Wednesday, October 28, 2009

JSON - JavaScript Object Notation

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

JSON is built on two structures:

* A collection of name/value pairs. In various languages, this is realized as an object, record, struct, dictionary, hash table, keyed list, or associative array.
* An ordered list of values. In most languages, this is realized as an array, vector, list, or sequence.

A value can be a string in double quotes, or a number, or true or false or null, or an object or an array. These structures can be nested.

JSON is not a document format. It is not a markup language. It is not even a general serialization format in that it does not have a direct representation for cyclical structures, although it can support a meta representation that does.

This is an example of a JSON object.

"name": "Jack (\"Bee\") Nimble",
"format": {
"type": "rect",
"width": 1920,
"height": 1080,
"interlace": false,
"frame rate": 24

JSON has become the X in Ajax. It is now the preferred data format for Ajax applications. There are a number of ways in which JSON can be used in Ajax applications.

The most common way to use JSON is with XMLHttpRequest. Once a response text obtained, it can quickly be converted into a JavaScript data structure and consumed by the program. There are two ways in which to do the conversion. The first is to use JavaScript's eval function, which will invoke the JavaScript compiler.

responseData = eval('(' + responseText + ')');

This works because JSON is a safe subset of JavaScript, but it is potentially dangerous because whatever the server sends will be executed. XMLHttpRequest is severely limited by the same origin policy, so the response text can only come from the origining server. If the server acts as a proxy and is incompetent in its filtering, then it could include dangerous scripts in the response text. If there is any risk of this, then the parseJSON method must be used instead.

responseData = responseText.parseJSON();

Back on the client, one need to write some code to handle the JSON response. One can use the json.js parser here from, which adds a safe parseJSON() function to all JavaScript strings. All you have to do is grab the AJAX request's responseText property and call parseJSON() on it to turn it into a JavaScript object. Then it's just a case of updating the input element's status area according to the JSON data.

A popular alternative is use of the dynamic script tag hack. It completely circumvents the same origin policy so that data can be obtained from any server in the world. It is much easier to use than XMLHttpRequest. Just create a script node. The server sends the JSON text embedded in a script.


The function deliver is passed the incoming data structure. There is no opportunity to inspect the response before it is evaluated, so there is no defense against a malevolent server sending a dangerous script instead of JSON text. The dynamic script tag hack is insecure. It should not be used unless the data is coming from a trusted source.

The characteristics of XML that make it suitable for data interchange are stronger in JSON.

Its simultaneously human- and machine-readable format;

This is true of both formats.
It has support for Unicode, allowing almost any information in any human language to be communicated;

JSON uses Unicode exclusively.
The self-documenting format that describes structure and field names as well as specific values;

This is also true of both formats, and it raises the question: If the format is self-describing, why is it necessary to have a schema?
The strict syntax and parsing requirements that allow the necessary parsing algorithms to remain simple, efficient, and consistent;

JSON's syntax is significantly simpler, so parsing is more efficient.
The ability to represent the most general computer science data structures: records, lists and trees.

SOURCE: and others