File Coverage

blib/lib/Cpanel/JSON/XS.pm
Criterion Covered Total %
statement 33 48 68.7
branch 19 26 73.0
condition 8 15 53.3
subroutine 11 15 73.3
pod 4 4 100.0
total 75 108 69.4


line stmt bran cond sub pod time code
1             package Cpanel::JSON::XS;
2             our $VERSION = '4.17';
3             our $XS_VERSION = $VERSION;
4             # $VERSION = eval $VERSION;
5              
6             =pod
7              
8             =head1 NAME
9              
10             Cpanel::JSON::XS - cPanel fork of JSON::XS, fast and correct serializing
11              
12             =head1 SYNOPSIS
13              
14             use Cpanel::JSON::XS;
15              
16             # exported functions, they croak on error
17             # and expect/generate UTF-8
18              
19             $utf8_encoded_json_text = encode_json $perl_hash_or_arrayref;
20             $perl_hash_or_arrayref = decode_json $utf8_encoded_json_text;
21              
22             # OO-interface
23              
24             $coder = Cpanel::JSON::XS->new->ascii->pretty->allow_nonref;
25             $pretty_printed_unencoded = $coder->encode ($perl_scalar);
26             $perl_scalar = $coder->decode ($unicode_json_text);
27              
28             # Note that 5.6 misses most smart utf8 and encoding functionalities
29             # of newer releases.
30              
31             # Note that L will automatically use Cpanel::JSON::XS
32             # if available, at virtually no speed overhead either, so you should
33             # be able to just:
34            
35             use JSON::MaybeXS;
36              
37             # and do the same things, except that you have a pure-perl fallback now.
38              
39             Note that this module will be replaced by a new JSON::Safe module soon,
40             with the same API just guaranteed safe defaults.
41              
42             =head1 DESCRIPTION
43              
44             This module converts Perl data structures to JSON and vice versa. Its
45             primary goal is to be I and its secondary goal is to be
46             I. To reach the latter goal it was written in C.
47              
48             As this is the n-th-something JSON module on CPAN, what was the reason
49             to write yet another JSON module? While it seems there are many JSON
50             modules, none of them correctly handle all corner cases, and in most cases
51             their maintainers are unresponsive, gone missing, or not listening to bug
52             reports for other reasons.
53              
54             See below for the cPanel fork.
55              
56             See MAPPING, below, on how Cpanel::JSON::XS maps perl values to JSON
57             values and vice versa.
58              
59             =head2 FEATURES
60              
61             =over 4
62              
63             =item * correct Unicode handling
64              
65             This module knows how to handle Unicode with Perl version higher than 5.8.5,
66             documents how and when it does so, and even documents what "correct" means.
67              
68             =item * round-trip integrity
69              
70             When you serialize a perl data structure using only data types supported
71             by JSON and Perl, the deserialized data structure is identical on the Perl
72             level. (e.g. the string "2.0" doesn't suddenly become "2" just because
73             it looks like a number). There I minor exceptions to this, read the
74             MAPPING section below to learn about those.
75              
76             =item * strict checking of JSON correctness
77              
78             There is no guessing, no generating of illegal JSON texts by default,
79             and only JSON is accepted as input by default. the latter is a security
80             feature.
81              
82             =item * fast
83              
84             Compared to other JSON modules and other serializers such as Storable,
85             this module usually compares favourably in terms of speed, too.
86              
87             =item * simple to use
88              
89             This module has both a simple functional interface as well as an object
90             oriented interface.
91              
92             =item * reasonably versatile output formats
93              
94             You can choose between the most compact guaranteed-single-line format
95             possible (nice for simple line-based protocols), a pure-ASCII format
96             (for when your transport is not 8-bit clean, still supports the whole
97             Unicode range), or a pretty-printed format (for when you want to read that
98             stuff). Or you can combine those features in whatever way you like.
99              
100             =back
101              
102             =head2 cPanel fork
103              
104             Since the original author MLEHMANN has no public
105             bugtracker, this cPanel fork sits now on github.
106              
107             src repo: L
108             original: L
109              
110             RT: L
111             or L
112              
113             B
114              
115             - stricter decode_json() as documented. non-refs are disallowed.
116             added a 2nd optional argument. decode() honors now allow_nonref.
117              
118             - fixed encode of numbers for dual-vars. Different string
119             representations are preserved, but numbers with temporary strings
120             which represent the same number are here treated as numbers, not
121             strings. Cpanel::JSON::XS is a bit slower, but preserves numeric
122             types better.
123              
124             - numbers ending with .0 stray numbers, are not converted to
125             integers. [#63] dual-vars which are represented as number not
126             integer (42+"bar" != 5.8.9) are now encoded as number (=> 42.0)
127             because internally it's now a NOK type. However !!1 which is
128             wrongly encoded in 5.8 as "1"/1.0 is still represented as integer.
129              
130             - different handling of inf/nan. Default now to null, optionally with
131             stringify_infnan() to "inf"/"nan". [#28, #32]
132              
133             - added C extension, non-JSON and non JSON parsable, allows
134             C<\xNN> and C<\NNN> sequences.
135              
136             - 5.6.2 support; sacrificing some utf8 features (assuming bytes
137             all-over), no multi-byte unicode characters with 5.6.
138              
139             - interop for true/false overloading. JSON::XS, JSON::PP and Mojo::JSON
140             representations for booleans are accepted and JSON::XS accepts
141             Cpanel::JSON::XS booleans [#13, #37]
142             Fixed overloading of booleans. Cpanel::JSON::XS::true stringifies again
143             to "1", not "true", analog to all other JSON modules.
144              
145             - native boolean mapping of yes and no to true and false, as in YAML::XS.
146             In perl C is yes, C is no.
147             The JSON value true maps to 1, false maps to 0. [#39]
148              
149             - support arbitrary stringification with encode, with convert_blessed
150             and allow_blessed.
151              
152             - ithread support. Cpanel::JSON::XS is thread-safe, JSON::XS not
153              
154             - is_bool can be called as method, JSON::XS::is_bool not.
155              
156             - performance optimizations for threaded Perls
157              
158             - relaxed mode, allowing many popular extensions
159              
160             - additional fixes for:
161              
162             - [cpan #88061] AIX atof without USE_LONG_DOUBLE
163              
164             - #10 unshare_hek crash
165              
166             - #7, #29 avoid re-blessing where possible. It fails in JSON::XS for
167             READONLY values, i.e. restricted hashes.
168              
169             - #41 overloading of booleans, use the object not the reference.
170              
171             - #62 -Dusequadmath conversion and no SEGV.
172              
173             - #72 parsing of values followed \0, like 1\0 does fail.
174              
175             - #72 parsing of illegal unicode or non-unicode characters.
176              
177             - #96 locale-insensitive numeric conversion
178              
179             - #154 numeric conversion fixed since 5.22, using the same strtold as perl5.
180              
181             - public maintenance and bugtracker
182              
183             - use ppport.h, sanify XS.xs comment styles, harness C coding style
184              
185             - common::sense is optional. When available it is not used in the
186             published production module, just during development and testing.
187              
188             - extended testsuite, passes all http://seriot.ch/parsing_json.html
189             tests. In fact it is the only know JSON decoder which does so,
190             while also being the fastest.
191              
192             - support many more options and methods from JSON::PP:
193             stringify_infnan, allow_unknown, allow_stringify, allow_barekey,
194             encode_stringify, allow_bignum, allow_singlequote, sort_by
195             (partially), escape_slash, convert_blessed, ... optional
196             decode_json(, allow_nonref) arg.
197             relaxed implements allow_dupkeys.
198              
199             - support all 5 unicode L's: UTF-8, UTF-16LE, UTF-16BE, UTF-32LE,
200             UTF-32BE, encoding internally to UTF-8.
201              
202             =cut
203              
204             our @ISA = qw(Exporter);
205             our @EXPORT = qw(encode_json decode_json to_json from_json);
206              
207             sub to_json($@) {
208 0 0   0 1 0 if ($] >= 5.008) {
209 0         0 require Carp;
210 0         0 Carp::croak ("Cpanel::JSON::XS::to_json has been renamed to encode_json,".
211             " either downgrade to pre-2.0 versions of Cpanel::JSON::XS or".
212             " rename the call");
213             } else {
214 0         0 _to_json(@_);
215             }
216             }
217              
218             sub from_json($@) {
219 0 0   0 1 0 if ($] >= 5.008) {
220 0         0 require Carp;
221 0         0 Carp::croak ("Cpanel::JSON::XS::from_json has been renamed to decode_json,".
222             " either downgrade to pre-2.0 versions of Cpanel::JSON::XS or".
223             " rename the call");
224             } else {
225 0         0 _from_json(@_);
226             }
227             }
228              
229 57     57   2654196 use Exporter;
  57         450  
  57         2158  
230 57     57   274 use XSLoader;
  57         93  
  57         32667  
231              
232             =head1 FUNCTIONAL INTERFACE
233              
234             The following convenience methods are provided by this module. They are
235             exported by default:
236              
237             =over 4
238              
239             =item $json_text = encode_json $perl_scalar, [json_type]
240              
241             Converts the given Perl data structure to a UTF-8 encoded, binary string
242             (that is, the string contains octets only). Croaks on error.
243              
244             This function call is functionally identical to:
245              
246             $json_text = Cpanel::JSON::XS->new->utf8->encode ($perl_scalar, $json_type)
247              
248             Except being faster.
249              
250             For the type argument see L.
251              
252             =item $perl_scalar = decode_json $json_text [, $allow_nonref [, my $json_type ] ]
253              
254             The opposite of C: expects an UTF-8 (binary) string of an
255             json reference and tries to parse that as an UTF-8 encoded JSON text,
256             returning the resulting reference. Croaks on error.
257              
258             This function call is functionally identical to:
259              
260             $perl_scalar = Cpanel::JSON::XS->new->utf8->decode ($json_text, $json_type)
261              
262             except being faster.
263              
264             Note that older decode_json versions in Cpanel::JSON::XS older than
265             3.0116 and JSON::XS did not set allow_nonref but allowed them due to a
266             bug in the decoder.
267              
268             If the new optional $allow_nonref argument is set and not false, the
269             allow_nonref option will be set and the function will act is described
270             as in the relaxed RFC 7159 allowing all values such as objects,
271             arrays, strings, numbers, "null", "true", and "false".
272              
273             For the type argument see L.
274              
275             =item $is_boolean = Cpanel::JSON::XS::is_bool $scalar
276              
277             Returns true if the passed scalar represents either C
278             or C, two constants that act like C<1> and C<0>,
279             respectively and are used to represent JSON C and C
280             values in Perl.
281              
282             See MAPPING, below, for more information on how JSON values are mapped
283             to Perl.
284              
285             =back
286              
287             =head1 DEPRECATED FUNCTIONS
288              
289             =over
290              
291             =item from_json
292              
293             from_json has been renamed to decode_json
294              
295             =item to_json
296              
297             to_json has been renamed to encode_json
298              
299             =back
300              
301              
302             =head1 A FEW NOTES ON UNICODE AND PERL
303              
304             Since this often leads to confusion, here are a few very clear words on
305             how Unicode works in Perl, modulo bugs.
306              
307             =over 4
308              
309             =item 1. Perl strings can store characters with ordinal values > 255.
310              
311             This enables you to store Unicode characters as single characters in a
312             Perl string - very natural.
313              
314             =item 2. Perl does I associate an encoding with your strings.
315              
316             ... until you force it to, e.g. when matching it against a regex, or
317             printing the scalar to a file, in which case Perl either interprets
318             your string as locale-encoded text, octets/binary, or as Unicode,
319             depending on various settings. In no case is an encoding stored
320             together with your data, it is I that decides encoding, not any
321             magical meta data.
322              
323             =item 3. The internal utf-8 flag has no meaning with regards to the
324             encoding of your string.
325              
326             =item 4. A "Unicode String" is simply a string where each character
327             can be validly interpreted as a Unicode code point.
328              
329             If you have UTF-8 encoded data, it is no longer a Unicode string, but
330             a Unicode string encoded in UTF-8, giving you a binary string.
331              
332             =item 5. A string containing "high" (> 255) character values is I
333             a UTF-8 string.
334              
335             =item 6. Unicode noncharacters only warn, as in core.
336              
337             The 66 Unicode noncharacters U+FDD0..U+FDEF, and U+*FFFE, U+*FFFF just
338             warn, see L. But
339             illegal surrogate pairs fail to parse.
340              
341             =item 7. Raw non-Unicode characters above U+10FFFF are disallowed.
342              
343             Raw non-Unicode characters outside the valid unicode range fail to
344             parse, because "A string is a sequence of zero or more Unicode
345             characters" RFC 7159 section 1 and "JSON text SHALL be encoded in
346             Unicode RFC 7159 section 8.1. We use now the UTF8_DISALLOW_SUPER
347             flag when parsing unicode.
348              
349             =back
350              
351             I hope this helps :)
352              
353              
354             =head1 OBJECT-ORIENTED INTERFACE
355              
356             The object oriented interface lets you configure your own encoding or
357             decoding style, within the limits of supported formats.
358              
359             =over 4
360              
361             =item $json = new Cpanel::JSON::XS
362              
363             Creates a new JSON object that can be used to de/encode JSON
364             strings. All boolean flags described below are by default I.
365              
366             The mutators for flags all return the JSON object again and thus calls can
367             be chained:
368              
369             my $json = Cpanel::JSON::XS->new->utf8->space_after->encode ({a => [1,2]})
370             => {"a": [1, 2]}
371              
372             =item $json = $json->ascii ([$enable])
373              
374             =item $enabled = $json->get_ascii
375              
376             If C<$enable> is true (or missing), then the C method will not
377             generate characters outside the code range C<0..127> (which is ASCII). Any
378             Unicode characters outside that range will be escaped using either a
379             single C<\uXXXX> (BMP characters) or a double C<\uHHHH\uLLLLL> escape sequence,
380             as per RFC4627. The resulting encoded JSON text can be treated as a native
381             Unicode string, an ascii-encoded, latin1-encoded or UTF-8 encoded string,
382             or any other superset of ASCII.
383              
384             If C<$enable> is false, then the C method will not escape Unicode
385             characters unless required by the JSON syntax or other flags. This results
386             in a faster and more compact format.
387              
388             See also the section I later in this
389             document.
390              
391             The main use for this flag is to produce JSON texts that can be
392             transmitted over a 7-bit channel, as the encoded JSON texts will not
393             contain any 8 bit characters.
394              
395             Cpanel::JSON::XS->new->ascii (1)->encode ([chr 0x10401])
396             => ["\ud801\udc01"]
397              
398             =item $json = $json->latin1 ([$enable])
399              
400             =item $enabled = $json->get_latin1
401              
402             If C<$enable> is true (or missing), then the C method will encode
403             the resulting JSON text as latin1 (or ISO-8859-1), escaping any characters
404             outside the code range C<0..255>. The resulting string can be treated as a
405             latin1-encoded JSON text or a native Unicode string. The C method
406             will not be affected in any way by this flag, as C by default
407             expects Unicode, which is a strict superset of latin1.
408              
409             If C<$enable> is false, then the C method will not escape Unicode
410             characters unless required by the JSON syntax or other flags.
411              
412             See also the section I later in this
413             document.
414              
415             The main use for this flag is efficiently encoding binary data as JSON
416             text, as most octets will not be escaped, resulting in a smaller encoded
417             size. The disadvantage is that the resulting JSON text is encoded
418             in latin1 (and must correctly be treated as such when storing and
419             transferring), a rare encoding for JSON. It is therefore most useful when
420             you want to store data structures known to contain binary data efficiently
421             in files or databases, not when talking to other JSON encoders/decoders.
422              
423             Cpanel::JSON::XS->new->latin1->encode (["\x{89}\x{abc}"]
424             => ["\x{89}\\u0abc"] # (perl syntax, U+abc escaped, U+89 not)
425              
426              
427             =item $json = $json->binary ([$enable])
428              
429             =item $enabled = $json = $json->get_binary
430              
431             If the C<$enable> argument is true (or missing), then the C
432             method will not try to detect an UTF-8 encoding in any JSON string, it
433             will strictly interpret it as byte sequence. The result might contain
434             new C<\xNN> sequences, which is B. The C
435             method forbids C<\uNNNN> sequences and accepts C<\xNN> and octal
436             C<\NNN> sequences.
437              
438             There is also a special logic for perl 5.6 and utf8. 5.6 encodes any
439             string to utf-8 automatically when seeing a codepoint >= C<0x80> and
440             < C<0x100>. With the binary flag enabled decode the perl utf8 encoded
441             string to the original byte encoding and encode this with C<\xNN>
442             escapes. This will result to the same encodings as with newer
443             perls. But note that binary multi-byte codepoints with 5.6 will
444             result in C errors,
445             unlike with newer perls.
446              
447             If C<$enable> is false, then the C method will smartly try to
448             detect Unicode characters unless required by the JSON syntax or other
449             flags and hex and octal sequences are forbidden.
450              
451             See also the section I later in this
452             document.
453              
454             The main use for this flag is to avoid the smart unicode detection and
455             possible double encoding. The disadvantage is that the resulting JSON
456             text is encoded in new C<\xNN> and in latin1 characters and must
457             correctly be treated as such when storing and transferring, a rare
458             encoding for JSON. It will produce non-readable JSON strings in the
459             browser. It is therefore most useful when you want to store data
460             structures known to contain binary data efficiently in files or
461             databases, not when talking to other JSON encoders/decoders. The
462             binary decoding method can also be used when an encoder produced a
463             non-JSON conformant hex or octal encoding C<\xNN> or C<\NNN>.
464              
465             Cpanel::JSON::XS->new->binary->encode (["\x{89}\x{abc}"])
466             5.6: Error: malformed or illegal unicode character in binary string
467             >=5.8: ['\x89\xe0\xaa\xbc']
468              
469             Cpanel::JSON::XS->new->binary->encode (["\x{89}\x{bc}"])
470             => ["\x89\xbc"]
471              
472             Cpanel::JSON::XS->new->binary->decode (["\x89\ua001"])
473             Error: malformed or illegal unicode character in binary string
474              
475             Cpanel::JSON::XS->new->decode (["\x89"])
476             Error: illegal hex character in non-binary string
477              
478              
479             =item $json = $json->utf8 ([$enable])
480              
481             =item $enabled = $json->get_utf8
482              
483             If C<$enable> is true (or missing), then the C method will encode
484             the JSON result into UTF-8, as required by many protocols, while the
485             C method expects to be handled an UTF-8-encoded string. Please
486             note that UTF-8-encoded strings do not contain any characters outside the
487             range C<0..255>, they are thus useful for bytewise/binary I/O. In future
488             versions, enabling this option might enable autodetection of the UTF-16
489             and UTF-32 encoding families, as described in RFC4627.
490              
491             If C<$enable> is false, then the C method will return the JSON
492             string as a (non-encoded) Unicode string, while C expects thus a
493             Unicode string. Any decoding or encoding (e.g. to UTF-8 or UTF-16) needs
494             to be done yourself, e.g. using the Encode module.
495              
496             See also the section I later in this
497             document.
498              
499             Example, output UTF-16BE-encoded JSON:
500              
501             use Encode;
502             $jsontext = encode "UTF-16BE", Cpanel::JSON::XS->new->encode ($object);
503              
504             Example, decode UTF-32LE-encoded JSON:
505              
506             use Encode;
507             $object = Cpanel::JSON::XS->new->decode (decode "UTF-32LE", $jsontext);
508              
509             =item $json = $json->pretty ([$enable])
510              
511             This enables (or disables) all of the C, C and
512             C (and in the future possibly more) flags in one call to
513             generate the most readable (or most compact) form possible.
514              
515             Example, pretty-print some simple structure:
516              
517             my $json = Cpanel::JSON::XS->new->pretty(1)->encode ({a => [1,2]})
518             =>
519             {
520             "a" : [
521             1,
522             2
523             ]
524             }
525              
526              
527             =item $json = $json->indent ([$enable])
528              
529             =item $enabled = $json->get_indent
530              
531             If C<$enable> is true (or missing), then the C method will use
532             a multiline format as output, putting every array member or
533             object/hash key-value pair into its own line, indenting them properly.
534              
535             If C<$enable> is false, no newlines or indenting will be produced, and the
536             resulting JSON text is guaranteed not to contain any C.
537              
538             This setting has no effect when decoding JSON texts.
539              
540             =item $json = $json->indent_length([$number_of_spaces])
541              
542             =item $length = $json->get_indent_length()
543              
544             Set the indent length (default C<3>).
545             This option is only useful when you also enable indent or pretty.
546             The acceptable range is from 0 (no indentation) to 15
547              
548             =item $json = $json->space_before ([$enable])
549              
550             =item $enabled = $json->get_space_before
551              
552             If C<$enable> is true (or missing), then the C method will add an extra
553             optional space before the C<:> separating keys from values in JSON objects.
554              
555             If C<$enable> is false, then the C method will not add any extra
556             space at those places.
557              
558             This setting has no effect when decoding JSON texts. You will also
559             most likely combine this setting with C.
560              
561             Example, space_before enabled, space_after and indent disabled:
562              
563             {"key" :"value"}
564              
565             =item $json = $json->space_after ([$enable])
566              
567             =item $enabled = $json->get_space_after
568              
569             If C<$enable> is true (or missing), then the C method will add
570             an extra optional space after the C<:> separating keys from values in
571             JSON objects and extra whitespace after the C<,> separating key-value
572             pairs and array members.
573              
574             If C<$enable> is false, then the C method will not add any extra
575             space at those places.
576              
577             This setting has no effect when decoding JSON texts.
578              
579             Example, space_before and indent disabled, space_after enabled:
580              
581             {"key": "value"}
582              
583             =item $json = $json->relaxed ([$enable])
584              
585             =item $enabled = $json->get_relaxed
586              
587             If C<$enable> is true (or missing), then C will accept some
588             extensions to normal JSON syntax (see below). C will not be
589             affected in anyway. I
590             JSON texts as if they were valid!>. I suggest only to use this option to
591             parse application-specific files written by humans (configuration files,
592             resource files etc.)
593              
594             If C<$enable> is false (the default), then C will only accept
595             valid JSON texts.
596              
597             Currently accepted extensions are:
598              
599             =over 4
600              
601             =item * list items can have an end-comma
602              
603             JSON I array elements and key-value pairs with commas. This
604             can be annoying if you write JSON texts manually and want to be able to
605             quickly append elements, so this extension accepts comma at the end of
606             such items not just between them:
607              
608             [
609             1,
610             2, <- this comma not normally allowed
611             ]
612             {
613             "k1": "v1",
614             "k2": "v2", <- this comma not normally allowed
615             }
616              
617             =item * shell-style '#'-comments
618              
619             Whenever JSON allows whitespace, shell-style comments are additionally
620             allowed. They are terminated by the first carriage-return or line-feed
621             character, after which more white-space and comments are allowed.
622              
623             [
624             1, # this comment not allowed in JSON
625             # neither this one...
626             ]
627              
628             =item * literal ASCII TAB characters in strings
629              
630             Literal ASCII TAB characters are now allowed in strings (and treated as
631             C<\t>) in relaxed mode. Despite JSON mandates, that TAB character is
632             substituted for "\t" sequence.
633              
634             [
635             "Hello\tWorld",
636             "HelloWorld", # literal would not normally be allowed
637             ]
638              
639             =item * allow_singlequote
640              
641             Single quotes are accepted instead of double quotes. See the
642             L option.
643              
644             { "foo":'bar' }
645             { 'foo':"bar" }
646             { 'foo':'bar' }
647              
648             =item * allow_barekey
649              
650             Accept unquoted object keys instead of with mandatory double quotes. See the
651             L option.
652              
653             { foo:"bar" }
654              
655             =item * allow_dupkeys
656              
657             Allow decoding of duplicate keys in hashes. By default duplicate keys are forbidden.
658             See L:
659             RFC 7159 section 4: "The names within an object should be unique."
660             See the L option.
661              
662             =back
663              
664              
665             =item $json = $json->canonical ([$enable])
666              
667             =item $enabled = $json->get_canonical
668              
669             If C<$enable> is true (or missing), then the C method will
670             output JSON objects by sorting their keys. This is adding a
671             comparatively high overhead.
672              
673             If C<$enable> is false, then the C method will output key-value
674             pairs in the order Perl stores them (which will likely change between runs
675             of the same script, and can change even within the same run from 5.18
676             onwards).
677              
678             This option is useful if you want the same data structure to be encoded as
679             the same JSON text (given the same overall settings). If it is disabled,
680             the same hash might be encoded differently even if contains the same data,
681             as key-value pairs have no inherent ordering in Perl.
682              
683             This setting has no effect when decoding JSON texts.
684              
685             This setting has currently no effect on tied hashes.
686              
687              
688             =item $json = $json->sort_by (undef, 0, 1 or a block)
689              
690             This currently only (un)sets the C option, and ignores
691             custom sort blocks.
692              
693             This setting has no effect when decoding JSON texts.
694              
695             This setting has currently no effect on tied hashes.
696              
697              
698             =item $json = $json->escape_slash ([$enable])
699              
700             =item $enabled = $json->get_escape_slash
701              
702             According to the JSON Grammar, the I character (U+002F)
703             C<"/"> need to be escaped. But by default strings are encoded without
704             escaping slashes in all perl JSON encoders.
705              
706             If C<$enable> is true (or missing), then C will escape slashes,
707             C<"\/">.
708              
709             This setting has no effect when decoding JSON texts.
710              
711              
712             =item $json = $json->unblessed_bool ([$enable])
713              
714             =item $enabled = $json->get_unblessed_bool
715              
716             $json = $json->unblessed_bool([$enable])
717              
718             If C<$enable> is true (or missing), then C will return
719             Perl non-object boolean variables (1 and 0) for JSON booleans
720             (C and C). If C<$enable> is false, then C
721             will return C objects for JSON booleans.
722              
723              
724             =item $json = $json->allow_singlequote ([$enable])
725              
726             =item $enabled = $json->get_allow_singlequote
727              
728             $json = $json->allow_singlequote([$enable])
729              
730             If C<$enable> is true (or missing), then C will accept
731             JSON strings quoted by single quotations that are invalid JSON
732             format.
733              
734             $json->allow_singlequote->decode({"foo":'bar'});
735             $json->allow_singlequote->decode({'foo':"bar"});
736             $json->allow_singlequote->decode({'foo':'bar'});
737              
738             This is also enabled with C.
739             As same as the C option, this option may be used to parse
740             application-specific files written by humans.
741              
742              
743             =item $json = $json->allow_barekey ([$enable])
744              
745             =item $enabled = $json->get_allow_barekey
746              
747             $json = $json->allow_barekey([$enable])
748              
749             If C<$enable> is true (or missing), then C will accept
750             bare keys of JSON object that are invalid JSON format.
751              
752             Same as with the C option, this option may be used to parse
753             application-specific files written by humans.
754              
755             $json->allow_barekey->decode('{foo:"bar"}');
756              
757             =item $json = $json->allow_bignum ([$enable])
758              
759             =item $enabled = $json->get_allow_bignum
760              
761             $json = $json->allow_bignum([$enable])
762              
763             If C<$enable> is true (or missing), then C will convert
764             the big integer Perl cannot handle as integer into a L
765             object and convert a floating number (any) into a L.
766              
767             On the contrary, C converts C objects and
768             C objects into JSON numbers with C
769             enable.
770              
771             $json->allow_nonref->allow_blessed->allow_bignum;
772             $bigfloat = $json->decode('2.000000000000000000000000001');
773             print $json->encode($bigfloat);
774             # => 2.000000000000000000000000001
775              
776             See L about the normal conversion of JSON number.
777              
778              
779             =item $json = $json->allow_bigint ([$enable])
780              
781             This option is obsolete and replaced by allow_bignum.
782              
783              
784             =item $json = $json->allow_nonref ([$enable])
785              
786             =item $enabled = $json->get_allow_nonref
787              
788             If C<$enable> is true (or missing), then the C method can
789             convert a non-reference into its corresponding string, number or null
790             JSON value, which is an extension to RFC4627. Likewise, C will
791             accept those JSON values instead of croaking.
792              
793             If C<$enable> is false, then the C method will croak if it isn't
794             passed an arrayref or hashref, as JSON texts must either be an object
795             or array. Likewise, C will croak if given something that is not a
796             JSON object or array.
797              
798             Example, encode a Perl scalar as JSON value with enabled C,
799             resulting in an invalid JSON text:
800              
801             Cpanel::JSON::XS->new->allow_nonref->encode ("Hello, World!")
802             => "Hello, World!"
803              
804             =item $json = $json->allow_unknown ([$enable])
805              
806             =item $enabled = $json->get_allow_unknown
807              
808             If C<$enable> is true (or missing), then C will I throw an
809             exception when it encounters values it cannot represent in JSON (for
810             example, filehandles) but instead will encode a JSON C value. Note
811             that blessed objects are not included here and are handled separately by
812             c.
813              
814             If C<$enable> is false (the default), then C will throw an
815             exception when it encounters anything it cannot encode as JSON.
816              
817             This option does not affect C in any way, and it is recommended to
818             leave it off unless you know your communications partner.
819              
820             =item $json = $json->allow_stringify ([$enable])
821              
822             =item $enabled = $json->get_allow_stringify
823              
824             If C<$enable> is true (or missing), then C will stringify the
825             non-object perl value or reference. Note that blessed objects are not
826             included here and are handled separately by C and
827             C. String references are stringified to the string
828             value, other references as in perl.
829              
830             This option does not affect C in any way.
831              
832             This option is special to this module, it is not supported by other
833             encoders. So it is not recommended to use it.
834              
835             =item $json = $json->require_types ([$enable])
836              
837             =item $enable = $json->get_require_types
838              
839             $json = $json->require_types([$enable])
840              
841             If C<$enable> is true (or missing), then C will require
842             second argument with supplied JSON types. See L.
843             When second argument is not provided (or is undef), then C
844             croaks. It also croaks when the type for provided structure in
845             C is incomplete.
846              
847             =item $json = $json->allow_dupkeys ([$enable])
848              
849             =item $enabled = $json->get_allow_dupkeys
850              
851             If C<$enable> is true (or missing), then the C method will not
852             die when it encounters duplicate keys in a hash.
853             C is also enabled in the C mode.
854              
855             The JSON spec allows duplicate name in objects but recommends to
856             disable it, however with Perl hashes they are impossible, parsing
857             JSON in Perl silently ignores duplicate names, using the last value
858             found.
859              
860             See L:
861             RFC 7159 section 4: "The names within an object should be unique."
862              
863             =item $json = $json->allow_blessed ([$enable])
864              
865             =item $enabled = $json->get_allow_blessed
866              
867             If C<$enable> is true (or missing), then the C method will not
868             barf when it encounters a blessed reference. Instead, the value of the
869             B option will decide whether C (C
870             disabled or no C method found) or a representation of the
871             object (C enabled and C method found) is being
872             encoded. Has no effect on C.
873              
874             If C<$enable> is false (the default), then C will throw an
875             exception when it encounters a blessed object.
876              
877             This setting has no effect on C.
878              
879             =item $json = $json->convert_blessed ([$enable])
880              
881             =item $enabled = $json->get_convert_blessed
882              
883             If C<$enable> is true (or missing), then C, upon encountering a
884             blessed object, will check for the availability of the C method
885             on the object's class. If found, it will be called in scalar context
886             and the resulting scalar will be encoded instead of the object. If no
887             C method is found, a stringification overload method is tried next.
888             If both are not found, the value of C will decide what
889             to do.
890              
891             The C method may safely call die if it wants. If C
892             returns other blessed objects, those will be handled in the same
893             way. C must take care of not causing an endless recursion
894             cycle (== crash) in this case. The same care must be taken with
895             calling encode in stringify overloads (even if this works by luck in
896             older perls) or other callbacks. The name of C was chosen
897             because other methods called by the Perl core (== not by the user of
898             the object) are usually in upper case letters and to avoid collisions
899             with any C function or method.
900              
901             If C<$enable> is false (the default), then C will not consider
902             this type of conversion.
903              
904             This setting has no effect on C.
905              
906             =item $json = $json->allow_tags ([$enable])
907              
908             =item $enabled = $json->get_allow_tags
909              
910             See L for details.
911              
912             If C<$enable> is true (or missing), then C, upon encountering a
913             blessed object, will check for the availability of the C method on
914             the object's class. If found, it will be used to serialize the object into
915             a nonstandard tagged JSON value (that JSON decoders cannot decode).
916              
917             It also causes C to parse such tagged JSON values and deserialize
918             them via a call to the C method.
919              
920             If C<$enable> is false (the default), then C will not consider
921             this type of conversion, and tagged JSON values will cause a parse error
922             in C, as if tags were not part of the grammar.
923              
924             =item $json = $json->filter_json_object ([$coderef->($hashref)])
925              
926             When C<$coderef> is specified, it will be called from C each
927             time it decodes a JSON object. The only argument is a reference to the
928             newly-created hash. If the code references returns a single scalar (which
929             need not be a reference), this value (i.e. a copy of that scalar to avoid
930             aliasing) is inserted into the deserialized data structure. If it returns
931             an empty list (NOTE: I C, which is a valid scalar), the
932             original deserialized hash will be inserted. This setting can slow down
933             decoding considerably.
934              
935             When C<$coderef> is omitted or undefined, any existing callback will
936             be removed and C will not change the deserialized hash in any
937             way.
938              
939             Example, convert all JSON objects into the integer 5:
940              
941             my $js = Cpanel::JSON::XS->new->filter_json_object (sub { 5 });
942             # returns [5]
943             $js->decode ('[{}]')
944             # throw an exception because allow_nonref is not enabled
945             # so a lone 5 is not allowed.
946             $js->decode ('{"a":1, "b":2}');
947              
948             =item $json = $json->filter_json_single_key_object ($key [=> $coderef->($value)])
949              
950             Works remotely similar to C, but is only called for
951             JSON objects having a single key named C<$key>.
952              
953             This C<$coderef> is called before the one specified via
954             C, if any. It gets passed the single value in the JSON
955             object. If it returns a single value, it will be inserted into the data
956             structure. If it returns nothing (not even C but the empty list),
957             the callback from C will be called next, as if no
958             single-key callback were specified.
959              
960             If C<$coderef> is omitted or undefined, the corresponding callback will be
961             disabled. There can only ever be one callback for a given key.
962              
963             As this callback gets called less often then the C
964             one, decoding speed will not usually suffer as much. Therefore, single-key
965             objects make excellent targets to serialize Perl objects into, especially
966             as single-key JSON objects are as close to the type-tagged value concept
967             as JSON gets (it's basically an ID/VALUE tuple). Of course, JSON does not
968             support this in any way, so you need to make sure your data never looks
969             like a serialized Perl hash.
970              
971             Typical names for the single object key are C<__class_whatever__>, or
972             C<$__dollars_are_rarely_used__$> or C<}ugly_brace_placement>, or even
973             things like C<__class_md5sum(classname)__>, to reduce the risk of clashing
974             with real hashes.
975              
976             Example, decode JSON objects of the form C<< { "__widget__" => } >>
977             into the corresponding C<< $WIDGET{} >> object:
978              
979             # return whatever is in $WIDGET{5}:
980             Cpanel::JSON::XS
981             ->new
982             ->filter_json_single_key_object (__widget__ => sub {
983             $WIDGET{ $_[0] }
984             })
985             ->decode ('{"__widget__": 5')
986              
987             # this can be used with a TO_JSON method in some "widget" class
988             # for serialization to json:
989             sub WidgetBase::TO_JSON {
990             my ($self) = @_;
991              
992             unless ($self->{id}) {
993             $self->{id} = ..get..some..id..;
994             $WIDGET{$self->{id}} = $self;
995             }
996              
997             { __widget__ => $self->{id} }
998             }
999              
1000             =item $json = $json->shrink ([$enable])
1001              
1002             =item $enabled = $json->get_shrink
1003              
1004             Perl usually over-allocates memory a bit when allocating space for
1005             strings. This flag optionally resizes strings generated by either
1006             C or C to their minimum size possible. This can save
1007             memory when your JSON texts are either very very long or you have many
1008             short strings. It will also try to downgrade any strings to octet-form
1009             if possible: perl stores strings internally either in an encoding called
1010             UTF-X or in octet-form. The latter cannot store everything but uses less
1011             space in general (and some buggy Perl or C code might even rely on that
1012             internal representation being used).
1013              
1014             The actual definition of what shrink does might change in future versions,
1015             but it will always try to save space at the expense of time.
1016              
1017             If C<$enable> is true (or missing), the string returned by C will
1018             be shrunk-to-fit, while all strings generated by C will also be
1019             shrunk-to-fit.
1020              
1021             If C<$enable> is false, then the normal perl allocation algorithms are used.
1022             If you work with your data, then this is likely to be faster.
1023              
1024             In the future, this setting might control other things, such as converting
1025             strings that look like integers or floats into integers or floats
1026             internally (there is no difference on the Perl level), saving space.
1027              
1028             =item $json = $json->max_depth ([$maximum_nesting_depth])
1029              
1030             =item $max_depth = $json->get_max_depth
1031              
1032             Sets the maximum nesting level (default C<512>) accepted while encoding
1033             or decoding. If a higher nesting level is detected in JSON text or a Perl
1034             data structure, then the encoder and decoder will stop and croak at that
1035             point.
1036              
1037             Nesting level is defined by number of hash- or arrayrefs that the encoder
1038             needs to traverse to reach a given point or the number of C<{> or C<[>
1039             characters without their matching closing parenthesis crossed to reach a
1040             given character in a string.
1041              
1042             Setting the maximum depth to one disallows any nesting, so that ensures
1043             that the object is only a single hash/object or array.
1044              
1045             If no argument is given, the highest possible setting will be used, which
1046             is rarely useful.
1047              
1048             Note that nesting is implemented by recursion in C. The default value has
1049             been chosen to be as large as typical operating systems allow without
1050             crashing.
1051              
1052             See SECURITY CONSIDERATIONS, below, for more info on why this is useful.
1053              
1054             =item $json = $json->max_size ([$maximum_string_size])
1055              
1056             =item $max_size = $json->get_max_size
1057              
1058             Set the maximum length a JSON text may have (in bytes) where decoding is
1059             being attempted. The default is C<0>, meaning no limit. When C
1060             is called on a string that is longer then this many bytes, it will not
1061             attempt to decode the string but throw an exception. This setting has no
1062             effect on C (yet).
1063              
1064             If no argument is given, the limit check will be deactivated (same as when
1065             C<0> is specified).
1066              
1067             See L, below, for more info on why this is useful.
1068              
1069             =item $json->stringify_infnan ([$infnan_mode = 1])
1070              
1071             =item $infnan_mode = $json->get_stringify_infnan
1072              
1073             Get or set how Cpanel::JSON::XS encodes C, C<-inf> or C for numeric
1074             values. Also qnan, snan or negative nan on some platforms.
1075              
1076             C: infnan_mode = 0. Similar to most JSON modules in other languages.
1077             Always null.
1078              
1079             stringified: infnan_mode = 1. As in Mojo::JSON. Platform specific strings.
1080             Stringified via sprintf(%g), with double quotes.
1081              
1082             inf/nan: infnan_mode = 2. As in JSON::XS, and older releases.
1083             Passes through platform dependent values, invalid JSON. Stringified via
1084             sprintf(%g), but without double quotes.
1085              
1086             "inf/-inf/nan": infnan_mode = 3. Platform independent inf/nan/-inf
1087             strings. No QNAN/SNAN/negative NAN support, unified to "nan". Much
1088             easier to detect, but may conflict with valid strings.
1089              
1090             =item $json_text = $json->encode ($perl_scalar, $json_type)
1091              
1092             Converts the given Perl data structure (a simple scalar or a reference
1093             to a hash or array) to its JSON representation. Simple scalars will be
1094             converted into JSON string or number sequences, while references to
1095             arrays become JSON arrays and references to hashes become JSON
1096             objects. Undefined Perl values (e.g. C) become JSON C
1097             values. Neither C nor C values will be generated.
1098              
1099             For the type argument see L.
1100              
1101             =item $perl_scalar = $json->decode ($json_text, my $json_type)
1102              
1103             The opposite of C: expects a JSON text and tries to parse it,
1104             returning the resulting simple scalar or reference. Croaks on error.
1105              
1106             JSON numbers and strings become simple Perl scalars. JSON arrays become
1107             Perl arrayrefs and JSON objects become Perl hashrefs. C becomes
1108             C<1>, C becomes C<0> and C becomes C.
1109              
1110             For the type argument see L.
1111              
1112             =item ($perl_scalar, $characters) = $json->decode_prefix ($json_text)
1113              
1114             This works like the C method, but instead of raising an exception
1115             when there is trailing garbage after the first JSON object, it will
1116             silently stop parsing there and return the number of characters consumed
1117             so far.
1118              
1119             This is useful if your JSON texts are not delimited by an outer protocol
1120             and you need to know where the JSON text ends.
1121              
1122             Cpanel::JSON::XS->new->decode_prefix ("[1] the tail")
1123             => ([1], 3)
1124              
1125             =item $json->to_json ($perl_hash_or_arrayref)
1126              
1127             Deprecated method for perl 5.8 and newer. Use L instead.
1128              
1129             =item $json->from_json ($utf8_encoded_json_text)
1130              
1131             Deprecated method for perl 5.8 and newer. Use L instead.
1132              
1133             =back
1134              
1135              
1136             =head1 INCREMENTAL PARSING
1137              
1138             In some cases, there is the need for incremental parsing of JSON
1139             texts. While this module always has to keep both JSON text and resulting
1140             Perl data structure in memory at one time, it does allow you to parse a
1141             JSON stream incrementally. It does so by accumulating text until it has
1142             a full JSON object, which it then can decode. This process is similar to
1143             using C to see if a full JSON object is available, but
1144             is much more efficient (and can be implemented with a minimum of method
1145             calls).
1146              
1147             Cpanel::JSON::XS will only attempt to parse the JSON text once it is
1148             sure it has enough text to get a decisive result, using a very simple
1149             but truly incremental parser. This means that it sometimes won't stop
1150             as early as the full parser, for example, it doesn't detect mismatched
1151             parentheses. The only thing it guarantees is that it starts decoding
1152             as soon as a syntactically valid JSON text has been seen. This means
1153             you need to set resource limits (e.g. C) to ensure the
1154             parser will stop parsing in the presence if syntax errors.
1155              
1156             The following methods implement this incremental parser.
1157              
1158             =over 4
1159              
1160             =item [void, scalar or list context] = $json->incr_parse ([$string])
1161              
1162             This is the central parsing function. It can both append new text and
1163             extract objects from the stream accumulated so far (both of these
1164             functions are optional).
1165              
1166             If C<$string> is given, then this string is appended to the already
1167             existing JSON fragment stored in the C<$json> object.
1168              
1169             After that, if the function is called in void context, it will simply
1170             return without doing anything further. This can be used to add more text
1171             in as many chunks as you want.
1172              
1173             If the method is called in scalar context, then it will try to extract
1174             exactly I JSON object. If that is successful, it will return this
1175             object, otherwise it will return C. If there is a parse error,
1176             this method will croak just as C would do (one can then use
1177             C to skip the erroneous part). This is the most common way of
1178             using the method.
1179              
1180             And finally, in list context, it will try to extract as many objects
1181             from the stream as it can find and return them, or the empty list
1182             otherwise. For this to work, there must be no separators between the JSON
1183             objects or arrays, instead they must be concatenated back-to-back. If
1184             an error occurs, an exception will be raised as in the scalar context
1185             case. Note that in this case, any previously-parsed JSON texts will be
1186             lost.
1187              
1188             Example: Parse some JSON arrays/objects in a given string and return
1189             them.
1190              
1191             my @objs = Cpanel::JSON::XS->new->incr_parse ("[5][7][1,2]");
1192              
1193             =item $lvalue_string = $json->incr_text (>5.8 only)
1194              
1195             This method returns the currently stored JSON fragment as an lvalue, that
1196             is, you can manipulate it. This I works when a preceding call to
1197             C in I successfully returned an object, and
1198             2. only with Perl >= 5.8
1199              
1200             Under all other circumstances you must not call this function (I mean
1201             it. although in simple tests it might actually work, it I fail
1202             under real world conditions). As a special exception, you can also
1203             call this method before having parsed anything.
1204              
1205             This function is useful in two cases: a) finding the trailing text after a
1206             JSON object or b) parsing multiple JSON objects separated by non-JSON text
1207             (such as commas).
1208              
1209             =item $json->incr_skip
1210              
1211             This will reset the state of the incremental parser and will remove
1212             the parsed text from the input buffer so far. This is useful after
1213             C died, in which case the input buffer and incremental parser
1214             state is left unchanged, to skip the text parsed so far and to reset the
1215             parse state.
1216              
1217             The difference to C is that only text until the parse error
1218             occurred is removed.
1219              
1220             =item $json->incr_reset
1221              
1222             This completely resets the incremental parser, that is, after this call,
1223             it will be as if the parser had never parsed anything.
1224              
1225             This is useful if you want to repeatedly parse JSON objects and want to
1226             ignore any trailing data, which means you have to reset the parser after
1227             each successful decode.
1228              
1229             =back
1230              
1231             =head2 LIMITATIONS
1232              
1233             All options that affect decoding are supported, except
1234             C. The reason for this is that it cannot be made to work
1235             sensibly: JSON objects and arrays are self-delimited, i.e. you can
1236             concatenate them back to back and still decode them perfectly. This
1237             does not hold true for JSON numbers, however.
1238              
1239             For example, is the string C<1> a single JSON number, or is it simply
1240             the start of C<12>? Or is C<12> a single JSON number, or the
1241             concatenation of C<1> and C<2>? In neither case you can tell, and this
1242             is why Cpanel::JSON::XS takes the conservative route and disallows
1243             this case.
1244              
1245             =head2 EXAMPLES
1246              
1247             Some examples will make all this clearer. First, a simple example that
1248             works similarly to C: We want to decode the JSON object at
1249             the start of a string and identify the portion after the JSON object:
1250              
1251             my $text = "[1,2,3] hello";
1252              
1253             my $json = new Cpanel::JSON::XS;
1254              
1255             my $obj = $json->incr_parse ($text)
1256             or die "expected JSON object or array at beginning of string";
1257              
1258             my $tail = $json->incr_text;
1259             # $tail now contains " hello"
1260              
1261             Easy, isn't it?
1262              
1263             Now for a more complicated example: Imagine a hypothetical protocol where
1264             you read some requests from a TCP stream, and each request is a JSON
1265             array, without any separation between them (in fact, it is often useful to
1266             use newlines as "separators", as these get interpreted as whitespace at
1267             the start of the JSON text, which makes it possible to test said protocol
1268             with C...).
1269              
1270             Here is how you'd do it (it is trivial to write this in an event-based
1271             manner):
1272              
1273             my $json = new Cpanel::JSON::XS;
1274              
1275             # read some data from the socket
1276             while (sysread $socket, my $buf, 4096) {
1277              
1278             # split and decode as many requests as possible
1279             for my $request ($json->incr_parse ($buf)) {
1280             # act on the $request
1281             }
1282             }
1283              
1284             Another complicated example: Assume you have a string with JSON objects
1285             or arrays, all separated by (optional) comma characters (e.g. C<[1],[2],
1286             [3]>). To parse them, we have to skip the commas between the JSON texts,
1287             and here is where the lvalue-ness of C comes in useful:
1288              
1289             my $text = "[1],[2], [3]";
1290             my $json = new Cpanel::JSON::XS;
1291              
1292             # void context, so no parsing done
1293             $json->incr_parse ($text);
1294              
1295             # now extract as many objects as possible. note the
1296             # use of scalar context so incr_text can be called.
1297             while (my $obj = $json->incr_parse) {
1298             # do something with $obj
1299              
1300             # now skip the optional comma
1301             $json->incr_text =~ s/^ \s* , //x;
1302             }
1303              
1304             Now lets go for a very complex example: Assume that you have a gigantic
1305             JSON array-of-objects, many gigabytes in size, and you want to parse it,
1306             but you cannot load it into memory fully (this has actually happened in
1307             the real world :).
1308              
1309             Well, you lost, you have to implement your own JSON parser. But
1310             Cpanel::JSON::XS can still help you: You implement a (very simple)
1311             array parser and let JSON decode the array elements, which are all
1312             full JSON objects on their own (this wouldn't work if the array
1313             elements could be JSON numbers, for example):
1314              
1315             my $json = new Cpanel::JSON::XS;
1316              
1317             # open the monster
1318             open my $fh, "
1319             or die "bigfile: $!";
1320              
1321             # first parse the initial "["
1322             for (;;) {
1323             sysread $fh, my $buf, 65536
1324             or die "read error: $!";
1325             $json->incr_parse ($buf); # void context, so no parsing
1326              
1327             # Exit the loop once we found and removed(!) the initial "[".
1328             # In essence, we are (ab-)using the $json object as a simple scalar
1329             # we append data to.
1330             last if $json->incr_text =~ s/^ \s* \[ //x;
1331             }
1332              
1333             # now we have the skipped the initial "[", so continue
1334             # parsing all the elements.
1335             for (;;) {
1336             # in this loop we read data until we got a single JSON object
1337             for (;;) {
1338             if (my $obj = $json->incr_parse) {
1339             # do something with $obj
1340             last;
1341             }
1342              
1343             # add more data
1344             sysread $fh, my $buf, 65536
1345             or die "read error: $!";
1346             $json->incr_parse ($buf); # void context, so no parsing
1347             }
1348              
1349             # in this loop we read data until we either found and parsed the
1350             # separating "," between elements, or the final "]"
1351             for (;;) {
1352             # first skip whitespace
1353             $json->incr_text =~ s/^\s*//;
1354              
1355             # if we find "]", we are done
1356             if ($json->incr_text =~ s/^\]//) {
1357             print "finished.\n";
1358             exit;
1359             }
1360              
1361             # if we find ",", we can continue with the next element
1362             if ($json->incr_text =~ s/^,//) {
1363             last;
1364             }
1365              
1366             # if we find anything else, we have a parse error!
1367             if (length $json->incr_text) {
1368             die "parse error near ", $json->incr_text;
1369             }
1370              
1371             # else add more data
1372             sysread $fh, my $buf, 65536
1373             or die "read error: $!";
1374             $json->incr_parse ($buf); # void context, so no parsing
1375             }
1376              
1377             This is a complex example, but most of the complexity comes from the fact
1378             that we are trying to be correct (bear with me if I am wrong, I never ran
1379             the above example :).
1380              
1381             =head1 BOM
1382              
1383             Detect all unicode B on decode.
1384             Which are UTF-8, UTF-16LE, UTF-16BE, UTF-32LE and UTF-32BE.
1385              
1386             The BOM encoding is set only for one specific decode call, it does not
1387             change the state of the JSON object.
1388              
1389             B: With perls older than 5.20 you need load the Encode module
1390             before loading a multibyte BOM, i.e. >= UTF-16. Otherwise an error is
1391             thrown. This is an implementation limitation and might get fixed later.
1392              
1393             See L
1394             I<"JSON text SHALL be encoded in UTF-8, UTF-16, or UTF-32.">
1395              
1396             I<"Implementations MUST NOT add a byte order mark to the beginning of a
1397             JSON text", "implementations (...) MAY ignore the presence of a byte
1398             order mark rather than treating it as an error".>
1399              
1400             See also L.
1401              
1402             Beware that Cpanel::JSON::XS is currently the only JSON module which
1403             does accept and decode a BOM.
1404              
1405             The latest JSON spec
1406             L
1407             forbid the usage of UTF-16 or UTF-32, the character encoding is UTF-8.
1408             Thus in subsequent updates BOM's of UTF-16 or UTF-32 will throw an error.
1409              
1410             =head1 MAPPING
1411              
1412             This section describes how Cpanel::JSON::XS maps Perl values to JSON
1413             values and vice versa. These mappings are designed to "do the right
1414             thing" in most circumstances automatically, preserving round-tripping
1415             characteristics (what you put in comes out as something equivalent).
1416              
1417             For the more enlightened: note that in the following descriptions,
1418             lowercase I refers to the Perl interpreter, while uppercase I
1419             refers to the abstract Perl language itself.
1420              
1421              
1422             =head2 JSON -> PERL
1423              
1424             =over 4
1425              
1426             =item object
1427              
1428             A JSON object becomes a reference to a hash in Perl. No ordering of object
1429             keys is preserved (JSON does not preserve object key ordering itself).
1430              
1431             =item array
1432              
1433             A JSON array becomes a reference to an array in Perl.
1434              
1435             =item string
1436              
1437             A JSON string becomes a string scalar in Perl - Unicode codepoints in JSON
1438             are represented by the same codepoints in the Perl string, so no manual
1439             decoding is necessary.
1440              
1441             =item number
1442              
1443             A JSON number becomes either an integer, numeric (floating point) or
1444             string scalar in perl, depending on its range and any fractional parts. On
1445             the Perl level, there is no difference between those as Perl handles all
1446             the conversion details, but an integer may take slightly less memory and
1447             might represent more values exactly than floating point numbers.
1448              
1449             If the number consists of digits only, Cpanel::JSON::XS will try to
1450             represent it as an integer value. If that fails, it will try to
1451             represent it as a numeric (floating point) value if that is possible
1452             without loss of precision. Otherwise it will preserve the number as a
1453             string value (in which case you lose roundtripping ability, as the
1454             JSON number will be re-encoded to a JSON string).
1455              
1456             Numbers containing a fractional or exponential part will always be
1457             represented as numeric (floating point) values, possibly at a loss of
1458             precision (in which case you might lose perfect roundtripping ability, but
1459             the JSON number will still be re-encoded as a JSON number).
1460              
1461             Note that precision is not accuracy - binary floating point values
1462             cannot represent most decimal fractions exactly, and when converting
1463             from and to floating point, C only guarantees precision
1464             up to but not including the least significant bit.
1465              
1466             =item true, false
1467              
1468             When C is set to true, then JSON C becomes C<1> and
1469             JSON C becomes C<0>.
1470              
1471             Otherwise these JSON atoms become C and
1472             C, respectively. They are C
1473             objects and are overloaded to act almost exactly like the numbers C<1>
1474             and C<0>. You can check whether a scalar is a JSON boolean by using
1475             the C function.
1476              
1477             The other round, from perl to JSON, C which is represented as
1478             C becomes C, and C which is represented as
1479             C becomes C.
1480              
1481             Via L you can now even force negation in C,
1482             without overloading of C:
1483              
1484             my $false = Cpanel::JSON::XS::false;
1485             print($json->encode([!$false], [JSON_TYPE_BOOL]));
1486             => [true]
1487              
1488             =item null
1489              
1490             A JSON null atom becomes C in Perl.
1491              
1492             =item shell-style comments (C<< # I >>)
1493              
1494             As a nonstandard extension to the JSON syntax that is enabled by the
1495             C setting, shell-style comments are allowed. They can start
1496             anywhere outside strings and go till the end of the line.
1497              
1498             =item tagged values (C<< (I)I >>).
1499              
1500             Another nonstandard extension to the JSON syntax, enabled with the
1501             C setting, are tagged values. In this implementation, the
1502             I must be a perl package/class name encoded as a JSON string, and the
1503             I must be a JSON array encoding optional constructor arguments.
1504              
1505             See L, below, for details.
1506              
1507             =back
1508              
1509              
1510             =head2 PERL -> JSON
1511              
1512             The mapping from Perl to JSON is slightly more difficult, as Perl is a
1513             truly typeless language, so we can only guess which JSON type is meant by
1514             a Perl value.
1515              
1516             =over 4
1517              
1518             =item hash references
1519              
1520             Perl hash references become JSON objects. As there is no inherent ordering
1521             in hash keys (or JSON objects), they will usually be encoded in a
1522             pseudo-random order that can change between runs of the same program but
1523             stays generally the same within a single run of a program. Cpanel::JSON::XS can
1524             optionally sort the hash keys (determined by the I flag), so
1525             the same datastructure will serialize to the same JSON text (given same
1526             settings and version of Cpanel::JSON::XS), but this incurs a runtime overhead
1527             and is only rarely useful, e.g. when you want to compare some JSON text
1528             against another for equality.
1529              
1530             =item array references
1531              
1532             Perl array references become JSON arrays.
1533              
1534             =item other references
1535              
1536             Other unblessed references are generally not allowed and will cause an
1537             exception to be thrown, except for references to the integers C<0> and
1538             C<1>, which get turned into C and C atoms in JSON.
1539              
1540             With the option C, you can ignore the exception and return
1541             the stringification of the perl value.
1542              
1543             With the option C, you can ignore the exception and
1544             return C instead.
1545              
1546             encode_json [\"x"] # => cannot encode reference to scalar 'SCALAR(0x..)'
1547             # unless the scalar is 0 or 1
1548             encode_json [\0, \1] # yields [false,true]
1549              
1550             allow_stringify->encode_json [\"x"] # yields "x" unlike JSON::PP
1551             allow_unknown->encode_json [\"x"] # yields null as in JSON::PP
1552              
1553             =item Cpanel::JSON::XS::true, Cpanel::JSON::XS::false
1554              
1555             These special values become JSON true and JSON false values,
1556             respectively. You can also use C<\1> and C<\0> or C and C
1557             directly if you want.
1558              
1559             encode_json [Cpanel::JSON::XS::false, Cpanel::JSON::XS::true] # yields [false,true]
1560             encode_json [!1, !0], [JSON_TYPE_BOOL, JSON_TYPE_BOOL] # yields [false,true]
1561              
1562             eq/ne comparisons with true, false:
1563              
1564             false is eq to the empty string or the string 'false' or the special
1565             empty string C or C, i.e. C, or the numbers 0 or 0.0.
1566              
1567             true is eq to the string 'true' or to the special string C
1568             (i.e. C) or to the numbers 1 or 1.0.
1569              
1570             =item blessed objects
1571              
1572             Blessed objects are not directly representable in JSON, but
1573             C allows various optional ways of handling
1574             objects. See L, below, for details.
1575              
1576             See the C and C methods on various
1577             options on how to deal with this: basically, you can choose between
1578             throwing an exception, encoding the reference as if it weren't
1579             blessed, use the objects overloaded stringification method or provide
1580             your own serializer method.
1581              
1582             =item simple scalars
1583              
1584             Simple Perl scalars (any scalar that is not a reference) are the most
1585             difficult objects to encode: Cpanel::JSON::XS will encode undefined
1586             scalars or inf/nan as JSON C values and other scalars to either
1587             number or string in non-deterministic way which may be affected or
1588             changed by Perl version or any other loaded Perl module.
1589              
1590             If you want to have stable and deterministic types in JSON encoder then
1591             use L.
1592              
1593             Non-deterministic behavior is following: scalars that have last been
1594             used in a string context before encoding as JSON strings, and anything
1595             else as number value:
1596              
1597             # dump as number
1598             encode_json [2] # yields [2]
1599             encode_json [-3.0e17] # yields [-3e+17]
1600             my $value = 5; encode_json [$value] # yields [5]
1601              
1602             # used as string, but the two representations are for the same number
1603             print $value;
1604             encode_json [$value] # yields [5]
1605              
1606             # used as different string (non-matching dual-var)
1607             my $str = '0 but true';
1608             my $num = 1 + $str;
1609             encode_json [$num, $str] # yields [1,"0 but true"]
1610              
1611             # undef becomes null
1612             encode_json [undef] # yields [null]
1613              
1614             # inf or nan becomes null, unless you answered
1615             # "Do you want to handle inf/nan as strings" with yes
1616             encode_json [9**9**9] # yields [null]
1617              
1618             You can force the type to be a JSON string by stringifying it:
1619              
1620             my $x = 3.1; # some variable containing a number
1621             "$x"; # stringified
1622             $x .= ""; # another, more awkward way to stringify
1623             print $x; # perl does it for you, too, quite often
1624              
1625             You can force the type to be a JSON number by numifying it:
1626              
1627             my $x = "3"; # some variable containing a string
1628             $x += 0; # numify it, ensuring it will be dumped as a number
1629             $x *= 1; # same thing, the choice is yours.
1630              
1631             Note that numerical precision has the same meaning as under Perl (so
1632             binary to decimal conversion follows the same rules as in Perl, which
1633             can differ to other languages). Also, your perl interpreter might expose
1634             extensions to the floating point numbers of your platform, such as
1635             infinities or NaN's - these cannot be represented in JSON, and thus
1636             null is returned instead. Optionally you can configure it to stringify
1637             inf and nan values.
1638              
1639             =back
1640              
1641             =head2 OBJECT SERIALIZATION
1642              
1643             As JSON cannot directly represent Perl objects, you have to choose between
1644             a pure JSON representation (without the ability to deserialize the object
1645             automatically again), and a nonstandard extension to the JSON syntax,
1646             tagged values.
1647              
1648             =head3 SERIALIZATION
1649              
1650             What happens when C encounters a Perl object depends
1651             on the C, C and C
1652             settings, which are used in this order:
1653              
1654             =over 4
1655              
1656             =item 1. C is enabled and the object has a C method.
1657              
1658             In this case, C uses the L object
1659             serialization protocol to create a tagged JSON value, using a nonstandard
1660             extension to the JSON syntax.
1661              
1662             This works by invoking the C method on the object, with the first
1663             argument being the object to serialize, and the second argument being the
1664             constant string C to distinguish it from other serializers.
1665              
1666             The C method can return any number of values (i.e. zero or
1667             more). These values and the paclkage/classname of the object will then be
1668             encoded as a tagged JSON value in the following format:
1669              
1670             ("classname")[FREEZE return values...]
1671              
1672             e.g.:
1673              
1674             ("URI")["http://www.google.com/"]
1675             ("MyDate")[2013,10,29]
1676             ("ImageData::JPEG")["Z3...VlCg=="]
1677              
1678             For example, the hypothetical C C method might use the
1679             objects C and C members to encode the object:
1680              
1681             sub My::Object::FREEZE {
1682             my ($self, $serializer) = @_;
1683              
1684             ($self->{type}, $self->{id})
1685             }
1686              
1687             =item 2. C is enabled and the object has a C method.
1688              
1689             In this case, the C method of the object is invoked in scalar
1690             context. It must return a single scalar that can be directly encoded into
1691             JSON. This scalar replaces the object in the JSON text.
1692              
1693             For example, the following C method will convert all L
1694             objects to JSON strings when serialized. The fact that these values
1695             originally were L objects is lost.
1696              
1697             sub URI::TO_JSON {
1698             my ($uri) = @_;
1699             $uri->as_string
1700             }
1701              
1702             =item 3. C is enabled and the object has a stringification overload.
1703              
1704             In this case, the overloaded C<""> method of the object is invoked in scalar
1705             context. It must return a single scalar that can be directly encoded into
1706             JSON. This scalar replaces the object in the JSON text.
1707              
1708             For example, the following C<""> method will convert all L
1709             objects to JSON strings when serialized. The fact that these values
1710             originally were L objects is lost.
1711              
1712             package URI;
1713             use overload '""' => sub { shift->as_string };
1714              
1715             =item 4. C is enabled.
1716              
1717             The object will be serialized as a JSON null value.
1718              
1719             =item 5. none of the above
1720              
1721             If none of the settings are enabled or the respective methods are missing,
1722             C throws an exception.
1723              
1724             =back
1725              
1726             =head3 DESERIALIZATION
1727              
1728             For deserialization there are only two cases to consider: either
1729             nonstandard tagging was used, in which case C decides,
1730             or objects cannot be automatically be deserialized, in which
1731             case you can use postprocessing or the C or
1732             C callbacks to get some real objects our of
1733             your JSON.
1734              
1735             This section only considers the tagged value case: I a tagged JSON object
1736             is encountered during decoding and C is disabled, a parse
1737             error will result (as if tagged values were not part of the grammar).
1738              
1739             If C is enabled, C will look up the C method
1740             of the package/classname used during serialization (it will not attempt
1741             to load the package as a Perl module). If there is no such method, the
1742             decoding will fail with an error.
1743              
1744             Otherwise, the C method is invoked with the classname as first
1745             argument, the constant string C as second argument, and all the
1746             values from the JSON array (the values originally returned by the
1747             C method) as remaining arguments.
1748              
1749             The method must then return the object. While technically you can return
1750             any Perl scalar, you might have to enable the C setting to
1751             make that work in all cases, so better return an actual blessed reference.
1752              
1753             As an example, let's implement a C function that regenerates the
1754             C from the C example earlier:
1755              
1756             sub My::Object::THAW {
1757             my ($class, $serializer, $type, $id) = @_;
1758              
1759             $class->new (type => $type, id => $id)
1760             }
1761              
1762             See the L section below. Allowing external
1763             json objects being deserialized to perl objects is usually a very bad
1764             idea.
1765              
1766              
1767             =head1 ENCODING/CODESET FLAG NOTES
1768              
1769             The interested reader might have seen a number of flags that signify
1770             encodings or codesets - C, C, C and
1771             C. There seems to be some confusion on what these do, so here
1772             is a short comparison:
1773              
1774             C controls whether the JSON text created by C (and expected
1775             by C) is UTF-8 encoded or not, while C and C only
1776             control whether C escapes character values outside their respective
1777             codeset range. Neither of these flags conflict with each other, although
1778             some combinations make less sense than others.
1779              
1780             Care has been taken to make all flags symmetrical with respect to
1781             C and C, that is, texts encoded with any combination of
1782             these flag values will be correctly decoded when the same flags are used
1783             - in general, if you use different flag settings while encoding vs. when
1784             decoding you likely have a bug somewhere.
1785              
1786             Below comes a verbose discussion of these flags. Note that a "codeset" is
1787             simply an abstract set of character-codepoint pairs, while an encoding
1788             takes those codepoint numbers and I them, in our case into
1789             octets. Unicode is (among other things) a codeset, UTF-8 is an encoding,
1790             and ISO-8859-1 (= latin 1) and ASCII are both codesets I encodings at
1791             the same time, which can be confusing.
1792              
1793             =over 4
1794              
1795             =item C flag disabled
1796              
1797             When C is disabled (the default), then C/C generate
1798             and expect Unicode strings, that is, characters with high ordinal Unicode
1799             values (> 255) will be encoded as such characters, and likewise such
1800             characters are decoded as-is, no changes to them will be done, except
1801             "(re-)interpreting" them as Unicode codepoints or Unicode characters,
1802             respectively (to Perl, these are the same thing in strings unless you do
1803             funny/weird/dumb stuff).
1804              
1805             This is useful when you want to do the encoding yourself (e.g. when you
1806             want to have UTF-16 encoded JSON texts) or when some other layer does
1807             the encoding for you (for example, when printing to a terminal using a
1808             filehandle that transparently encodes to UTF-8 you certainly do NOT want
1809             to UTF-8 encode your data first and have Perl encode it another time).
1810              
1811             =item C flag enabled
1812              
1813             If the C-flag is enabled, C/C will encode all
1814             characters using the corresponding UTF-8 multi-byte sequence, and will
1815             expect your input strings to be encoded as UTF-8, that is, no "character"
1816             of the input string must have any value > 255, as UTF-8 does not allow
1817             that.
1818              
1819             The C flag therefore switches between two modes: disabled means you
1820             will get a Unicode string in Perl, enabled means you get an UTF-8 encoded
1821             octet/binary string in Perl.
1822              
1823             =item C, C or C flags enabled
1824              
1825             With C (or C) enabled, C will escape
1826             characters with ordinal values > 255 (> 127 with C) and encode
1827             the remaining characters as specified by the C flag.
1828             With C enabled, ordinal values > 255 are illegal.
1829              
1830             If C is disabled, then the result is also correctly encoded in those
1831             character sets (as both are proper subsets of Unicode, meaning that a
1832             Unicode string with all character values < 256 is the same thing as a
1833             ISO-8859-1 string, and a Unicode string with all character values < 128 is
1834             the same thing as an ASCII string in Perl).
1835              
1836             If C is enabled, you still get a correct UTF-8-encoded string,
1837             regardless of these flags, just some more characters will be escaped using
1838             C<\uXXXX> then before.
1839              
1840             Note that ISO-8859-1-I strings are not compatible with UTF-8
1841             encoding, while ASCII-encoded strings are. That is because the ISO-8859-1
1842             encoding is NOT a subset of UTF-8 (despite the ISO-8859-1 I being
1843             a subset of Unicode), while ASCII is.
1844              
1845             Surprisingly, C will ignore these flags and so treat all input
1846             values as governed by the C flag. If it is disabled, this allows you
1847             to decode ISO-8859-1- and ASCII-encoded strings, as both strict subsets of
1848             Unicode. If it is enabled, you can correctly decode UTF-8 encoded strings.
1849              
1850             So neither C, C nor C are incompatible with the
1851             C flag - they only govern when the JSON output engine escapes a
1852             character or not.
1853              
1854             The main use for C or C is to relatively efficiently
1855             store binary data as JSON, at the expense of breaking compatibility
1856             with most JSON decoders.
1857              
1858             The main use for C is to force the output to not contain characters
1859             with values > 127, which means you can interpret the resulting string
1860             as UTF-8, ISO-8859-1, ASCII, KOI8-R or most about any character set and
1861             8-bit-encoding, and still get the same data structure back. This is useful
1862             when your channel for JSON transfer is not 8-bit clean or the encoding
1863             might be mangled in between (e.g. in mail), and works because ASCII is a
1864             proper subset of most 8-bit and multibyte encodings in use in the world.
1865              
1866             =back
1867              
1868              
1869             =head2 JSON and ECMAscript
1870              
1871             JSON syntax is based on how literals are represented in javascript (the
1872             not-standardized predecessor of ECMAscript) which is presumably why it is
1873             called "JavaScript Object Notation".
1874              
1875             However, JSON is not a subset (and also not a superset of course) of
1876             ECMAscript (the standard) or javascript (whatever browsers actually
1877             implement).
1878              
1879             If you want to use javascript's C function to "parse" JSON, you
1880             might run into parse errors for valid JSON texts, or the resulting data
1881             structure might not be queryable:
1882              
1883             One of the problems is that U+2028 and U+2029 are valid characters inside
1884             JSON strings, but are not allowed in ECMAscript string literals, so the
1885             following Perl fragment will not output something that can be guaranteed
1886             to be parsable by javascript's C:
1887              
1888             use Cpanel::JSON::XS;
1889              
1890             print encode_json [chr 0x2028];
1891              
1892             The right fix for this is to use a proper JSON parser in your javascript
1893             programs, and not rely on C (see for example Douglas Crockford's
1894             F parser).
1895              
1896             If this is not an option, you can, as a stop-gap measure, simply encode to
1897             ASCII-only JSON:
1898              
1899             use Cpanel::JSON::XS;
1900              
1901             print Cpanel::JSON::XS->new->ascii->encode ([chr 0x2028]);
1902              
1903             Note that this will enlarge the resulting JSON text quite a bit if you
1904             have many non-ASCII characters. You might be tempted to run some regexes
1905             to only escape U+2028 and U+2029, e.g.:
1906              
1907             # DO NOT USE THIS!
1908             my $json = Cpanel::JSON::XS->new->utf8->encode ([chr 0x2028]);
1909             $json =~ s/\xe2\x80\xa8/\\u2028/g; # escape U+2028
1910             $json =~ s/\xe2\x80\xa9/\\u2029/g; # escape U+2029
1911             print $json;
1912              
1913             Note that I: the above only works for U+2028 and
1914             U+2029 and thus only for fully ECMAscript-compliant parsers. Many existing
1915             javascript implementations, however, have issues with other characters as
1916             well - using C naively simply I cause problems.
1917              
1918             Another problem is that some javascript implementations reserve
1919             some property names for their own purposes (which probably makes
1920             them non-ECMAscript-compliant). For example, Iceweasel reserves the
1921             C<__proto__> property name for its own purposes.
1922              
1923             If that is a problem, you could parse try to filter the resulting JSON
1924             output for these property strings, e.g.:
1925              
1926             $json =~ s/"__proto__"\s*:/"__proto__renamed":/g;
1927              
1928             This works because C<__proto__> is not valid outside of strings, so every
1929             occurrence of C<"__proto__"\s*:> must be a string used as property name.
1930              
1931             Unicode non-characters between U+FFFD and U+10FFFF are decoded either
1932             to the recommended U+FFFD REPLACEMENT CHARACTER (see Unicode PR #121:
1933             Recommended Practice for Replacement Characters), or in the binary or
1934             relaxed mode left as is, keeping the illegal non-characters as before.
1935              
1936             Raw non-Unicode characters outside the valid unicode range fail now to
1937             parse, because "A string is a sequence of zero or more Unicode
1938             characters" RFC 7159 section 1 and "JSON text SHALL be encoded in
1939             Unicode RFC 7159 section 8.1. We use now the UTF8_DISALLOW_SUPER
1940             flag when parsing unicode.
1941              
1942             If you know of other incompatibilities, please let me know.
1943              
1944              
1945             =head2 JSON and YAML
1946              
1947             You often hear that JSON is a subset of YAML. I
1948             no way to configure JSON::XS to output a data structure as valid YAML>
1949             that works in all cases. If you really must use Cpanel::JSON::XS to
1950             generate YAML, you should use this algorithm (subject to change in
1951             future versions):
1952              
1953             my $to_yaml = Cpanel::JSON::XS->new->utf8->space_after (1);
1954             my $yaml = $to_yaml->encode ($ref) . "\n";
1955              
1956             This will I generate JSON texts that also parse as valid
1957             YAML.
1958              
1959              
1960             =head2 SPEED
1961              
1962             It seems that JSON::XS is surprisingly fast, as shown in the following
1963             tables. They have been generated with the help of the C program
1964             in the JSON::XS distribution, to make it easy to compare on your own
1965             system.
1966              
1967             JSON::XS is with L and L one of the fastest
1968             serializers, because JSON and JSON::XS do not support backrefs (no
1969             graph structures), only trees. Storable supports backrefs,
1970             i.e. graphs. Data::MessagePack encodes its data binary (as Storable)
1971             and supports only very simple subset of JSON.
1972              
1973             First comes a comparison between various modules using
1974             a very short single-line JSON string (also available at
1975             L).
1976              
1977             {"method": "handleMessage", "params": ["user1",
1978             "we were just talking"], "id": null, "array":[1,11,234,-5,1e5,1e7,
1979             1, 0]}
1980              
1981             It shows the number of encodes/decodes per second (JSON::XS uses
1982             the functional interface, while Cpanel::JSON::XS/2 uses the OO interface
1983             with pretty-printing and hash key sorting enabled, Cpanel::JSON::XS/3 enables
1984             shrink. JSON::DWIW/DS uses the deserialize function, while JSON::DWIW::FJ
1985             uses the from_json method). Higher is better:
1986              
1987             module | encode | decode |
1988             --------------|------------|------------|
1989             JSON::DWIW/DS | 86302.551 | 102300.098 |
1990             JSON::DWIW/FJ | 86302.551 | 75983.768 |
1991             JSON::PP | 15827.562 | 6638.658 |
1992             JSON::Syck | 63358.066 | 47662.545 |
1993             JSON::XS | 511500.488 | 511500.488 |
1994             JSON::XS/2 | 291271.111 | 388361.481 |
1995             JSON::XS/3 | 361577.931 | 361577.931 |
1996             Storable | 66788.280 | 265462.278 |
1997             --------------+------------+------------+
1998              
1999             That is, JSON::XS is almost six times faster than JSON::DWIW on encoding,
2000             about five times faster on decoding, and over thirty to seventy times
2001             faster than JSON's pure perl implementation. It also compares favourably
2002             to Storable for small amounts of data.
2003              
2004             Using a longer test string (roughly 18KB, generated from Yahoo! Locals
2005             search API (L).
2006              
2007             module | encode | decode |
2008             --------------|------------|------------|
2009             JSON::DWIW/DS | 1647.927 | 2673.916 |
2010             JSON::DWIW/FJ | 1630.249 | 2596.128 |
2011             JSON::PP | 400.640 | 62.311 |
2012             JSON::Syck | 1481.040 | 1524.869 |
2013             JSON::XS | 20661.596 | 9541.183 |
2014             JSON::XS/2 | 10683.403 | 9416.938 |
2015             JSON::XS/3 | 20661.596 | 9400.054 |
2016             Storable | 19765.806 | 10000.725 |
2017             --------------+------------+------------+
2018              
2019             Again, JSON::XS leads by far (except for Storable which non-surprisingly
2020             decodes a bit faster).
2021              
2022             On large strings containing lots of high Unicode characters, some modules
2023             (such as JSON::PC) seem to decode faster than JSON::XS, but the result
2024             will be broken due to missing (or wrong) Unicode handling. Others refuse
2025             to decode or encode properly, so it was impossible to prepare a fair
2026             comparison table for that case.
2027              
2028             For updated graphs see L
2029              
2030              
2031             =head1 INTEROP with JSON and JSON::XS and other JSON modules
2032              
2033             As long as you only serialize data that can be directly expressed in
2034             JSON, C is incapable of generating invalid JSON
2035             output (modulo bugs, but C has found more bugs in the
2036             official JSON testsuite (1) than the official JSON testsuite has found
2037             in C (0)).
2038             C is currently the only known JSON decoder which passes all
2039             L tests, while being the fastest also.
2040              
2041             When you have trouble decoding JSON generated by this module using other
2042             decoders, then it is very likely that you have an encoding mismatch or the
2043             other decoder is broken.
2044              
2045             When decoding, C is strict by default and will likely catch
2046             all errors. There are currently two settings that change this:
2047             C makes C accept (but not generate) some
2048             non-standard extensions, and C or C will
2049             allow you to encode and decode Perl objects, at the cost of being
2050             totally insecure and not outputting valid JSON anymore.
2051              
2052             JSON-XS-3.01 broke interoperability with JSON-2.90 with booleans. See L.
2053              
2054             Cpanel::JSON::XS needs to know the JSON and JSON::XS versions to be able work
2055             with those objects, especially when encoding a booleans like C<{"is_true":true}>.
2056             So you need to load these modules before.
2057              
2058             true/false overloading and boolean representations are supported.
2059              
2060             JSON::XS and JSON::PP representations are accepted and older JSON::XS
2061             accepts Cpanel::JSON::XS booleans. All JSON modules JSON, JSON, PP,
2062             JSON::XS, Cpanel::JSON::XS produce JSON::PP::Boolean objects, just
2063             Mojo and JSON::YAJL not. Mojo produces Mojo::JSON::_Bool and
2064             JSON::YAJL::Parser just an unblessed IV.
2065              
2066             Cpanel::JSON::XS accepts JSON::PP::Boolean and Mojo::JSON::_Bool
2067             objects as booleans.
2068              
2069             I cannot think of any reason to still use JSON::XS anymore.
2070              
2071              
2072             =head2 TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS
2073              
2074             When you use C to use the extended (and also nonstandard
2075             and invalid) JSON syntax for serialized objects, and you still want to
2076             decode the generated serialize objects, you can run a regex to replace
2077             the tagged syntax by standard JSON arrays (it only works for "normal"
2078             package names without comma, newlines or single colons). First, the
2079             readable Perl version:
2080              
2081             # if your FREEZE methods return no values, you need this replace first:
2082             $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx;
2083              
2084             # this works for non-empty constructor arg lists:
2085             $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx;
2086              
2087             And here is a less readable version that is easy to adapt to other
2088             languages:
2089              
2090             $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g;
2091              
2092             Here is an ECMAScript version (same regex):
2093              
2094             json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,");
2095              
2096             Since this syntax converts to standard JSON arrays, it might be hard to
2097             distinguish serialized objects from normal arrays. You can prepend a
2098             "magic number" as first array element to reduce chances of a collision:
2099              
2100             $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g;
2101              
2102             And after decoding the JSON text, you could walk the data
2103             structure looking for arrays with a first element of
2104             C.
2105              
2106             The same approach can be used to create the tagged format with another
2107             encoder. First, you create an array with the magic string as first member,
2108             the classname as second, and constructor arguments last, encode it as part
2109             of your JSON structure, and then:
2110              
2111             $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g;
2112              
2113             Again, this has some limitations - the magic string must not be encoded
2114             with character escapes, and the constructor arguments must be non-empty.
2115              
2116              
2117             =head1 RFC7159
2118              
2119             Since this module was written, Google has written a new JSON RFC, RFC 7159
2120             (and RFC7158). Unfortunately, this RFC breaks compatibility with both the
2121             original JSON specification on www.json.org and RFC4627.
2122              
2123             As far as I can see, you can get partial compatibility when parsing by
2124             using C<< ->allow_nonref >>. However, consider the security implications
2125             of doing so.
2126              
2127             I haven't decided yet when to break compatibility with RFC4627 by default
2128             (and potentially leave applications insecure) and change the default to
2129             follow RFC7159, but application authors are well advised to call C<<
2130             ->allow_nonref(0) >> even if this is the current default, if they cannot
2131             handle non-reference values, in preparation for the day when the default
2132             will change.
2133              
2134             =head1 SECURITY CONSIDERATIONS
2135              
2136             JSON::XS and Cpanel::JSON::XS are not only fast. JSON is generally the
2137             most secure serializing format, because it is the only one besides
2138             Data::MessagePack, which does not deserialize objects per default. For
2139             all languages, not just perl. The binary variant BSON (MongoDB) does
2140             more but is unsafe.
2141              
2142             It is trivial for any attacker to create such serialized objects in
2143             JSON and trick perl into expanding them, thereby triggering certain
2144             methods. Watch L for an
2145             exploit demo for "CVE-2015-1592 SixApart MovableType Storable Perl
2146             Code Execution" for a deserializer which expands objects.
2147             Deserializing even coderefs (methods, functions) or external
2148             data would be considered the most dangerous.
2149              
2150             Security relevant overview of serializers regarding deserializing
2151             objects by default:
2152              
2153             Objects Coderefs External Data
2154              
2155             Data::Dumper YES YES YES
2156             Storable YES NO (def) NO
2157             Sereal YES NO NO
2158             YAML YES NO NO
2159             B::C YES YES YES
2160             B::Bytecode YES YES YES
2161             BSON YES YES NO
2162             JSON::SL YES NO YES
2163             JSON NO (def) NO NO
2164             Data::MessagePack NO NO NO
2165             XML NO NO YES
2166              
2167             Pickle YES YES YES
2168             PHP Deserialize YES NO NO
2169              
2170             When you are using JSON in a protocol, talking to untrusted potentially
2171             hostile creatures requires relatively few measures.
2172              
2173             First of all, your JSON decoder should be secure, that is, should not have
2174             any buffer overflows. Obviously, this module should ensure that.
2175              
2176             Second, you need to avoid resource-starving attacks. That means you should
2177             limit the size of JSON texts you accept, or make sure then when your
2178             resources run out, that's just fine (e.g. by using a separate process that
2179             can crash safely). The size of a JSON text in octets or characters is
2180             usually a good indication of the size of the resources required to decode
2181             it into a Perl structure. While JSON::XS can check the size of the JSON
2182             text, it might be too late when you already have it in memory, so you
2183             might want to check the size before you accept the string.
2184              
2185             Third, Cpanel::JSON::XS recurses using the C stack when decoding objects and
2186             arrays. The C stack is a limited resource: for instance, on my amd64
2187             machine with 8MB of stack size I can decode around 180k nested arrays but
2188             only 14k nested JSON objects (due to perl itself recursing deeply on croak
2189             to free the temporary). If that is exceeded, the program crashes. To be
2190             conservative, the default nesting limit is set to 512. If your process
2191             has a smaller stack, you should adjust this setting accordingly with the
2192             C method.
2193              
2194             Also keep in mind that Cpanel::JSON::XS might leak contents of your Perl data
2195             structures in its error messages, so when you serialize sensitive
2196             information you might want to make sure that exceptions thrown by JSON::XS
2197             will not end up in front of untrusted eyes.
2198              
2199             If you are using Cpanel::JSON::XS to return packets to consumption
2200             by JavaScript scripts in a browser you should have a look at
2201             L to
2202             see whether you are vulnerable to some common attack vectors (which really
2203             are browser design bugs, but it is still you who will have to deal with
2204             it, as major browser developers care only for features, not about getting
2205             security right). You might also want to also look at L
2206             special escape rules to prevent from XSS attacks.
2207              
2208             =head1 "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159)
2209              
2210             TL;DR: Due to security concerns, Cpanel::JSON::XS will not allow
2211             scalar data in JSON texts by default - you need to create your own
2212             Cpanel::JSON::XS object and enable C:
2213              
2214              
2215             my $json = JSON::XS->new->allow_nonref;
2216              
2217             $text = $json->encode ($data);
2218             $data = $json->decode ($text);
2219              
2220             The long version: JSON being an important and supposedly stable format,
2221             the IETF standardized it as RFC 4627 in 2006. Unfortunately the inventor
2222             of JSON Douglas Crockford unilaterally changed the definition of JSON in
2223             javascript. Rather than create a fork, the IETF decided to standardize the
2224             new syntax (apparently, so I as told, without finding it very amusing).
2225              
2226             The biggest difference between the original JSON and the new JSON is that
2227             the new JSON supports scalars (anything other than arrays and objects) at
2228             the top-level of a JSON text. While this is strictly backwards compatible
2229             to older versions, it breaks a number of protocols that relied on sending
2230             JSON back-to-back, and is a minor security concern.
2231              
2232             For example, imagine you have two banks communicating, and on one side,
2233             the JSON coder gets upgraded. Two messages, such as C<10> and C<1000>
2234             might then be confused to mean C<101000>, something that couldn't happen
2235             in the original JSON, because neither of these messages would be valid
2236             JSON.
2237              
2238             If one side accepts these messages, then an upgrade in the coder on either
2239             side could result in this becoming exploitable.
2240              
2241             This module has always allowed these messages as an optional extension, by
2242             default disabled. The security concerns are the reason why the default is
2243             still disabled, but future versions might/will likely upgrade to the newer
2244             RFC as default format, so you are advised to check your implementation
2245             and/or override the default with C<< ->allow_nonref (0) >> to ensure that
2246             future versions are safe.
2247              
2248             =head1 THREADS
2249              
2250             Cpanel::JSON::XS has proper ithreads support, unlike JSON::XS. If you
2251             encounter any bugs with thread support please report them.
2252              
2253             =head1 BUGS
2254              
2255             While the goal of the Cpanel::JSON::XS module is to be correct, that
2256             unfortunately does not mean it's bug-free, only that the author thinks
2257             its design is bug-free. If you keep reporting bugs and tests they will
2258             be fixed swiftly, though.
2259              
2260             Since the JSON::XS author refuses to use a public bugtracker and
2261             prefers private emails, we use the tracker at B, so you might want
2262             to report any issues twice. Once in private to MLEHMANN to be fixed in
2263             JSON::XS and one to our the public tracker. Issues fixed by JSON::XS
2264             with a new release will also be backported to Cpanel::JSON::XS and
2265             5.6.2, as long as cPanel relies on 5.6.2 and Cpanel::JSON::XS as our
2266             serializer of choice.
2267              
2268             L
2269              
2270             =head1 LICENSE
2271              
2272             This module is available under the same licences as perl, the Artistic
2273             license and the GPL.
2274              
2275             =cut
2276              
2277             sub allow_bigint {
2278 0     0 1 0 Carp::carp("allow_bigint() is obsoleted. use allow_bignum() instead.");
2279             }
2280              
2281             BEGIN {
2282             package
2283             JSON::PP::Boolean;
2284              
2285 57     57   57284 require overload;
2286              
2287 57         47909 local $^W; # silence redefine warnings. no warnings 'redefine' does not help
2288             &overload::import( 'overload', # workaround 5.6 reserved keyword warning
2289 52     52   14502 "0+" => sub { ${$_[0]} },
  52         283  
2290 1     1   143 "++" => sub { $_[0] = ${$_[0]} + 1 },
  1         9  
2291 0     0   0 "--" => sub { $_[0] = ${$_[0]} - 1 },
  0         0  
2292 23 100   23   5814 '""' => sub { ${$_[0]} == 1 ? '1' : '0' }, # GH 29
  23         217  
2293             'eq' => sub {
2294 19 50   19   3465 my ($obj, $op) = $_[2] ? ($_[1], $_[0]) : ($_[0], $_[1]);
2295             #warn "eq obj:$obj op:$op len:", length($op) > 0, " swap:$_[2]";
2296 19 100       94 if (ref $op) { # if 2nd also blessed might recurse endlessly
    100          
2297 2 100       5 return $obj ? 1 == $op : 0 == $op;
2298             }
2299             # if string, only accept numbers or true|false or "" (e.g. !!0 / SV_NO)
2300             elsif ($op !~ /^[0-9]+$/) {
2301 9 100 100     20 return "$obj" eq '1' ? 'true' eq $op : 'false' eq $op || "" eq $op;
2302             }
2303             else {
2304 8 100       20 return $obj ? 1 == $op : 0 == $op;
2305             }
2306             },
2307             'ne' => sub {
2308 2 50   2   9 my ($obj, $op) = $_[2] ? ($_[1], $_[0]) : ($_[0], $_[1]);
2309             #warn "ne obj:$obj op:$op";
2310 2         4 return !($obj eq $op);
2311             },
2312 57         667 fallback => 1);
2313             }
2314              
2315             our ($true, $false);
2316             BEGIN {
2317 57 50 33 57   12992 if ($INC{'JSON/XS.pm'}
      0        
2318             and $INC{'Types/Serialiser.pm'}
2319             and $JSON::XS::VERSION ge "3.00") {
2320 0         0 $true = $Types::Serialiser::true; # readonly if loaded by JSON::XS
2321 0         0 $false = $Types::Serialiser::false;
2322             } else {
2323 57         109 $true = do { bless \(my $dummy = 1), "JSON::PP::Boolean" };
  57         178  
2324 57         125 $false = do { bless \(my $dummy = 0), "JSON::PP::Boolean" };
  57         4023  
2325             }
2326             }
2327              
2328             BEGIN {
2329 57     57   166 my $const_true = $true;
2330 57         108 my $const_false = $false;
2331 57         575 *true = sub () { $const_true };
  0         0  
2332 57         6568 *false = sub () { $const_false };
  0         0  
2333             }
2334              
2335             sub is_bool($) {
2336 12 100   12 1 133 shift if @_ == 2; # as method call
2337             (ref($_[0]) and UNIVERSAL::isa( $_[0], JSON::PP::Boolean::))
2338 12 100 33     96 or (exists $INC{'Types/Serialiser.pm'} and Types::Serialiser::is_bool($_[0]))
      100        
2339             }
2340              
2341             XSLoader::load 'Cpanel::JSON::XS', $XS_VERSION;
2342              
2343             1;
2344              
2345             =head1 SEE ALSO
2346              
2347             The F command line utility for quick experiments.
2348              
2349             L, L, L, L, L,
2350             L, L, L, L, L,
2351             L,
2352             L
2353              
2354             L
2355              
2356             L
2357              
2358              
2359             =head1 AUTHOR
2360              
2361             Reini Urban
2362              
2363             Marc Lehmann , http://home.schmorp.de/
2364              
2365             =head1 MAINTAINER
2366              
2367             Reini Urban
2368              
2369             =cut
2370