File Coverage

blib/lib/Cpanel/JSON/XS.pm

Criterion	Covered	Total	%
statement	33	48	68.7
branch	19	26	73.0
condition	8	15	53.3
subroutine	11	15	73.3
pod	4	4	100.0
total	75	108	69.4

line	stmt	bran	cond	sub	pod	time	code
1							package Cpanel::JSON::XS;
2							our $VERSION = '4.12';
3							our $XS_VERSION = $VERSION;
4							# $VERSION = eval $VERSION;
5
6							=pod
7
8							=head1 NAME
9
10							Cpanel::JSON::XS - cPanel fork of JSON::XS, fast and correct serializing
11
12							=head1 SYNOPSIS
13
14							use Cpanel::JSON::XS;
15
16							# exported functions, they croak on error
17							# and expect/generate UTF-8
18
19							$utf8_encoded_json_text = encode_json $perl_hash_or_arrayref;
20							$perl_hash_or_arrayref = decode_json $utf8_encoded_json_text;
21
22							# OO-interface
23
24							$coder = Cpanel::JSON::XS->new->ascii->pretty->allow_nonref;
25							$pretty_printed_unencoded = $coder->encode ($perl_scalar);
26							$perl_scalar = $coder->decode ($unicode_json_text);
27
28							# Note that 5.6 misses most smart utf8 and encoding functionalities
29							# of newer releases.
30
31							# Note that L will automatically use Cpanel::JSON::XS
32							# if available, at virtually no speed overhead either, so you should
33							# be able to just:
34
35							use JSON::MaybeXS;
36
37							# and do the same things, except that you have a pure-perl fallback now.
38
39							=head1 DESCRIPTION
40
41							This module converts Perl data structures to JSON and vice versa. Its
42							primary goal is to be I and its secondary goal is to be
43							I. To reach the latter goal it was written in C.
44
45							As this is the n-th-something JSON module on CPAN, what was the reason
46							to write yet another JSON module? While it seems there are many JSON
47							modules, none of them correctly handle all corner cases, and in most cases
48							their maintainers are unresponsive, gone missing, or not listening to bug
49							reports for other reasons.
50
51							See below for the cPanel fork.
52
53							See MAPPING, below, on how Cpanel::JSON::XS maps perl values to JSON
54							values and vice versa.
55
56							=head2 FEATURES
57
58							=over 4
59
60							=item * correct Unicode handling
61
62							This module knows how to handle Unicode with Perl version higher than 5.8.5,
63							documents how and when it does so, and even documents what "correct" means.
64
65							=item * round-trip integrity
66
67							When you serialize a perl data structure using only data types supported
68							by JSON and Perl, the deserialized data structure is identical on the Perl
69							level. (e.g. the string "2.0" doesn't suddenly become "2" just because
70							it looks like a number). There I minor exceptions to this, read the
71							MAPPING section below to learn about those.
72
73							=item * strict checking of JSON correctness
74
75							There is no guessing, no generating of illegal JSON texts by default,
76							and only JSON is accepted as input by default. the latter is a security
77							feature.
78
79							=item * fast
80
81							Compared to other JSON modules and other serializers such as Storable,
82							this module usually compares favourably in terms of speed, too.
83
84							=item * simple to use
85
86							This module has both a simple functional interface as well as an object
87							oriented interface.
88
89							=item * reasonably versatile output formats
90
91							You can choose between the most compact guaranteed-single-line format
92							possible (nice for simple line-based protocols), a pure-ASCII format
93							(for when your transport is not 8-bit clean, still supports the whole
94							Unicode range), or a pretty-printed format (for when you want to read that
95							stuff). Or you can combine those features in whatever way you like.
96
97							=back
98
99							=head2 cPanel fork
100
101							Since the original author MLEHMANN has no public
102							bugtracker, this cPanel fork sits now on github.
103
104							src repo: L
105							original: L
106
107							RT: L
108							or L
109
110							B
111
112							- stricter decode_json() as documented. non-refs are disallowed.
113							added a 2nd optional argument. decode() honors now allow_nonref.
114
115							- fixed encode of numbers for dual-vars. Different string
116							representations are preserved, but numbers with temporary strings
117							which represent the same number are here treated as numbers, not
118							strings. Cpanel::JSON::XS is a bit slower, but preserves numeric
119							types better.
120
121							- numbers ending with .0 stray numbers, are not converted to
122							integers. [#63] dual-vars which are represented as number not
123							integer (42+"bar" != 5.8.9) are now encoded as number (=> 42.0)
124							because internally it's now a NOK type. However !!1 which is
125							wrongly encoded in 5.8 as "1"/1.0 is still represented as integer.
126
127							- different handling of inf/nan. Default now to null, optionally with
128							stringify_infnan() to "inf"/"nan". [#28, #32]
129
130							- added C extension, non-JSON and non JSON parsable, allows
131							C<\xNN> and C<\NNN> sequences.
132
133							- 5.6.2 support; sacrificing some utf8 features (assuming bytes
134							all-over), no multi-byte unicode characters with 5.6.
135
136							- interop for true/false overloading. JSON::XS, JSON::PP and Mojo::JSON
137							representations for booleans are accepted and JSON::XS accepts
138							Cpanel::JSON::XS booleans [#13, #37]
139							Fixed overloading of booleans. Cpanel::JSON::XS::true stringifies again
140							to "1", not "true", analog to all other JSON modules.
141
142							- native boolean mapping of yes and no to true and false, as in YAML::XS.
143							In perl C is yes, C is no.
144							The JSON value true maps to 1, false maps to 0. [#39]
145
146							- support arbitrary stringification with encode, with convert_blessed
147							and allow_blessed.
148
149							- ithread support. Cpanel::JSON::XS is thread-safe, JSON::XS not
150
151							- is_bool can be called as method, JSON::XS::is_bool not.
152
153							- performance optimizations for threaded Perls
154
155							- relaxed mode, allowing many popular extensions
156
157							- additional fixes for:
158
159							- [cpan #88061] AIX atof without USE_LONG_DOUBLE
160
161							- #10 unshare_hek crash
162
163							- #7, #29 avoid re-blessing where possible. It fails in JSON::XS for
164							READONLY values, i.e. restricted hashes.
165
166							- #41 overloading of booleans, use the object not the reference.
167
168							- #62 -Dusequadmath conversion and no SEGV.
169
170							- #72 parsing of values followed \0, like 1\0 does fail.
171
172							- #72 parsing of illegal unicode or non-unicode characters.
173
174							- #96 locale-insensitive numeric conversion
175
176							- public maintenance and bugtracker
177
178							- use ppport.h, sanify XS.xs comment styles, harness C coding style
179
180							- common::sense is optional. When available it is not used in the
181							published production module, just during development and testing.
182
183							- extended testsuite, passes all http://seriot.ch/parsing_json.html
184							tests. In fact it is the only know JSON decoder which does so,
185							while also being the fastest.
186
187							- support many more options and methods from JSON::PP:
188							stringify_infnan, allow_unknown, allow_stringify, allow_barekey,
189							encode_stringify, allow_bignum, allow_singlequote, sort_by
190							(partially), escape_slash, convert_blessed, ... optional
191							decode_json(, allow_nonref) arg.
192							relaxed implements allow_dupkeys.
193
194							- support all 5 unicode L's: UTF-8, UTF-16LE, UTF-16BE, UTF-32LE,
195							UTF-32BE, encoding internally to UTF-8.
196
197							=cut
198
199							our @ISA = qw(Exporter);
200							our @EXPORT = qw(encode_json decode_json to_json from_json);
201
202							sub to_json($@) {
203	0	0		0	1	0	if ($] >= 5.008) {
204	0					0	require Carp;
205	0					0	Carp::croak ("Cpanel::JSON::XS::to_json has been renamed to encode_json,".
206							" either downgrade to pre-2.0 versions of Cpanel::JSON::XS or".
207							" rename the call");
208							} else {
209	0					0	_to_json(@_);
210							}
211							}
212
213							sub from_json($@) {
214	0	0		0	1	0	if ($] >= 5.008) {
215	0					0	require Carp;
216	0					0	Carp::croak ("Cpanel::JSON::XS::from_json has been renamed to decode_json,".
217							" either downgrade to pre-2.0 versions of Cpanel::JSON::XS or".
218							" rename the call");
219							} else {
220	0					0	_from_json(@_);
221							}
222							}
223
224	57			57		2211566	use Exporter;
	57					439
	57					2046
225	57			57		315	use XSLoader;
	57					85
	57					31117
226
227							=head1 FUNCTIONAL INTERFACE
228
229							The following convenience methods are provided by this module. They are
230							exported by default:
231
232							=over 4
233
234							=item $json_text = encode_json $perl_scalar, [json_type]
235
236							Converts the given Perl data structure to a UTF-8 encoded, binary string
237							(that is, the string contains octets only). Croaks on error.
238
239							This function call is functionally identical to:
240
241							$json_text = Cpanel::JSON::XS->new->utf8->encode ($perl_scalar, $json_type)
242
243							Except being faster.
244
245							For the type argument see L.
246
247							=item $perl_scalar = decode_json $json_text [, $allow_nonref [, my $json_type ] ]
248
249							The opposite of C: expects an UTF-8 (binary) string of an
250							json reference and tries to parse that as an UTF-8 encoded JSON text,
251							returning the resulting reference. Croaks on error.
252
253							This function call is functionally identical to:
254
255							$perl_scalar = Cpanel::JSON::XS->new->utf8->decode ($json_text, $json_type)
256
257							except being faster.
258
259							Note that older decode_json versions in Cpanel::JSON::XS older than
260							3.0116 and JSON::XS did not set allow_nonref but allowed them due to a
261							bug in the decoder.
262
263							If the new optional $allow_nonref argument is set and not false, the
264							allow_nonref option will be set and the function will act is described
265							as in the relaxed RFC 7159 allowing all values such as objects,
266							arrays, strings, numbers, "null", "true", and "false".
267
268							For the type argument see L.
269
270							=item $is_boolean = Cpanel::JSON::XS::is_bool $scalar
271
272							Returns true if the passed scalar represents either C
273							or C, two constants that act like C<1> and C<0>,
274							respectively and are used to represent JSON C and C
275							values in Perl.
276
277							See MAPPING, below, for more information on how JSON values are mapped
278							to Perl.
279
280							=back
281
282							=head1 DEPRECATED FUNCTIONS
283
284							=over
285
286							=item from_json
287
288							from_json has been renamed to decode_json
289
290							=item to_json
291
292							to_json has been renamed to encode_json
293
294							=back
295
296
297							=head1 A FEW NOTES ON UNICODE AND PERL
298
299							Since this often leads to confusion, here are a few very clear words on
300							how Unicode works in Perl, modulo bugs.
301
302							=over 4
303
304							=item 1. Perl strings can store characters with ordinal values > 255.
305
306							This enables you to store Unicode characters as single characters in a
307							Perl string - very natural.
308
309							=item 2. Perl does I associate an encoding with your strings.
310
311							... until you force it to, e.g. when matching it against a regex, or
312							printing the scalar to a file, in which case Perl either interprets
313							your string as locale-encoded text, octets/binary, or as Unicode,
314							depending on various settings. In no case is an encoding stored
315							together with your data, it is I that decides encoding, not any
316							magical meta data.
317
318							=item 3. The internal utf-8 flag has no meaning with regards to the
319							encoding of your string.
320
321							=item 4. A "Unicode String" is simply a string where each character
322							can be validly interpreted as a Unicode code point.
323
324							If you have UTF-8 encoded data, it is no longer a Unicode string, but
325							a Unicode string encoded in UTF-8, giving you a binary string.
326
327							=item 5. A string containing "high" (> 255) character values is I
328							a UTF-8 string.
329
330							=item 6. Unicode noncharacters only warn, as in core.
331
332							The 66 Unicode noncharacters U+FDD0..U+FDEF, and U+FFFE, U+FFFF just
333							warn, see L. But
334							illegal surrogate pairs fail to parse.
335
336							=item 7. Raw non-Unicode characters above U+10FFFF are disallowed.
337
338							Raw non-Unicode characters outside the valid unicode range fail to
339							parse, because "A string is a sequence of zero or more Unicode
340							characters" RFC 7159 section 1 and "JSON text SHALL be encoded in
341							Unicode RFC 7159 section 8.1. We use now the UTF8_DISALLOW_SUPER
342							flag when parsing unicode.
343
344							=back
345
346							I hope this helps :)
347
348
349							=head1 OBJECT-ORIENTED INTERFACE
350
351							The object oriented interface lets you configure your own encoding or
352							decoding style, within the limits of supported formats.
353
354							=over 4
355
356							=item $json = new Cpanel::JSON::XS
357
358							Creates a new JSON object that can be used to de/encode JSON
359							strings. All boolean flags described below are by default I.
360
361							The mutators for flags all return the JSON object again and thus calls can
362							be chained:
363
364							my $json = Cpanel::JSON::XS->new->utf8->space_after->encode ({a => [1,2]})
365							=> {"a": [1, 2]}
366
367							=item $json = $json->ascii ([$enable])
368
369							=item $enabled = $json->get_ascii
370
371							If C<$enable> is true (or missing), then the C method will not
372							generate characters outside the code range C<0..127> (which is ASCII). Any
373							Unicode characters outside that range will be escaped using either a
374							single C<\uXXXX> (BMP characters) or a double C<\uHHHH\uLLLLL> escape sequence,
375							as per RFC4627. The resulting encoded JSON text can be treated as a native
376							Unicode string, an ascii-encoded, latin1-encoded or UTF-8 encoded string,
377							or any other superset of ASCII.
378
379							If C<$enable> is false, then the C method will not escape Unicode
380							characters unless required by the JSON syntax or other flags. This results
381							in a faster and more compact format.
382
383							See also the section I later in this
384							document.
385
386							The main use for this flag is to produce JSON texts that can be
387							transmitted over a 7-bit channel, as the encoded JSON texts will not
388							contain any 8 bit characters.
389
390							Cpanel::JSON::XS->new->ascii (1)->encode ([chr 0x10401])
391							=> ["\ud801\udc01"]
392
393							=item $json = $json->latin1 ([$enable])
394
395							=item $enabled = $json->get_latin1
396
397							If C<$enable> is true (or missing), then the C method will encode
398							the resulting JSON text as latin1 (or ISO-8859-1), escaping any characters
399							outside the code range C<0..255>. The resulting string can be treated as a
400							latin1-encoded JSON text or a native Unicode string. The C method
401							will not be affected in any way by this flag, as C by default
402							expects Unicode, which is a strict superset of latin1.
403
404							If C<$enable> is false, then the C method will not escape Unicode
405							characters unless required by the JSON syntax or other flags.
406
407							See also the section I later in this
408							document.
409
410							The main use for this flag is efficiently encoding binary data as JSON
411							text, as most octets will not be escaped, resulting in a smaller encoded
412							size. The disadvantage is that the resulting JSON text is encoded
413							in latin1 (and must correctly be treated as such when storing and
414							transferring), a rare encoding for JSON. It is therefore most useful when
415							you want to store data structures known to contain binary data efficiently
416							in files or databases, not when talking to other JSON encoders/decoders.
417
418							Cpanel::JSON::XS->new->latin1->encode (["\x{89}\x{abc}"]
419							=> ["\x{89}\\u0abc"] # (perl syntax, U+abc escaped, U+89 not)
420
421
422							=item $json = $json->binary ([$enable])
423
424							=item $enabled = $json = $json->get_binary
425
426							If the C<$enable> argument is true (or missing), then the C
427							method will not try to detect an UTF-8 encoding in any JSON string, it
428							will strictly interpret it as byte sequence. The result might contain
429							new C<\xNN> sequences, which is B. The C
430							method forbids C<\uNNNN> sequences and accepts C<\xNN> and octal
431							C<\NNN> sequences.
432
433							There is also a special logic for perl 5.6 and utf8. 5.6 encodes any
434							string to utf-8 automatically when seeing a codepoint >= C<0x80> and
435							< C<0x100>. With the binary flag enabled decode the perl utf8 encoded
436							string to the original byte encoding and encode this with C<\xNN>
437							escapes. This will result to the same encodings as with newer
438							perls. But note that binary multi-byte codepoints with 5.6 will
439							result in C errors,
440							unlike with newer perls.
441
442							If C<$enable> is false, then the C method will smartly try to
443							detect Unicode characters unless required by the JSON syntax or other
444							flags and hex and octal sequences are forbidden.
445
446							See also the section I later in this
447							document.
448
449							The main use for this flag is to avoid the smart unicode detection and
450							possible double encoding. The disadvantage is that the resulting JSON
451							text is encoded in new C<\xNN> and in latin1 characters and must
452							correctly be treated as such when storing and transferring, a rare
453							encoding for JSON. It will produce non-readable JSON strings in the
454							browser. It is therefore most useful when you want to store data
455							structures known to contain binary data efficiently in files or
456							databases, not when talking to other JSON encoders/decoders. The
457							binary decoding method can also be used when an encoder produced a
458							non-JSON conformant hex or octal encoding C<\xNN> or C<\NNN>.
459
460							Cpanel::JSON::XS->new->binary->encode (["\x{89}\x{abc}"])
461							5.6: Error: malformed or illegal unicode character in binary string
462							>=5.8: ['\x89\xe0\xaa\xbc']
463
464							Cpanel::JSON::XS->new->binary->encode (["\x{89}\x{bc}"])
465							=> ["\x89\xbc"]
466
467							Cpanel::JSON::XS->new->binary->decode (["\x89\ua001"])
468							Error: malformed or illegal unicode character in binary string
469
470							Cpanel::JSON::XS->new->decode (["\x89"])
471							Error: illegal hex character in non-binary string
472
473
474							=item $json = $json->utf8 ([$enable])
475
476							=item $enabled = $json->get_utf8
477
478							If C<$enable> is true (or missing), then the C method will encode
479							the JSON result into UTF-8, as required by many protocols, while the
480							C method expects to be handled an UTF-8-encoded string. Please
481							note that UTF-8-encoded strings do not contain any characters outside the
482							range C<0..255>, they are thus useful for bytewise/binary I/O. In future
483							versions, enabling this option might enable autodetection of the UTF-16
484							and UTF-32 encoding families, as described in RFC4627.
485
486							If C<$enable> is false, then the C method will return the JSON
487							string as a (non-encoded) Unicode string, while C expects thus a
488							Unicode string. Any decoding or encoding (e.g. to UTF-8 or UTF-16) needs
489							to be done yourself, e.g. using the Encode module.
490
491							See also the section I later in this
492							document.
493
494							Example, output UTF-16BE-encoded JSON:
495
496							use Encode;
497							$jsontext = encode "UTF-16BE", Cpanel::JSON::XS->new->encode ($object);
498
499							Example, decode UTF-32LE-encoded JSON:
500
501							use Encode;
502							$object = Cpanel::JSON::XS->new->decode (decode "UTF-32LE", $jsontext);
503
504							=item $json = $json->pretty ([$enable])
505
506							This enables (or disables) all of the C, C and
507							C (and in the future possibly more) flags in one call to
508							generate the most readable (or most compact) form possible.
509
510							Example, pretty-print some simple structure:
511
512							my $json = Cpanel::JSON::XS->new->pretty(1)->encode ({a => [1,2]})
513							=>
514							{
515							"a" : [
516							1,
517							2
518							]
519							}
520
521
522							=item $json = $json->indent ([$enable])
523
524							=item $enabled = $json->get_indent
525
526							If C<$enable> is true (or missing), then the C method will use
527							a multiline format as output, putting every array member or
528							object/hash key-value pair into its own line, indenting them properly.
529
530							If C<$enable> is false, no newlines or indenting will be produced, and the
531							resulting JSON text is guaranteed not to contain any C.
532
533							This setting has no effect when decoding JSON texts.
534
535							=item $json = $json->indent_length([$number_of_spaces])
536
537							=item $length = $json->get_indent_length()
538
539							Set the indent length (default C<3>).
540							This option is only useful when you also enable indent or pretty.
541							The acceptable range is from 0 (no indentation) to 15
542
543							=item $json = $json->space_before ([$enable])
544
545							=item $enabled = $json->get_space_before
546
547							If C<$enable> is true (or missing), then the C method will add an extra
548							optional space before the C<:> separating keys from values in JSON objects.
549
550							If C<$enable> is false, then the C method will not add any extra
551							space at those places.
552
553							This setting has no effect when decoding JSON texts. You will also
554							most likely combine this setting with C.
555
556							Example, space_before enabled, space_after and indent disabled:
557
558							{"key" :"value"}
559
560							=item $json = $json->space_after ([$enable])
561
562							=item $enabled = $json->get_space_after
563
564							If C<$enable> is true (or missing), then the C method will add
565							an extra optional space after the C<:> separating keys from values in
566							JSON objects and extra whitespace after the C<,> separating key-value
567							pairs and array members.
568
569							If C<$enable> is false, then the C method will not add any extra
570							space at those places.
571
572							This setting has no effect when decoding JSON texts.
573
574							Example, space_before and indent disabled, space_after enabled:
575
576							{"key": "value"}
577
578							=item $json = $json->relaxed ([$enable])
579
580							=item $enabled = $json->get_relaxed
581
582							If C<$enable> is true (or missing), then C will accept some
583							extensions to normal JSON syntax (see below). C will not be
584							affected in anyway. I
585							JSON texts as if they were valid!>. I suggest only to use this option to
586							parse application-specific files written by humans (configuration files,
587							resource files etc.)
588
589							If C<$enable> is false (the default), then C will only accept
590							valid JSON texts.
591
592							Currently accepted extensions are:
593
594							=over 4
595
596							=item * list items can have an end-comma
597
598							JSON I array elements and key-value pairs with commas. This
599							can be annoying if you write JSON texts manually and want to be able to
600							quickly append elements, so this extension accepts comma at the end of
601							such items not just between them:
602
603							[
604							1,
605							2, <- this comma not normally allowed
606							]
607							{
608							"k1": "v1",
609							"k2": "v2", <- this comma not normally allowed
610							}
611
612							=item * shell-style '#'-comments
613
614							Whenever JSON allows whitespace, shell-style comments are additionally
615							allowed. They are terminated by the first carriage-return or line-feed
616							character, after which more white-space and comments are allowed.
617
618							[
619							1, # this comment not allowed in JSON
620							# neither this one...
621							]
622
623							=item * literal ASCII TAB characters in strings
624
625							Literal ASCII TAB characters are now allowed in strings (and treated as
626							C<\t>) in relaxed mode. Despite JSON mandates, that TAB character is
627							substituted for "\t" sequence.
628
629							[
630							"Hello\tWorld",
631							"HelloWorld", # literal would not normally be allowed
632							]
633
634							=item * allow_singlequote
635
636							Single quotes are accepted instead of double quotes. See the
637							L option.
638
639							{ "foo":'bar' }
640							{ 'foo':"bar" }
641							{ 'foo':'bar' }
642
643							=item * allow_barekey
644
645							Accept unquoted object keys instead of with mandatory double quotes. See the
646							L option.
647
648							{ foo:"bar" }
649
650							=item * allow_dupkeys
651
652							Allow decoding of duplicate keys in hashes. By default duplicate keys are forbidden.
653							See L:
654							RFC 7159 section 4: "The names within an object should be unique."
655							See the L option.
656
657							=back
658
659
660							=item $json = $json->canonical ([$enable])
661
662							=item $enabled = $json->get_canonical
663
664							If C<$enable> is true (or missing), then the C method will
665							output JSON objects by sorting their keys. This is adding a
666							comparatively high overhead.
667
668							If C<$enable> is false, then the C method will output key-value
669							pairs in the order Perl stores them (which will likely change between runs
670							of the same script, and can change even within the same run from 5.18
671							onwards).
672
673							This option is useful if you want the same data structure to be encoded as
674							the same JSON text (given the same overall settings). If it is disabled,
675							the same hash might be encoded differently even if contains the same data,
676							as key-value pairs have no inherent ordering in Perl.
677
678							This setting has no effect when decoding JSON texts.
679
680							This setting has currently no effect on tied hashes.
681
682
683							=item $json = $json->sort_by (undef, 0, 1 or a block)
684
685							This currently only (un)sets the C option, and ignores
686							custom sort blocks.
687
688							This setting has no effect when decoding JSON texts.
689
690							This setting has currently no effect on tied hashes.
691
692
693							=item $json = $json->escape_slash ([$enable])
694
695							=item $enabled = $json->get_escape_slash
696
697							According to the JSON Grammar, the I character (U+002F)
698							C<"/"> need to be escaped. But by default strings are encoded without
699							escaping slashes in all perl JSON encoders.
700
701							If C<$enable> is true (or missing), then C will escape slashes,
702							C<"\/">.
703
704							This setting has no effect when decoding JSON texts.
705
706
707							=item $json = $json->unblessed_bool ([$enable])
708
709							=item $enabled = $json->get_unblessed_bool
710
711							$json = $json->unblessed_bool([$enable])
712
713							If C<$enable> is true (or missing), then C will return
714							Perl non-object boolean variables (1 and 0) for JSON booleans
715							(C and C). If C<$enable> is false, then C
716							will return C objects for JSON booleans.
717
718
719							=item $json = $json->allow_singlequote ([$enable])
720
721							=item $enabled = $json->get_allow_singlequote
722
723							$json = $json->allow_singlequote([$enable])
724
725							If C<$enable> is true (or missing), then C will accept
726							JSON strings quoted by single quotations that are invalid JSON
727							format.
728
729							$json->allow_singlequote->decode({"foo":'bar'});
730							$json->allow_singlequote->decode({'foo':"bar"});
731							$json->allow_singlequote->decode({'foo':'bar'});
732
733							This is also enabled with C.
734							As same as the C option, this option may be used to parse
735							application-specific files written by humans.
736
737
738							=item $json = $json->allow_barekey ([$enable])
739
740							=item $enabled = $json->get_allow_barekey
741
742							$json = $json->allow_barekey([$enable])
743
744							If C<$enable> is true (or missing), then C will accept
745							bare keys of JSON object that are invalid JSON format.
746
747							Same as with the C option, this option may be used to parse
748							application-specific files written by humans.
749
750							$json->allow_barekey->decode('{foo:"bar"}');
751
752							=item $json = $json->allow_bignum ([$enable])
753
754							=item $enabled = $json->get_allow_bignum
755
756							$json = $json->allow_bignum([$enable])
757
758							If C<$enable> is true (or missing), then C will convert
759							the big integer Perl cannot handle as integer into a L
760							object and convert a floating number (any) into a L.
761
762							On the contrary, C converts C objects and
763							C objects into JSON numbers with C
764							enable.
765
766							$json->allow_nonref->allow_blessed->allow_bignum;
767							$bigfloat = $json->decode('2.000000000000000000000000001');
768							print $json->encode($bigfloat);
769							# => 2.000000000000000000000000001
770
771							See L about the normal conversion of JSON number.
772
773
774							=item $json = $json->allow_bigint ([$enable])
775
776							This option is obsolete and replaced by allow_bignum.
777
778
779							=item $json = $json->allow_nonref ([$enable])
780
781							=item $enabled = $json->get_allow_nonref
782
783							If C<$enable> is true (or missing), then the C method can
784							convert a non-reference into its corresponding string, number or null
785							JSON value, which is an extension to RFC4627. Likewise, C will
786							accept those JSON values instead of croaking.
787
788							If C<$enable> is false, then the C method will croak if it isn't
789							passed an arrayref or hashref, as JSON texts must either be an object
790							or array. Likewise, C will croak if given something that is not a
791							JSON object or array.
792
793							Example, encode a Perl scalar as JSON value with enabled C,
794							resulting in an invalid JSON text:
795
796							Cpanel::JSON::XS->new->allow_nonref->encode ("Hello, World!")
797							=> "Hello, World!"
798
799							=item $json = $json->allow_unknown ([$enable])
800
801							=item $enabled = $json->get_allow_unknown
802
803							If C<$enable> is true (or missing), then C will I throw an
804							exception when it encounters values it cannot represent in JSON (for
805							example, filehandles) but instead will encode a JSON C value. Note
806							that blessed objects are not included here and are handled separately by
807							c.
808
809							If C<$enable> is false (the default), then C will throw an
810							exception when it encounters anything it cannot encode as JSON.
811
812							This option does not affect C in any way, and it is recommended to
813							leave it off unless you know your communications partner.
814
815							=item $json = $json->allow_stringify ([$enable])
816
817							=item $enabled = $json->get_allow_stringify
818
819							If C<$enable> is true (or missing), then C will stringify the
820							non-object perl value or reference. Note that blessed objects are not
821							included here and are handled separately by C and
822							C. String references are stringified to the string
823							value, other references as in perl.
824
825							This option does not affect C in any way.
826
827							This option is special to this module, it is not supported by other
828							encoders. So it is not recommended to use it.
829
830							=item $json = $json->require_types ([$enable])
831
832							=item $enable = $json->get_require_types
833
834							$json = $json->require_types([$enable])
835
836							If C<$enable> is true (or missing), then C will require
837							second argument with supplied JSON types. See L.
838							When second argument is not provided (or is undef), then C
839							croaks. It also croaks when the type for provided structure in
840							C is incomplete.
841
842							=item $json = $json->allow_dupkeys ([$enable])
843
844							=item $enabled = $json->get_allow_dupkeys
845
846							If C<$enable> is true (or missing), then the C method will not
847							die when it encounters duplicate keys in a hash.
848							C is also enabled in the C mode.
849
850							The JSON spec allows duplicate name in objects but recommends to
851							disable it, however with Perl hashes they are impossible, parsing
852							JSON in Perl silently ignores duplicate names, using the last value
853							found.
854
855							See L:
856							RFC 7159 section 4: "The names within an object should be unique."
857
858							=item $json = $json->allow_blessed ([$enable])
859
860							=item $enabled = $json->get_allow_blessed
861
862							If C<$enable> is true (or missing), then the C method will not
863							barf when it encounters a blessed reference. Instead, the value of the
864							B option will decide whether C (C
865							disabled or no C method found) or a representation of the
866							object (C enabled and C method found) is being
867							encoded. Has no effect on C.
868
869							If C<$enable> is false (the default), then C will throw an
870							exception when it encounters a blessed object.
871
872							This setting has no effect on C.
873
874							=item $json = $json->convert_blessed ([$enable])
875
876							=item $enabled = $json->get_convert_blessed
877
878							If C<$enable> is true (or missing), then C, upon encountering a
879							blessed object, will check for the availability of the C method
880							on the object's class. If found, it will be called in scalar context
881							and the resulting scalar will be encoded instead of the object. If no
882							C method is found, a stringification overload method is tried next.
883							If both are not found, the value of C will decide what
884							to do.
885
886							The C method may safely call die if it wants. If C
887							returns other blessed objects, those will be handled in the same
888							way. C must take care of not causing an endless recursion
889							cycle (== crash) in this case. The same care must be taken with
890							calling encode in stringify overloads (even if this works by luck in
891							older perls) or other callbacks. The name of C was chosen
892							because other methods called by the Perl core (== not by the user of
893							the object) are usually in upper case letters and to avoid collisions
894							with any C function or method.
895
896							If C<$enable> is false (the default), then C will not consider
897							this type of conversion.
898
899							This setting has no effect on C.
900
901							=item $json = $json->allow_tags ([$enable])
902
903							=item $enabled = $json->get_allow_tags
904
905							See L
906
907							If C<$enable> is true (or missing), then C, upon encountering a
908							blessed object, will check for the availability of the C method on
909							the object's class. If found, it will be used to serialize the object into
910							a nonstandard tagged JSON value (that JSON decoders cannot decode).
911
912							It also causes C to parse such tagged JSON values and deserialize
913							them via a call to the C method.
914
915							If C<$enable> is false (the default), then C will not consider
916							this type of conversion, and tagged JSON values will cause a parse error
917							in C, as if tags were not part of the grammar.
918
919							=item $json = $json->filter_json_object ([$coderef->($hashref)])
920
921							When C<$coderef> is specified, it will be called from C each
922							time it decodes a JSON object. The only argument is a reference to the
923							newly-created hash. If the code references returns a single scalar (which
924							need not be a reference), this value (i.e. a copy of that scalar to avoid
925							aliasing) is inserted into the deserialized data structure. If it returns
926							an empty list (NOTE: I C, which is a valid scalar), the
927							original deserialized hash will be inserted. This setting can slow down
928							decoding considerably.
929
930							When C<$coderef> is omitted or undefined, any existing callback will
931							be removed and C will not change the deserialized hash in any
932							way.
933
934							Example, convert all JSON objects into the integer 5:
935
936							my $js = Cpanel::JSON::XS->new->filter_json_object (sub { 5 });
937							# returns [5]
938							$js->decode ('[{}]')
939							# throw an exception because allow_nonref is not enabled
940							# so a lone 5 is not allowed.
941							$js->decode ('{"a":1, "b":2}');
942
943							=item $json = $json->filter_json_single_key_object ($key [=> $coderef->($value)])
944
945							Works remotely similar to C, but is only called for
946							JSON objects having a single key named C<$key>.
947
948							This C<$coderef> is called before the one specified via
949							C, if any. It gets passed the single value in the JSON
950							object. If it returns a single value, it will be inserted into the data
951							structure. If it returns nothing (not even C but the empty list),
952							the callback from C will be called next, as if no
953							single-key callback were specified.
954
955							If C<$coderef> is omitted or undefined, the corresponding callback will be
956							disabled. There can only ever be one callback for a given key.
957
958							As this callback gets called less often then the C
959							one, decoding speed will not usually suffer as much. Therefore, single-key
960							objects make excellent targets to serialize Perl objects into, especially
961							as single-key JSON objects are as close to the type-tagged value concept
962							as JSON gets (it's basically an ID/VALUE tuple). Of course, JSON does not
963							support this in any way, so you need to make sure your data never looks
964							like a serialized Perl hash.
965
966							Typical names for the single object key are C<__class_whatever__>, or
967							C<$__dollars_are_rarely_used__$> or C<}ugly_brace_placement>, or even
968							things like C<__class_md5sum(classname)__>, to reduce the risk of clashing
969							with real hashes.
970
971							Example, decode JSON objects of the form C<< { "__widget__" => } >>
972							into the corresponding C<< $WIDGET{} >> object:
973
974							# return whatever is in $WIDGET{5}:
975							Cpanel::JSON::XS
976							->new
977							->filter_json_single_key_object (__widget__ => sub {
978							$WIDGET{ $_[0] }
979							})
980							->decode ('{"__widget__": 5')
981
982							# this can be used with a TO_JSON method in some "widget" class
983							# for serialization to json:
984							sub WidgetBase::TO_JSON {
985							my ($self) = @_;
986
987							unless ($self->{id}) {
988							$self->{id} = ..get..some..id..;
989							$WIDGET{$self->{id}} = $self;
990							}
991
992							{ __widget__ => $self->{id} }
993							}
994
995							=item $json = $json->shrink ([$enable])
996
997							=item $enabled = $json->get_shrink
998
999							Perl usually over-allocates memory a bit when allocating space for
1000							strings. This flag optionally resizes strings generated by either
1001							C or C to their minimum size possible. This can save
1002							memory when your JSON texts are either very very long or you have many
1003							short strings. It will also try to downgrade any strings to octet-form
1004							if possible: perl stores strings internally either in an encoding called
1005							UTF-X or in octet-form. The latter cannot store everything but uses less
1006							space in general (and some buggy Perl or C code might even rely on that
1007							internal representation being used).
1008
1009							The actual definition of what shrink does might change in future versions,
1010							but it will always try to save space at the expense of time.
1011
1012							If C<$enable> is true (or missing), the string returned by C will
1013							be shrunk-to-fit, while all strings generated by C will also be
1014							shrunk-to-fit.
1015
1016							If C<$enable> is false, then the normal perl allocation algorithms are used.
1017							If you work with your data, then this is likely to be faster.
1018
1019							In the future, this setting might control other things, such as converting
1020							strings that look like integers or floats into integers or floats
1021							internally (there is no difference on the Perl level), saving space.
1022
1023							=item $json = $json->max_depth ([$maximum_nesting_depth])
1024
1025							=item $max_depth = $json->get_max_depth
1026
1027							Sets the maximum nesting level (default C<512>) accepted while encoding
1028							or decoding. If a higher nesting level is detected in JSON text or a Perl
1029							data structure, then the encoder and decoder will stop and croak at that
1030							point.
1031
1032							Nesting level is defined by number of hash- or arrayrefs that the encoder
1033							needs to traverse to reach a given point or the number of C<{> or C<[>
1034							characters without their matching closing parenthesis crossed to reach a
1035							given character in a string.
1036
1037							Setting the maximum depth to one disallows any nesting, so that ensures
1038							that the object is only a single hash/object or array.
1039
1040							If no argument is given, the highest possible setting will be used, which
1041							is rarely useful.
1042
1043							Note that nesting is implemented by recursion in C. The default value has
1044							been chosen to be as large as typical operating systems allow without
1045							crashing.
1046
1047							See SECURITY CONSIDERATIONS, below, for more info on why this is useful.
1048
1049							=item $json = $json->max_size ([$maximum_string_size])
1050
1051							=item $max_size = $json->get_max_size
1052
1053							Set the maximum length a JSON text may have (in bytes) where decoding is
1054							being attempted. The default is C<0>, meaning no limit. When C
1055							is called on a string that is longer then this many bytes, it will not
1056							attempt to decode the string but throw an exception. This setting has no
1057							effect on C (yet).
1058
1059							If no argument is given, the limit check will be deactivated (same as when
1060							C<0> is specified).
1061
1062							See L, below, for more info on why this is useful.
1063
1064							=item $json->stringify_infnan ([$infnan_mode = 1])
1065
1066							=item $infnan_mode = $json->get_stringify_infnan
1067
1068							Get or set how Cpanel::JSON::XS encodes C, C<-inf> or C for numeric
1069							values. Also qnan, snan or negative nan on some platforms.
1070
1071							C: infnan_mode = 0. Similar to most JSON modules in other languages.
1072							Always null.
1073
1074							stringified: infnan_mode = 1. As in Mojo::JSON. Platform specific strings.
1075							Stringified via sprintf(%g), with double quotes.
1076
1077							inf/nan: infnan_mode = 2. As in JSON::XS, and older releases.
1078							Passes through platform dependent values, invalid JSON. Stringified via
1079							sprintf(%g), but without double quotes.
1080
1081							"inf/-inf/nan": infnan_mode = 3. Platform independent inf/nan/-inf
1082							strings. No QNAN/SNAN/negative NAN support, unified to "nan". Much
1083							easier to detect, but may conflict with valid strings.
1084
1085							=item $json_text = $json->encode ($perl_scalar, $json_type)
1086
1087							Converts the given Perl data structure (a simple scalar or a reference
1088							to a hash or array) to its JSON representation. Simple scalars will be
1089							converted into JSON string or number sequences, while references to
1090							arrays become JSON arrays and references to hashes become JSON
1091							objects. Undefined Perl values (e.g. C) become JSON C
1092							values. Neither C nor C values will be generated.
1093
1094							For the type argument see L.
1095
1096							=item $perl_scalar = $json->decode ($json_text, my $json_type)
1097
1098							The opposite of C: expects a JSON text and tries to parse it,
1099							returning the resulting simple scalar or reference. Croaks on error.
1100
1101							JSON numbers and strings become simple Perl scalars. JSON arrays become
1102							Perl arrayrefs and JSON objects become Perl hashrefs. C becomes
1103							C<1>, C becomes C<0> and C becomes C.
1104
1105							For the type argument see L.
1106
1107							=item ($perl_scalar, $characters) = $json->decode_prefix ($json_text)
1108
1109							This works like the C method, but instead of raising an exception
1110							when there is trailing garbage after the first JSON object, it will
1111							silently stop parsing there and return the number of characters consumed
1112							so far.
1113
1114							This is useful if your JSON texts are not delimited by an outer protocol
1115							and you need to know where the JSON text ends.
1116
1117							Cpanel::JSON::XS->new->decode_prefix ("[1] the tail")
1118							=> ([1], 3)
1119
1120							=item $json->to_json ($perl_hash_or_arrayref)
1121
1122							Deprecated method for perl 5.8 and newer. Use L instead.
1123
1124							=item $json->from_json ($utf8_encoded_json_text)
1125
1126							Deprecated method for perl 5.8 and newer. Use L instead.
1127
1128							=back
1129
1130
1131							=head1 INCREMENTAL PARSING
1132
1133							In some cases, there is the need for incremental parsing of JSON
1134							texts. While this module always has to keep both JSON text and resulting
1135							Perl data structure in memory at one time, it does allow you to parse a
1136							JSON stream incrementally. It does so by accumulating text until it has
1137							a full JSON object, which it then can decode. This process is similar to
1138							using C to see if a full JSON object is available, but
1139							is much more efficient (and can be implemented with a minimum of method
1140							calls).
1141
1142							Cpanel::JSON::XS will only attempt to parse the JSON text once it is
1143							sure it has enough text to get a decisive result, using a very simple
1144							but truly incremental parser. This means that it sometimes won't stop
1145							as early as the full parser, for example, it doesn't detect mismatched
1146							parentheses. The only thing it guarantees is that it starts decoding
1147							as soon as a syntactically valid JSON text has been seen. This means
1148							you need to set resource limits (e.g. C) to ensure the
1149							parser will stop parsing in the presence if syntax errors.
1150
1151							The following methods implement this incremental parser.
1152
1153							=over 4
1154
1155							=item [void, scalar or list context] = $json->incr_parse ([$string])
1156
1157							This is the central parsing function. It can both append new text and
1158							extract objects from the stream accumulated so far (both of these
1159							functions are optional).
1160
1161							If C<$string> is given, then this string is appended to the already
1162							existing JSON fragment stored in the C<$json> object.
1163
1164							After that, if the function is called in void context, it will simply
1165							return without doing anything further. This can be used to add more text
1166							in as many chunks as you want.
1167
1168							If the method is called in scalar context, then it will try to extract
1169							exactly I JSON object. If that is successful, it will return this
1170							object, otherwise it will return C. If there is a parse error,
1171							this method will croak just as C would do (one can then use
1172							C to skip the erroneous part). This is the most common way of
1173							using the method.
1174
1175							And finally, in list context, it will try to extract as many objects
1176							from the stream as it can find and return them, or the empty list
1177							otherwise. For this to work, there must be no separators between the JSON
1178							objects or arrays, instead they must be concatenated back-to-back. If
1179							an error occurs, an exception will be raised as in the scalar context
1180							case. Note that in this case, any previously-parsed JSON texts will be
1181							lost.
1182
1183							Example: Parse some JSON arrays/objects in a given string and return
1184							them.
1185
1186							my @objs = Cpanel::JSON::XS->new->incr_parse ("[5][7][1,2]");
1187
1188							=item $lvalue_string = $json->incr_text (>5.8 only)
1189
1190							This method returns the currently stored JSON fragment as an lvalue, that
1191							is, you can manipulate it. This I works when a preceding call to
1192							C in I successfully returned an object, and
1193							2. only with Perl >= 5.8
1194
1195							Under all other circumstances you must not call this function (I mean
1196							it. although in simple tests it might actually work, it I fail
1197							under real world conditions). As a special exception, you can also
1198							call this method before having parsed anything.
1199
1200							This function is useful in two cases: a) finding the trailing text after a
1201							JSON object or b) parsing multiple JSON objects separated by non-JSON text
1202							(such as commas).
1203
1204							=item $json->incr_skip
1205
1206							This will reset the state of the incremental parser and will remove
1207							the parsed text from the input buffer so far. This is useful after
1208							C died, in which case the input buffer and incremental parser
1209							state is left unchanged, to skip the text parsed so far and to reset the
1210							parse state.
1211
1212							The difference to C is that only text until the parse error
1213							occurred is removed.
1214
1215							=item $json->incr_reset
1216
1217							This completely resets the incremental parser, that is, after this call,
1218							it will be as if the parser had never parsed anything.
1219
1220							This is useful if you want to repeatedly parse JSON objects and want to
1221							ignore any trailing data, which means you have to reset the parser after
1222							each successful decode.
1223
1224							=back
1225
1226							=head2 LIMITATIONS
1227
1228							All options that affect decoding are supported, except
1229							C. The reason for this is that it cannot be made to work
1230							sensibly: JSON objects and arrays are self-delimited, i.e. you can
1231							concatenate them back to back and still decode them perfectly. This
1232							does not hold true for JSON numbers, however.
1233
1234							For example, is the string C<1> a single JSON number, or is it simply
1235							the start of C<12>? Or is C<12> a single JSON number, or the
1236							concatenation of C<1> and C<2>? In neither case you can tell, and this
1237							is why Cpanel::JSON::XS takes the conservative route and disallows
1238							this case.
1239
1240							=head2 EXAMPLES
1241
1242							Some examples will make all this clearer. First, a simple example that
1243							works similarly to C: We want to decode the JSON object at
1244							the start of a string and identify the portion after the JSON object:
1245
1246							my $text = "[1,2,3] hello";
1247
1248							my $json = new Cpanel::JSON::XS;
1249
1250							my $obj = $json->incr_parse ($text)
1251							or die "expected JSON object or array at beginning of string";
1252
1253							my $tail = $json->incr_text;
1254							# $tail now contains " hello"
1255
1256							Easy, isn't it?
1257
1258							Now for a more complicated example: Imagine a hypothetical protocol where
1259							you read some requests from a TCP stream, and each request is a JSON
1260							array, without any separation between them (in fact, it is often useful to
1261							use newlines as "separators", as these get interpreted as whitespace at
1262							the start of the JSON text, which makes it possible to test said protocol
1263							with C...).
1264
1265							Here is how you'd do it (it is trivial to write this in an event-based
1266							manner):
1267
1268							my $json = new Cpanel::JSON::XS;
1269
1270							# read some data from the socket
1271							while (sysread $socket, my $buf, 4096) {
1272
1273							# split and decode as many requests as possible
1274							for my $request ($json->incr_parse ($buf)) {
1275							# act on the $request
1276							}
1277							}
1278
1279							Another complicated example: Assume you have a string with JSON objects
1280							or arrays, all separated by (optional) comma characters (e.g. C<[1],[2],
1281							[3]>). To parse them, we have to skip the commas between the JSON texts,
1282							and here is where the lvalue-ness of C comes in useful:
1283
1284							my $text = "[1],[2], [3]";
1285							my $json = new Cpanel::JSON::XS;
1286
1287							# void context, so no parsing done
1288							$json->incr_parse ($text);
1289
1290							# now extract as many objects as possible. note the
1291							# use of scalar context so incr_text can be called.
1292							while (my $obj = $json->incr_parse) {
1293							# do something with $obj
1294
1295							# now skip the optional comma
1296							$json->incr_text =~ s/^ \s* , //x;
1297							}
1298
1299							Now lets go for a very complex example: Assume that you have a gigantic
1300							JSON array-of-objects, many gigabytes in size, and you want to parse it,
1301							but you cannot load it into memory fully (this has actually happened in
1302							the real world :).
1303
1304							Well, you lost, you have to implement your own JSON parser. But
1305							Cpanel::JSON::XS can still help you: You implement a (very simple)
1306							array parser and let JSON decode the array elements, which are all
1307							full JSON objects on their own (this wouldn't work if the array
1308							elements could be JSON numbers, for example):
1309
1310							my $json = new Cpanel::JSON::XS;
1311
1312							# open the monster
1313							open my $fh, "
1314							or die "bigfile: $!";
1315
1316							# first parse the initial "["
1317							for (;;) {
1318							sysread $fh, my $buf, 65536
1319							or die "read error: $!";
1320							$json->incr_parse ($buf); # void context, so no parsing
1321
1322							# Exit the loop once we found and removed(!) the initial "[".
1323							# In essence, we are (ab-)using the $json object as a simple scalar
1324							# we append data to.
1325							last if $json->incr_text =~ s/^ \s* \[ //x;
1326							}
1327
1328							# now we have the skipped the initial "[", so continue
1329							# parsing all the elements.
1330							for (;;) {
1331							# in this loop we read data until we got a single JSON object
1332							for (;;) {
1333							if (my $obj = $json->incr_parse) {
1334							# do something with $obj
1335							last;
1336							}
1337
1338							# add more data
1339							sysread $fh, my $buf, 65536
1340							or die "read error: $!";
1341							$json->incr_parse ($buf); # void context, so no parsing
1342							}
1343
1344							# in this loop we read data until we either found and parsed the
1345							# separating "," between elements, or the final "]"
1346							for (;;) {
1347							# first skip whitespace
1348							$json->incr_text =~ s/^\s*//;
1349
1350							# if we find "]", we are done
1351							if ($json->incr_text =~ s/^\]//) {
1352							print "finished.\n";
1353							exit;
1354							}
1355
1356							# if we find ",", we can continue with the next element
1357							if ($json->incr_text =~ s/^,//) {
1358							last;
1359							}
1360
1361							# if we find anything else, we have a parse error!
1362							if (length $json->incr_text) {
1363							die "parse error near ", $json->incr_text;
1364							}
1365
1366							# else add more data
1367							sysread $fh, my $buf, 65536
1368							or die "read error: $!";
1369							$json->incr_parse ($buf); # void context, so no parsing
1370							}
1371
1372							This is a complex example, but most of the complexity comes from the fact
1373							that we are trying to be correct (bear with me if I am wrong, I never ran
1374							the above example :).
1375
1376							=head1 BOM
1377
1378							Detect all unicode B on decode.
1379							Which are UTF-8, UTF-16LE, UTF-16BE, UTF-32LE and UTF-32BE.
1380
1381							The BOM encoding is set only for one specific decode call, it does not
1382							change the state of the JSON object.
1383
1384							B: With perls older than 5.20 you need load the Encode module
1385							before loading a multibyte BOM, i.e. >= UTF-16. Otherwise an error is
1386							thrown. This is an implementation limitation and might get fixed later.
1387
1388							See L
1389							I<"JSON text SHALL be encoded in UTF-8, UTF-16, or UTF-32.">
1390
1391							I<"Implementations MUST NOT add a byte order mark to the beginning of a
1392							JSON text", "implementations (...) MAY ignore the presence of a byte
1393							order mark rather than treating it as an error".>
1394
1395							See also L.
1396
1397							Beware that Cpanel::JSON::XS is currently the only JSON module which
1398							does accept and decode a BOM.
1399
1400							The latest JSON spec
1401							L
1402							forbid the usage of UTF-16 or UTF-32, the character encoding is UTF-8.
1403							Thus in subsequent updates BOM's of UTF-16 or UTF-32 will throw an error.
1404
1405							=head1 MAPPING
1406
1407							This section describes how Cpanel::JSON::XS maps Perl values to JSON
1408							values and vice versa. These mappings are designed to "do the right
1409							thing" in most circumstances automatically, preserving round-tripping
1410							characteristics (what you put in comes out as something equivalent).
1411
1412							For the more enlightened: note that in the following descriptions,
1413							lowercase I refers to the Perl interpreter, while uppercase I
1414							refers to the abstract Perl language itself.
1415
1416
1417							=head2 JSON -> PERL
1418
1419							=over 4
1420
1421							=item object
1422
1423							A JSON object becomes a reference to a hash in Perl. No ordering of object
1424							keys is preserved (JSON does not preserve object key ordering itself).
1425
1426							=item array
1427
1428							A JSON array becomes a reference to an array in Perl.
1429
1430							=item string
1431
1432							A JSON string becomes a string scalar in Perl - Unicode codepoints in JSON
1433							are represented by the same codepoints in the Perl string, so no manual
1434							decoding is necessary.
1435
1436							=item number
1437
1438							A JSON number becomes either an integer, numeric (floating point) or
1439							string scalar in perl, depending on its range and any fractional parts. On
1440							the Perl level, there is no difference between those as Perl handles all
1441							the conversion details, but an integer may take slightly less memory and
1442							might represent more values exactly than floating point numbers.
1443
1444							If the number consists of digits only, Cpanel::JSON::XS will try to
1445							represent it as an integer value. If that fails, it will try to
1446							represent it as a numeric (floating point) value if that is possible
1447							without loss of precision. Otherwise it will preserve the number as a
1448							string value (in which case you lose roundtripping ability, as the
1449							JSON number will be re-encoded to a JSON string).
1450
1451							Numbers containing a fractional or exponential part will always be
1452							represented as numeric (floating point) values, possibly at a loss of
1453							precision (in which case you might lose perfect roundtripping ability, but
1454							the JSON number will still be re-encoded as a JSON number).
1455
1456							Note that precision is not accuracy - binary floating point values
1457							cannot represent most decimal fractions exactly, and when converting
1458							from and to floating point, C only guarantees precision
1459							up to but not including the least significant bit.
1460
1461							=item true, false
1462
1463							When C is set to true, then JSON C becomes C<1> and
1464							JSON C becomes C<0>.
1465
1466							Otherwise these JSON atoms become C and
1467							C, respectively. They are C
1468							objects and are overloaded to act almost exactly like the numbers C<1>
1469							and C<0>. You can check whether a scalar is a JSON boolean by using
1470							the C function.
1471
1472							The other round, from perl to JSON, C which is represented as
1473							C becomes C, and C which is represented as
1474							C becomes C.
1475
1476							Via L you can now even force negation in C,
1477							without overloading of C:
1478
1479							my $false = Cpanel::JSON::XS::false;
1480							print($json->encode([!$false], [JSON_TYPE_BOOL]));
1481							=> [true]
1482
1483							=item null
1484
1485							A JSON null atom becomes C in Perl.
1486
1487							=item shell-style comments (C<< # I >>)
1488
1489							As a nonstandard extension to the JSON syntax that is enabled by the
1490							C setting, shell-style comments are allowed. They can start
1491							anywhere outside strings and go till the end of the line.
1492
1493							=item tagged values (C<< (I)I >>).
1494
1495							Another nonstandard extension to the JSON syntax, enabled with the
1496							C setting, are tagged values. In this implementation, the
1497							I must be a perl package/class name encoded as a JSON string, and the
1498							I must be a JSON array encoding optional constructor arguments.
1499
1500							See L
1501
1502							=back
1503
1504
1505							=head2 PERL -> JSON
1506
1507							The mapping from Perl to JSON is slightly more difficult, as Perl is a
1508							truly typeless language, so we can only guess which JSON type is meant by
1509							a Perl value.
1510
1511							=over 4
1512
1513							=item hash references
1514
1515							Perl hash references become JSON objects. As there is no inherent ordering
1516							in hash keys (or JSON objects), they will usually be encoded in a
1517							pseudo-random order that can change between runs of the same program but
1518							stays generally the same within a single run of a program. Cpanel::JSON::XS can
1519							optionally sort the hash keys (determined by the I flag), so
1520							the same datastructure will serialize to the same JSON text (given same
1521							settings and version of Cpanel::JSON::XS), but this incurs a runtime overhead
1522							and is only rarely useful, e.g. when you want to compare some JSON text
1523							against another for equality.
1524
1525							=item array references
1526
1527							Perl array references become JSON arrays.
1528
1529							=item other references
1530
1531							Other unblessed references are generally not allowed and will cause an
1532							exception to be thrown, except for references to the integers C<0> and
1533							C<1>, which get turned into C and C atoms in JSON.
1534
1535							With the option C, you can ignore the exception and return
1536							the stringification of the perl value.
1537
1538							With the option C, you can ignore the exception and
1539							return C instead.
1540
1541							encode_json [\"x"] # => cannot encode reference to scalar 'SCALAR(0x..)'
1542							# unless the scalar is 0 or 1
1543							encode_json [\0, \1] # yields [false,true]
1544
1545							allow_stringify->encode_json [\"x"] # yields "x" unlike JSON::PP
1546							allow_unknown->encode_json [\"x"] # yields null as in JSON::PP
1547
1548							=item Cpanel::JSON::XS::true, Cpanel::JSON::XS::false
1549
1550							These special values become JSON true and JSON false values,
1551							respectively. You can also use C<\1> and C<\0> or C and C
1552							directly if you want.
1553
1554							encode_json [Cpanel::JSON::XS::false, Cpanel::JSON::XS::true] # yields [false,true]
1555							encode_json [!1, !0] # yields [false,true]
1556
1557							eq/ne comparisons with true, false:
1558
1559							false is eq to the empty string or the string 'false' or the special
1560							empty string C, i.e. C, or the numbers 0 or 0.0.
1561
1562							true is eq to the string 'true' or to the special string C
1563							(i.e. C) or to the numbers 1 or 1.0.
1564
1565							=item blessed objects
1566
1567							Blessed objects are not directly representable in JSON, but
1568							C allows various optional ways of handling
1569							objects. See L
1570
1571							See the C and C methods on various
1572							options on how to deal with this: basically, you can choose between
1573							throwing an exception, encoding the reference as if it weren't
1574							blessed, use the objects overloaded stringification method or provide
1575							your own serializer method.
1576
1577							=item simple scalars
1578
1579							Simple Perl scalars (any scalar that is not a reference) are the most
1580							difficult objects to encode: Cpanel::JSON::XS will encode undefined
1581							scalars or inf/nan as JSON C values and other scalars to either
1582							number or string in non-deterministic way which may be affected or
1583							changed by Perl version or any other loaded Perl module.
1584
1585							If you want to have stable and deterministic types in JSON encoder then
1586							use L.
1587
1588							Non-deterministic behavior is following: scalars that have last been
1589							used in a string context before encoding as JSON strings, and anything
1590							else as number value:
1591
1592							# dump as number
1593							encode_json [2] # yields [2]
1594							encode_json [-3.0e17] # yields [-3e+17]
1595							my $value = 5; encode_json [$value] # yields [5]
1596
1597							# used as string, but the two representations are for the same number
1598							print $value;
1599							encode_json [$value] # yields [5]
1600
1601							# used as different string (non-matching dual-var)
1602							my $str = '0 but true';
1603							my $num = 1 + $str;
1604							encode_json [$num, $str] # yields [1,"0 but true"]
1605
1606							# undef becomes null
1607							encode_json [undef] # yields [null]
1608
1609							# inf or nan becomes null, unless you answered
1610							# "Do you want to handle inf/nan as strings" with yes
1611							encode_json [999] # yields [null]
1612
1613							You can force the type to be a JSON string by stringifying it:
1614
1615							my $x = 3.1; # some variable containing a number
1616							"$x"; # stringified
1617							$x .= ""; # another, more awkward way to stringify
1618							print $x; # perl does it for you, too, quite often
1619
1620							You can force the type to be a JSON number by numifying it:
1621
1622							my $x = "3"; # some variable containing a string
1623							$x += 0; # numify it, ensuring it will be dumped as a number
1624							$x *= 1; # same thing, the choice is yours.
1625
1626							Note that numerical precision has the same meaning as under Perl (so
1627							binary to decimal conversion follows the same rules as in Perl, which
1628							can differ to other languages). Also, your perl interpreter might expose
1629							extensions to the floating point numbers of your platform, such as
1630							infinities or NaN's - these cannot be represented in JSON, and thus
1631							null is returned instead. Optionally you can configure it to stringify
1632							inf and nan values.
1633
1634							=back
1635
1636							=head2 OBJECT SERIALIZATION
1637
1638							As JSON cannot directly represent Perl objects, you have to choose between
1639							a pure JSON representation (without the ability to deserialize the object
1640							automatically again), and a nonstandard extension to the JSON syntax,
1641							tagged values.
1642
1643							=head3 SERIALIZATION
1644
1645							What happens when C encounters a Perl object depends
1646							on the C, C and C
1647							settings, which are used in this order:
1648
1649							=over 4
1650
1651							=item 1. C is enabled and the object has a C method.
1652
1653							In this case, C uses the L object
1654							serialization protocol to create a tagged JSON value, using a nonstandard
1655							extension to the JSON syntax.
1656
1657							This works by invoking the C method on the object, with the first
1658							argument being the object to serialize, and the second argument being the
1659							constant string C to distinguish it from other serializers.
1660
1661							The C method can return any number of values (i.e. zero or
1662							more). These values and the paclkage/classname of the object will then be
1663							encoded as a tagged JSON value in the following format:
1664
1665							("classname")[FREEZE return values...]
1666
1667							e.g.:
1668
1669							("URI")["http://www.google.com/"]
1670							("MyDate")[2013,10,29]
1671							("ImageData::JPEG")["Z3...VlCg=="]
1672
1673							For example, the hypothetical C C method might use the
1674							objects C and C members to encode the object:
1675
1676							sub My::Object::FREEZE {
1677							my ($self, $serializer) = @_;
1678
1679							($self->{type}, $self->{id})
1680							}
1681
1682							=item 2. C is enabled and the object has a C method.
1683
1684							In this case, the C method of the object is invoked in scalar
1685							context. It must return a single scalar that can be directly encoded into
1686							JSON. This scalar replaces the object in the JSON text.
1687
1688							For example, the following C method will convert all L
1689							objects to JSON strings when serialized. The fact that these values
1690							originally were L objects is lost.
1691
1692							sub URI::TO_JSON {
1693							my ($uri) = @_;
1694							$uri->as_string
1695							}
1696
1697							=item 2. C is enabled and the object has a stringification overload.
1698
1699							In this case, the overloaded C<""> method of the object is invoked in scalar
1700							context. It must return a single scalar that can be directly encoded into
1701							JSON. This scalar replaces the object in the JSON text.
1702
1703							For example, the following C<""> method will convert all L
1704							objects to JSON strings when serialized. The fact that these values
1705							originally were L objects is lost.
1706
1707							package URI;
1708							use overload '""' => sub { shift->as_string };
1709
1710							=item 3. C is enabled.
1711
1712							The object will be serialized as a JSON null value.
1713
1714							=item 4. none of the above
1715
1716							If none of the settings are enabled or the respective methods are missing,
1717							C throws an exception.
1718
1719							=back
1720
1721							=head3 DESERIALIZATION
1722
1723							For deserialization there are only two cases to consider: either
1724							nonstandard tagging was used, in which case C decides,
1725							or objects cannot be automatically be deserialized, in which
1726							case you can use postprocessing or the C or
1727							C callbacks to get some real objects our of
1728							your JSON.
1729
1730							This section only considers the tagged value case: I a tagged JSON object
1731							is encountered during decoding and C is disabled, a parse
1732							error will result (as if tagged values were not part of the grammar).
1733
1734							If C is enabled, C will look up the C method
1735							of the package/classname used during serialization (it will not attempt
1736							to load the package as a Perl module). If there is no such method, the
1737							decoding will fail with an error.
1738
1739							Otherwise, the C method is invoked with the classname as first
1740							argument, the constant string C as second argument, and all the
1741							values from the JSON array (the values originally returned by the
1742							C method) as remaining arguments.
1743
1744							The method must then return the object. While technically you can return
1745							any Perl scalar, you might have to enable the C setting to
1746							make that work in all cases, so better return an actual blessed reference.
1747
1748							As an example, let's implement a C function that regenerates the
1749							C from the C example earlier:
1750
1751							sub My::Object::THAW {
1752							my ($class, $serializer, $type, $id) = @_;
1753
1754							$class->new (type => $type, id => $id)
1755							}
1756
1757							See the L section below. Allowing external
1758							json objects being deserialized to perl objects is usually a very bad
1759							idea.
1760
1761
1762							=head1 ENCODING/CODESET FLAG NOTES
1763
1764							The interested reader might have seen a number of flags that signify
1765							encodings or codesets - C, C, C and
1766							C. There seems to be some confusion on what these do, so here
1767							is a short comparison:
1768
1769							C controls whether the JSON text created by C (and expected
1770							by C) is UTF-8 encoded or not, while C and C only
1771							control whether C escapes character values outside their respective
1772							codeset range. Neither of these flags conflict with each other, although
1773							some combinations make less sense than others.
1774
1775							Care has been taken to make all flags symmetrical with respect to
1776							C and C, that is, texts encoded with any combination of
1777							these flag values will be correctly decoded when the same flags are used
1778							- in general, if you use different flag settings while encoding vs. when
1779							decoding you likely have a bug somewhere.
1780
1781							Below comes a verbose discussion of these flags. Note that a "codeset" is
1782							simply an abstract set of character-codepoint pairs, while an encoding
1783							takes those codepoint numbers and I them, in our case into
1784							octets. Unicode is (among other things) a codeset, UTF-8 is an encoding,
1785							and ISO-8859-1 (= latin 1) and ASCII are both codesets I encodings at
1786							the same time, which can be confusing.
1787
1788							=over 4
1789
1790							=item C flag disabled
1791
1792							When C is disabled (the default), then C/C generate
1793							and expect Unicode strings, that is, characters with high ordinal Unicode
1794							values (> 255) will be encoded as such characters, and likewise such
1795							characters are decoded as-is, no changes to them will be done, except
1796							"(re-)interpreting" them as Unicode codepoints or Unicode characters,
1797							respectively (to Perl, these are the same thing in strings unless you do
1798							funny/weird/dumb stuff).
1799
1800							This is useful when you want to do the encoding yourself (e.g. when you
1801							want to have UTF-16 encoded JSON texts) or when some other layer does
1802							the encoding for you (for example, when printing to a terminal using a
1803							filehandle that transparently encodes to UTF-8 you certainly do NOT want
1804							to UTF-8 encode your data first and have Perl encode it another time).
1805
1806							=item C flag enabled
1807
1808							If the C-flag is enabled, C/C will encode all
1809							characters using the corresponding UTF-8 multi-byte sequence, and will
1810							expect your input strings to be encoded as UTF-8, that is, no "character"
1811							of the input string must have any value > 255, as UTF-8 does not allow
1812							that.
1813
1814							The C flag therefore switches between two modes: disabled means you
1815							will get a Unicode string in Perl, enabled means you get an UTF-8 encoded
1816							octet/binary string in Perl.
1817
1818							=item C, C or C flags enabled
1819
1820							With C (or C) enabled, C will escape
1821							characters with ordinal values > 255 (> 127 with C) and encode
1822							the remaining characters as specified by the C flag.
1823							With C enabled, ordinal values > 255 are illegal.
1824
1825							If C is disabled, then the result is also correctly encoded in those
1826							character sets (as both are proper subsets of Unicode, meaning that a
1827							Unicode string with all character values < 256 is the same thing as a
1828							ISO-8859-1 string, and a Unicode string with all character values < 128 is
1829							the same thing as an ASCII string in Perl).
1830
1831							If C is enabled, you still get a correct UTF-8-encoded string,
1832							regardless of these flags, just some more characters will be escaped using
1833							C<\uXXXX> then before.
1834
1835							Note that ISO-8859-1-I strings are not compatible with UTF-8
1836							encoding, while ASCII-encoded strings are. That is because the ISO-8859-1
1837							encoding is NOT a subset of UTF-8 (despite the ISO-8859-1 I being
1838							a subset of Unicode), while ASCII is.
1839
1840							Surprisingly, C will ignore these flags and so treat all input
1841							values as governed by the C flag. If it is disabled, this allows you
1842							to decode ISO-8859-1- and ASCII-encoded strings, as both strict subsets of
1843							Unicode. If it is enabled, you can correctly decode UTF-8 encoded strings.
1844
1845							So neither C, C nor C are incompatible with the
1846							C flag - they only govern when the JSON output engine escapes a
1847							character or not.
1848
1849							The main use for C or C is to relatively efficiently
1850							store binary data as JSON, at the expense of breaking compatibility
1851							with most JSON decoders.
1852
1853							The main use for C is to force the output to not contain characters
1854							with values > 127, which means you can interpret the resulting string
1855							as UTF-8, ISO-8859-1, ASCII, KOI8-R or most about any character set and
1856							8-bit-encoding, and still get the same data structure back. This is useful
1857							when your channel for JSON transfer is not 8-bit clean or the encoding
1858							might be mangled in between (e.g. in mail), and works because ASCII is a
1859							proper subset of most 8-bit and multibyte encodings in use in the world.
1860
1861							=back
1862
1863
1864							=head2 JSON and ECMAscript
1865
1866							JSON syntax is based on how literals are represented in javascript (the
1867							not-standardized predecessor of ECMAscript) which is presumably why it is
1868							called "JavaScript Object Notation".
1869
1870							However, JSON is not a subset (and also not a superset of course) of
1871							ECMAscript (the standard) or javascript (whatever browsers actually
1872							implement).
1873
1874							If you want to use javascript's C function to "parse" JSON, you
1875							might run into parse errors for valid JSON texts, or the resulting data
1876							structure might not be queryable:
1877
1878							One of the problems is that U+2028 and U+2029 are valid characters inside
1879							JSON strings, but are not allowed in ECMAscript string literals, so the
1880							following Perl fragment will not output something that can be guaranteed
1881							to be parsable by javascript's C:
1882
1883							use Cpanel::JSON::XS;
1884
1885							print encode_json [chr 0x2028];
1886
1887							The right fix for this is to use a proper JSON parser in your javascript
1888							programs, and not rely on C (see for example Douglas Crockford's
1889							F parser).
1890
1891							If this is not an option, you can, as a stop-gap measure, simply encode to
1892							ASCII-only JSON:
1893
1894							use Cpanel::JSON::XS;
1895
1896							print Cpanel::JSON::XS->new->ascii->encode ([chr 0x2028]);
1897
1898							Note that this will enlarge the resulting JSON text quite a bit if you
1899							have many non-ASCII characters. You might be tempted to run some regexes
1900							to only escape U+2028 and U+2029, e.g.:
1901
1902							# DO NOT USE THIS!
1903							my $json = Cpanel::JSON::XS->new->utf8->encode ([chr 0x2028]);
1904							$json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028
1905							$json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029
1906							print $json;
1907
1908							Note that I: the above only works for U+2028 and
1909							U+2029 and thus only for fully ECMAscript-compliant parsers. Many existing
1910							javascript implementations, however, have issues with other characters as
1911							well - using C naively simply I cause problems.
1912
1913							Another problem is that some javascript implementations reserve
1914							some property names for their own purposes (which probably makes
1915							them non-ECMAscript-compliant). For example, Iceweasel reserves the
1916							C<__proto__> property name for its own purposes.
1917
1918							If that is a problem, you could parse try to filter the resulting JSON
1919							output for these property strings, e.g.:
1920
1921							$json =~ s/"__proto__"\s*:/"__proto__renamed":/g;
1922
1923							This works because C<__proto__> is not valid outside of strings, so every
1924							occurrence of C<"__proto__"\s*:> must be a string used as property name.
1925
1926							Unicode non-characters between U+FFFD and U+10FFFF are decoded either
1927							to the recommended U+FFFD REPLACEMENT CHARACTER (see Unicode PR #121:
1928							Recommended Practice for Replacement Characters), or in the binary or
1929							relaxed mode left as is, keeping the illegal non-characters as before.
1930
1931							Raw non-Unicode characters outside the valid unicode range fail now to
1932							parse, because "A string is a sequence of zero or more Unicode
1933							characters" RFC 7159 section 1 and "JSON text SHALL be encoded in
1934							Unicode RFC 7159 section 8.1. We use now the UTF8_DISALLOW_SUPER
1935							flag when parsing unicode.
1936
1937							If you know of other incompatibilities, please let me know.
1938
1939
1940							=head2 JSON and YAML
1941
1942							You often hear that JSON is a subset of YAML. I
1943							no way to configure JSON::XS to output a data structure as valid YAML>
1944							that works in all cases. If you really must use Cpanel::JSON::XS to
1945							generate YAML, you should use this algorithm (subject to change in
1946							future versions):
1947
1948							my $to_yaml = Cpanel::JSON::XS->new->utf8->space_after (1);
1949							my $yaml = $to_yaml->encode ($ref) . "\n";
1950
1951							This will I generate JSON texts that also parse as valid
1952							YAML.
1953
1954
1955							=head2 SPEED
1956
1957							It seems that JSON::XS is surprisingly fast, as shown in the following
1958							tables. They have been generated with the help of the C program
1959							in the JSON::XS distribution, to make it easy to compare on your own
1960							system.
1961
1962							JSON::XS is with L and L one of the fastest
1963							serializers, because JSON and JSON::XS do not support backrefs (no
1964							graph structures), only trees. Storable supports backrefs,
1965							i.e. graphs. Data::MessagePack encodes its data binary (as Storable)
1966							and supports only very simple subset of JSON.
1967
1968							First comes a comparison between various modules using
1969							a very short single-line JSON string (also available at
1970							L).
1971
1972							{"method": "handleMessage", "params": ["user1",
1973							"we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7,
1974							1, 0]}
1975
1976							It shows the number of encodes/decodes per second (JSON::XS uses
1977							the functional interface, while Cpanel::JSON::XS/2 uses the OO interface
1978							with pretty-printing and hash key sorting enabled, Cpanel::JSON::XS/3 enables
1979							shrink. JSON::DWIW/DS uses the deserialize function, while JSON::DWIW::FJ
1980							uses the from_json method). Higher is better:
1981
1982							module \| encode \| decode \|
1983							--------------\|------------\|------------\|
1984							JSON::DWIW/DS \| 86302.551 \| 102300.098 \|
1985							JSON::DWIW/FJ \| 86302.551 \| 75983.768 \|
1986							JSON::PP \| 15827.562 \| 6638.658 \|
1987							JSON::Syck \| 63358.066 \| 47662.545 \|
1988							JSON::XS \| 511500.488 \| 511500.488 \|
1989							JSON::XS/2 \| 291271.111 \| 388361.481 \|
1990							JSON::XS/3 \| 361577.931 \| 361577.931 \|
1991							Storable \| 66788.280 \| 265462.278 \|
1992							--------------+------------+------------+
1993
1994							That is, JSON::XS is almost six times faster than JSON::DWIW on encoding,
1995							about five times faster on decoding, and over thirty to seventy times
1996							faster than JSON's pure perl implementation. It also compares favourably
1997							to Storable for small amounts of data.
1998
1999							Using a longer test string (roughly 18KB, generated from Yahoo! Locals
2000							search API (L).
2001
2002							module \| encode \| decode \|
2003							--------------\|------------\|------------\|
2004							JSON::DWIW/DS \| 1647.927 \| 2673.916 \|
2005							JSON::DWIW/FJ \| 1630.249 \| 2596.128 \|
2006							JSON::PP \| 400.640 \| 62.311 \|
2007							JSON::Syck \| 1481.040 \| 1524.869 \|
2008							JSON::XS \| 20661.596 \| 9541.183 \|
2009							JSON::XS/2 \| 10683.403 \| 9416.938 \|
2010							JSON::XS/3 \| 20661.596 \| 9400.054 \|
2011							Storable \| 19765.806 \| 10000.725 \|
2012							--------------+------------+------------+
2013
2014							Again, JSON::XS leads by far (except for Storable which non-surprisingly
2015							decodes a bit faster).
2016
2017							On large strings containing lots of high Unicode characters, some modules
2018							(such as JSON::PC) seem to decode faster than JSON::XS, but the result
2019							will be broken due to missing (or wrong) Unicode handling. Others refuse
2020							to decode or encode properly, so it was impossible to prepare a fair
2021							comparison table for that case.
2022
2023							For updated graphs see L
2024
2025
2026							=head1 INTEROP with JSON and JSON::XS and other JSON modules
2027
2028							As long as you only serialize data that can be directly expressed in
2029							JSON, C is incapable of generating invalid JSON
2030							output (modulo bugs, but C has found more bugs in the
2031							official JSON testsuite (1) than the official JSON testsuite has found
2032							in C (0)).
2033							C is currently the only known JSON decoder which passes all
2034							L tests, while being the fastest also.
2035
2036							When you have trouble decoding JSON generated by this module using other
2037							decoders, then it is very likely that you have an encoding mismatch or the
2038							other decoder is broken.
2039
2040							When decoding, C is strict by default and will likely catch
2041							all errors. There are currently two settings that change this:
2042							C makes C accept (but not generate) some
2043							non-standard extensions, and C or C will
2044							allow you to encode and decode Perl objects, at the cost of being
2045							totally insecure and not outputting valid JSON anymore.
2046
2047							JSON-XS-3.01 broke interoperability with JSON-2.90 with booleans. See L.
2048
2049							Cpanel::JSON::XS needs to know the JSON and JSON::XS versions to be able work
2050							with those objects, especially when encoding a booleans like C<{"is_true":true}>.
2051							So you need to load these modules before.
2052
2053							true/false overloading and boolean representations are supported.
2054
2055							JSON::XS and JSON::PP representations are accepted and older JSON::XS
2056							accepts Cpanel::JSON::XS booleans. All JSON modules JSON, JSON, PP,
2057							JSON::XS, Cpanel::JSON::XS produce JSON::PP::Boolean objects, just
2058							Mojo and JSON::YAJL not. Mojo produces Mojo::JSON::_Bool and
2059							JSON::YAJL::Parser just an unblessed IV.
2060
2061							Cpanel::JSON::XS accepts JSON::PP::Boolean and Mojo::JSON::_Bool
2062							objects as booleans.
2063
2064							I cannot think of any reason to still use JSON::XS anymore.
2065
2066
2067							=head2 TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS
2068
2069							When you use C to use the extended (and also nonstandard
2070							and invalid) JSON syntax for serialized objects, and you still want to
2071							decode the generated serialize objects, you can run a regex to replace
2072							the tagged syntax by standard JSON arrays (it only works for "normal"
2073							package names without comma, newlines or single colons). First, the
2074							readable Perl version:
2075
2076							# if your FREEZE methods return no values, you need this replace first:
2077							$json =~ s/$ \s* (" (?: [^\\":,]+\|\\.\|::)* ") \s* $ \s* \[\s*\]/[$1]/gx;
2078
2079							# this works for non-empty constructor arg lists:
2080							$json =~ s/$ \s* (" (?: [^\\":,]+\|\\.\|::)* ") \s* $ \s* \[/[$1,/gx;
2081
2082							And here is a less readable version that is easy to adapt to other
2083							languages:
2084
2085							$json =~ s/$\s("([^\\":,]+\|\\.\|::)")\s$\s\[/[$1,/g;
2086
2087							Here is an ECMAScript version (same regex):
2088
2089							json = json.replace (/$\s("([^\\":,]+\|\\.\|::)")\s$\s\[/g, "[$1,");
2090
2091							Since this syntax converts to standard JSON arrays, it might be hard to
2092							distinguish serialized objects from normal arrays. You can prepend a
2093							"magic number" as first array element to reduce chances of a collision:
2094
2095							$json =~ s/$\s("([^\\":,]+\|\\.\|::)")\s$\s\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g;
2096
2097							And after decoding the JSON text, you could walk the data
2098							structure looking for arrays with a first element of
2099							C.
2100
2101							The same approach can be used to create the tagged format with another
2102							encoder. First, you create an array with the magic string as first member,
2103							the classname as second, and constructor arguments last, encode it as part
2104							of your JSON structure, and then:
2105
2106							$json =~ s/\[\s"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s,\s("([^\\":,]+\|\\.\|::)")\s*,/($1)[/g;
2107
2108							Again, this has some limitations - the magic string must not be encoded
2109							with character escapes, and the constructor arguments must be non-empty.
2110
2111
2112							=head1 RFC7159
2113
2114							Since this module was written, Google has written a new JSON RFC, RFC 7159
2115							(and RFC7158). Unfortunately, this RFC breaks compatibility with both the
2116							original JSON specification on www.json.org and RFC4627.
2117
2118							As far as I can see, you can get partial compatibility when parsing by
2119							using C<< ->allow_nonref >>. However, consider the security implications
2120							of doing so.
2121
2122							I haven't decided yet when to break compatibility with RFC4627 by default
2123							(and potentially leave applications insecure) and change the default to
2124							follow RFC7159, but application authors are well advised to call C<<
2125							->allow_nonref(0) >> even if this is the current default, if they cannot
2126							handle non-reference values, in preparation for the day when the default
2127							will change.
2128
2129							=head1 SECURITY CONSIDERATIONS
2130
2131							JSON::XS and Cpanel::JSON::XS are not only fast. JSON is generally the
2132							most secure serializing format, because it is the only one besides
2133							Data::MessagePack, which does not deserialize objects per default. For
2134							all languages, not just perl. The binary variant BSON (MongoDB) does
2135							more but is unsafe.
2136
2137							It is trivial for any attacker to create such serialized objects in
2138							JSON and trick perl into expanding them, thereby triggering certain
2139							methods. Watch L for an
2140							exploit demo for "CVE-2015-1592 SixApart MovableType Storable Perl
2141							Code Execution" for a deserializer which expands objects.
2142							Deserializing even coderefs (methods, functions) or external
2143							data would be considered the most dangerous.
2144
2145							Security relevant overview of serializers regarding deserializing
2146							objects by default:
2147
2148							Objects Coderefs External Data
2149
2150							Data::Dumper YES YES YES
2151							Storable YES NO (def) NO
2152							Sereal YES NO NO
2153							YAML YES NO NO
2154							B::C YES YES YES
2155							B::Bytecode YES YES YES
2156							BSON YES YES NO
2157							JSON::SL YES NO YES
2158							JSON NO (def) NO NO
2159							Data::MessagePack NO NO NO
2160							XML NO NO YES
2161
2162							Pickle YES YES YES
2163							PHP Deserialize YES NO NO
2164
2165							When you are using JSON in a protocol, talking to untrusted potentially
2166							hostile creatures requires relatively few measures.
2167
2168							First of all, your JSON decoder should be secure, that is, should not have
2169							any buffer overflows. Obviously, this module should ensure that.
2170
2171							Second, you need to avoid resource-starving attacks. That means you should
2172							limit the size of JSON texts you accept, or make sure then when your
2173							resources run out, that's just fine (e.g. by using a separate process that
2174							can crash safely). The size of a JSON text in octets or characters is
2175							usually a good indication of the size of the resources required to decode
2176							it into a Perl structure. While JSON::XS can check the size of the JSON
2177							text, it might be too late when you already have it in memory, so you
2178							might want to check the size before you accept the string.
2179
2180							Third, Cpanel::JSON::XS recurses using the C stack when decoding objects and
2181							arrays. The C stack is a limited resource: for instance, on my amd64
2182							machine with 8MB of stack size I can decode around 180k nested arrays but
2183							only 14k nested JSON objects (due to perl itself recursing deeply on croak
2184							to free the temporary). If that is exceeded, the program crashes. To be
2185							conservative, the default nesting limit is set to 512. If your process
2186							has a smaller stack, you should adjust this setting accordingly with the
2187							C method.
2188
2189							Also keep in mind that Cpanel::JSON::XS might leak contents of your Perl data
2190							structures in its error messages, so when you serialize sensitive
2191							information you might want to make sure that exceptions thrown by JSON::XS
2192							will not end up in front of untrusted eyes.
2193
2194							If you are using Cpanel::JSON::XS to return packets to consumption
2195							by JavaScript scripts in a browser you should have a look at
2196							L to
2197							see whether you are vulnerable to some common attack vectors (which really
2198							are browser design bugs, but it is still you who will have to deal with
2199							it, as major browser developers care only for features, not about getting
2200							security right). You might also want to also look at L
2201							special escape rules to prevent from XSS attacks.
2202
2203							=head1 "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159)
2204
2205							TL;DR: Due to security concerns, Cpanel::JSON::XS will not allow
2206							scalar data in JSON texts by default - you need to create your own
2207							Cpanel::JSON::XS object and enable C:
2208
2209
2210							my $json = JSON::XS->new->allow_nonref;
2211
2212							$text = $json->encode ($data);
2213							$data = $json->decode ($text);
2214
2215							The long version: JSON being an important and supposedly stable format,
2216							the IETF standardized it as RFC 4627 in 2006. Unfortunately the inventor
2217							of JSON Douglas Crockford unilaterally changed the definition of JSON in
2218							javascript. Rather than create a fork, the IETF decided to standardize the
2219							new syntax (apparently, so I as told, without finding it very amusing).
2220
2221							The biggest difference between the original JSON and the new JSON is that
2222							the new JSON supports scalars (anything other than arrays and objects) at
2223							the top-level of a JSON text. While this is strictly backwards compatible
2224							to older versions, it breaks a number of protocols that relied on sending
2225							JSON back-to-back, and is a minor security concern.
2226
2227							For example, imagine you have two banks communicating, and on one side,
2228							the JSON coder gets upgraded. Two messages, such as C<10> and C<1000>
2229							might then be confused to mean C<101000>, something that couldn't happen
2230							in the original JSON, because neither of these messages would be valid
2231							JSON.
2232
2233							If one side accepts these messages, then an upgrade in the coder on either
2234							side could result in this becoming exploitable.
2235
2236							This module has always allowed these messages as an optional extension, by
2237							default disabled. The security concerns are the reason why the default is
2238							still disabled, but future versions might/will likely upgrade to the newer
2239							RFC as default format, so you are advised to check your implementation
2240							and/or override the default with C<< ->allow_nonref (0) >> to ensure that
2241							future versions are safe.
2242
2243							=head1 THREADS
2244
2245							Cpanel::JSON::XS has proper ithreads support, unlike JSON::XS. If you
2246							encounter any bugs with thread support please report them.
2247
2248							=head1 BUGS
2249
2250							While the goal of the Cpanel::JSON::XS module is to be correct, that
2251							unfortunately does not mean it's bug-free, only that the author thinks
2252							its design is bug-free. If you keep reporting bugs and tests they will
2253							be fixed swiftly, though.
2254
2255							Since the JSON::XS author refuses to use a public bugtracker and
2256							prefers private emails, we use the tracker at B, so you might want
2257							to report any issues twice. Once in private to MLEHMANN to be fixed in
2258							JSON::XS and one to our the public tracker. Issues fixed by JSON::XS
2259							with a new release will also be backported to Cpanel::JSON::XS and
2260							5.6.2, as long as cPanel relies on 5.6.2 and Cpanel::JSON::XS as our
2261							serializer of choice.
2262
2263							L
2264
2265							=head1 LICENSE
2266
2267							This module is available under the same licences as perl, the Artistic
2268							license and the GPL.
2269
2270							=cut
2271
2272							sub allow_bigint {
2273	0			0	1	0	Carp::carp("allow_bigint() is obsoleted. use allow_bignum() instead.");
2274							}
2275
2276							BEGIN {
2277							package
2278							JSON::PP::Boolean;
2279
2280	57			57		51214	require overload;
2281
2282	57					44707	local $^W; # silence redefine warnings. no warnings 'redefine' does not help
2283							&overload::import( 'overload', # workaround 5.6 reserved keyword warning
2284	46			46		9837	"0+" => sub { ${$_[0]} },
	46					252
2285	1			1		143	"++" => sub { $_[0] = ${$_[0]} + 1 },
	1					10
2286	0			0		0	"--" => sub { $_[0] = ${$_[0]} - 1 },
	0					0
2287	23	100		23		6584	'""' => sub { ${$_[0]} == 1 ? '1' : '0' }, # GH 29
	23					224
2288							'eq' => sub {
2289	17	50		17		1058	my ($obj, $op) = $_[2] ? ($_[1], $_[0]) : ($_[0], $_[1]);
2290							#warn "eq obj:$obj op:$op len:", length($op) > 0, " swap:$_[2]";
2291	17	100				59	if (ref $op) { # if 2nd also blessed might recurse endlessly
		100
2292	2	100				5	return $obj ? 1 == $op : 0 == $op;
2293							}
2294							# if string, only accept numbers or true\|false or "" (e.g. !!0 / SV_NO)
2295							elsif ($op !~ /^[0-9]+$/) {
2296	9	100	100			14	return "$obj" eq '1' ? 'true' eq $op : 'false' eq $op \|\| "" eq $op;
2297							}
2298							else {
2299	6	100				15	return $obj ? 1 == $op : 0 == $op;
2300							}
2301							},
2302							'ne' => sub {
2303	2	50		2		10	my ($obj, $op) = $_[2] ? ($_[1], $_[0]) : ($_[0], $_[1]);
2304							#warn "ne obj:$obj op:$op";
2305	2					4	return !($obj eq $op);
2306							},
2307	57					680	fallback => 1);
2308							}
2309
2310							our ($true, $false);
2311							BEGIN {
2312	57	50	33	57		11706	if ($INC{'JSON/XS.pm'}
			0
2313							and $INC{'Types/Serialiser.pm'}
2314							and $JSON::XS::VERSION ge "3.00") {
2315	0					0	$true = $Types::Serialiser::true; # readonly if loaded by JSON::XS
2316	0					0	$false = $Types::Serialiser::false;
2317							} else {
2318	57					110	$true = do { bless \(my $dummy = 1), "JSON::PP::Boolean" };
	57					163
2319	57					98	$false = do { bless \(my $dummy = 0), "JSON::PP::Boolean" };
	57					3832
2320							}
2321							}
2322
2323							BEGIN {
2324	57			57		177	my $const_true = $true;
2325	57					94	my $const_false = $false;
2326	57					566	*true = sub () { $const_true };
	0					0
2327	57					6221	*false = sub () { $const_false };
	0					0
2328							}
2329
2330							sub is_bool($) {
2331	12	100		12	1	141	shift if @_ == 2; # as method call
2332							(ref($_[0]) and UNIVERSAL::isa( $_[0], JSON::PP::Boolean::))
2333	12	100	33			96	or (exists $INC{'Types/Serialiser.pm'} and Types::Serialiser::is_bool($_[0]))
			100
2334							}
2335
2336							XSLoader::load 'Cpanel::JSON::XS', $XS_VERSION;
2337
2338							1;
2339
2340							=head1 SEE ALSO
2341
2342							The F command line utility for quick experiments.
2343
2344							L, L, L, L, L,
2345							L, L, L, L, L,
2346							L,
2347							L
2348
2349							L
2350
2351							L
2352
2353
2354							=head1 AUTHOR
2355
2356							Reini Urban
2357
2358							Marc Lehmann , http://home.schmorp.de/
2359
2360							=head1 MAINTAINER
2361
2362							Reini Urban
2363
2364							=cut
2365