanism for representing large binary
Binary large object
A binary large object, also known as a blob, is a collection of binary data stored as a single entity in a database management system. Blobs are typically s, sound or other multimedia objects, though sometimes binary executable code is stored as a binary blob.... data type
Data type
A data type in programming languages is an attribute of a data which tells the computer something about the kind of data it is. This involves setting constraints on the datum, such as what values it can take and what operations may be performed upon it.... s such as image data (although binary data can be serialized for both by applying a general purpose binary-to-text encoding-scheme).
YAML
Both functionally and syntactically, JSON is effectively a subset of YAML
YAML
YAML is a human-readable data serialization format that takes concepts from languages such as XML, C , Python , Perl, as well as the format for electronic mail as specified by Request for Comments .... .
Specifically, as of YAML version 1.2, "every JSON file is also a valid YAML file" . The most widespread YAML library also parses JSON. Prior to YAML version 1.2, JSON was not quite a perfect subset, primarily because YAML lacked native handling of UTF-32 and required comma separators to be followed by a space. Also, the JSON specification used to include /* */ style comments.
The most distinguishing point of comparison is that YAML offers the following syntax enrichments which have no corresponding expression in JSON:
Relational::
YAML offers syntax for relational data: rather than repeating identical data later in a document, a YAML document can refer to an anchor earlier in the file/stream. Recursive structures (for example, an array containing itself) can be expressed this way.
Extensible::
YAML also offers extensible data types beyond primitives (i.e., beyond strings, floats, ints, bools) which can include class-type declarations or Unicode types.
Blocks::
YAML uses a block-indent syntax to allow formatting of structured data without use of additional characters (ie: braces, brackets, quotation marks, etc.).
Efficiency
JSON is primarily used for communicating data over the internet but it has certain characteristics which limit its efficiency for this purpose. In particular, decoding must be done on a character-by-character basis, and the standard has no provision for data compression
Data compression
In computer science and information theory, data compression or source coding is the process of encoding information using fewer bits than an code representation would use through use of specific encoding schemes.... , interning of strings, or object references.
JSONP
JSONP or "JSON with padding" is a JSON extension wherein the name of a callback function is specified as an input argument of the call itself. The original proposition appears to have been made in the MacPython blog in 2005 and is now used by many Web 2.0
Web 2.0
The term "Web 2.0" refers to a perceived second generation of web development and web design, that aims to facilitate communication, secure information sharing, interoperability, and collaboration on the World Wide Web.... applications such as Dojo Toolkit
Dojo Toolkit
The Dojo Toolkit is an open source modular JavaScript library designed to ease the rapid development of cross platform, JavaScript/Ajax based applications and web sites.... Applications, Google Toolkit Applications and zanox Web Services . Further extensions of this protocol have been proposed by considering additional input arguments as, for example, is the case of JSONPP supported by S3DB web services.
Because JSONP makes use of script tags, calls are essentially open to the world. For that reason, JSONP may be inappropriate to carry sensitive data.
Including script tags from remote sites allows the remote sites to inject any content into a website. If the remote sites have vulnerabilities that allow javascript injection, the original site can also be affected.
Object references
The JSON standard does not support object references
Reference (computer science)
In computer science, a reference is an object containing information about how to locate and access the particular data item, as opposed to containing the data itself.... , but the Dojo Toolkit
Dojo Toolkit
The Dojo Toolkit is an open source modular JavaScript library designed to ease the rapid development of cross platform, JavaScript/Ajax based applications and web sites.... illustrates how conventions can be adopted to support such references using standard JSON.
Specifically, the module provides support for several forms of referencing including circular
Circular reference
A circular reference, sometimes referred to as a run-around, is a series of references where the last object references the first, thus causing the whole series of references to be unusable.... , multiple, inter-message, and lazy
Lazy evaluation
In computer programming, lazy evaluation is the technique of delaying a computation until such time as the result of the computation is known to be needed.... referencing.
SOAPjr is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks. It is a hybrid of SOAP and JSON-RPC .... - a hybrid of SOAP and JR (JSON-RPC)
The JSON Markup Language is a list of lightweight markup languages which is used as a mapping between XML and JSON . Using JsonML one may convert an XML document or fragment into a JSON data structure for ease of use within JavaScript environments such as a web browser....
The term S-expression or sexp refers to a convention for representing semi-structured data in human-readable textual form. S-expressions are probably best known for their use in the Lisp programming language family of programming languages.... s
YAML is a human-readable data serialization format that takes concepts from languages such as XML, C , Python , Perl, as well as the format for electronic mail as specified by Request for Comments .... ("YAML Ain't a Markup Language")
