JSON


JavaScript Object Notation is an open standard file format, and data interchange format, that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and array data types. It is a very common data format, with a diverse range of applications, such as serving as a replacement for XML in AJAX systems.
JSON is a language-independent data format. It was derived from JavaScript, but many modern programming languages include code to generate and parse JSON-format data. The official Internet media type for JSON is application/json. JSON filenames use the extension .json.
Douglas Crockford originally specified the JSON format in the early 2000s. JSON was first standardized in 2013, as ECMA-404., published in 2017, is the current version of the Internet Standard , and it remains consistent with ECMA-404. That same year, JSON was also standardized as ISO/IEC 21778:2017. The ECMA and ISO standards describe only the allowed syntax, whereas the RFC covers some security and interoperability considerations.

History

JSON grew out of a need for stateless, real-time server-to-browser communication protocol without using browser plugins such as Flash or Java applets, the dominant methods used in the early 2000s.
Douglas Crockford first specified and popularized the JSON format. The acronym originated at State Software, a company co-founded by Crockford and others in March 2001. The co-founders agreed to build a system that used standard browser capabilities and provided an abstraction layer for Web developers to create stateful Web applications that had a persistent duplex connection to a Web server by holding two Hypertext Transfer Protocol connections open and recycling them before standard browser time-outs if no further data were exchanged. The co-founders had a round-table discussion and voted whether to call the data format JSML or JSON, as well as under what license type to make it available. Crockford added a clause to the JSON license stating that "The Software shall be used for Good, not Evil," in order to open-source the JSON libraries while mocking corporate lawyers and those who are overly pedantic. Chip Morningstar developed the idea for the State Application Framework at State Software. On the other hand, this clause led to license compatibility problems of the JSON license with other open-source licenses.
A precursor to the JSON libraries was used in a children's digital asset trading game project named Cartoon Orbit at Communities.com for Cartoon Network, which used a browser side plug-in with a proprietary messaging format to manipulate DHTML elements. Upon discovery of early Ajax capabilities, digiGroups, Noosh, and others used frames to pass information into the user browsers' visual field without refreshing a Web application's visual context, realizing real-time rich Web applications using only the standard HTTP, HTML and JavaScript capabilities of Netscape 4.0.5+ and IE 5+. Crockford then found that JavaScript could be used as an object-based messaging format for such a system. The system was sold to Sun Microsystems, Amazon.com and EDS. The JSON.org website was launched in 2002. In December 2005, Yahoo! began offering some of its Web services in JSON.
JSON was based on a subset of the JavaScript scripting language and is commonly used with JavaScript, but it is a language-independent data format. Code for parsing and generating JSON data is readily available in many programming languages. JSON's website lists JSON libraries by language.
Though JSON was originally advertised and believed to be a strict subset of JavaScript and ECMAScript, it inadvertently allows some unescaped characters in strings that were illegal in JavaScript and ECMAScript string literals. JSON is a strict subset of ECMAScript as of the language's 2019 revision. See [|Data portability issues] below.
In October 2013, Ecma International published the first edition of its JSON standard ECMA-404.
That same year, used ECMA-404 as a reference. In 2014, became the main reference for JSON's Internet uses, superseding and . In November 2017, ISO/IEC JTC 1/SC 22 published ISO/IEC 21778:2017 as an international standard. On 13 December 2017, the Internet Engineering Task Force obsoleted when it published, which is the current version of the Internet Standard STD 90.

Data types and syntax

JSON's basic data types are:
Whitespace is allowed and ignored around or between syntactic elements. Four specific characters are considered whitespace for this purpose: space, horizontal tab, line feed, and carriage return. In particular, the byte order mark must not be generated by a conforming implementation. JSON does not provide syntax for comments.
Early versions of JSON required that a valid JSON text must consist of only an object or an array type, which could contain other types within them. This restriction was dropped in, where a JSON text was redefined as any serialized value.

Example

The following example shows a possible JSON representation describing a person.

Data portability issues

Although Douglas Crockford originally asserted that JSON is a strict subset of JavaScript, his specification actually allows valid JSON documents that are not valid JavaScript; JSON allows the Unicode line terminators and to appear unescaped in quoted strings, while ECMAScript 2018 and older does not. This is a consequence of JSON disallowing only "control characters". For maximum portability, these characters should be backslash-escaped. This subtlety is important when generating JSONP.
JSON exchange in an open ecosystem must be encoded in UTF-8. The encoding supports the full Unicode character set, including those characters outside the Basic Multilingual Plane. However, if escaped, those characters must be written using UTF-16 surrogate pairs, a detail missed by some JSON parsers. For example, to include the Emoji character in JSON:

// or

Numbers in JSON are agnostic with regard to their representation within programming languages. While this allows for numbers of arbitrary precision to be serialized, it may lead to portability issues. For example, since no differentiation is made between integer and floating-point values, some implementations may treat 42, 42.0, and 4.2E+1 as the same number, while others may not. The JSON standard makes no requirements regarding implementation details such as overflow, underflow, loss of precision, rounding, or signed zeros, but it does recommend to expect no more than IEEE 754 binary64 precision for "good interoperability". There is no inherent precision loss in serializing a machine-level binary representation of a floating-point number into a human-readable decimal representation, and back, since there exist published algorithms to do this exactly and optimally.
Comments were purposefully excluded from JSON. In 2012, Douglas Crockford described his design decision thus: "I removed comments from JSON because I saw people were using them to hold parsing directives, a practice which would have destroyed interoperability."

Semantics

While JSON provides a syntactic framework for data interchange, unambiguous data interchange also requires agreement between producer and consumer on the semantics of a specific use of the JSON syntax. One example of where such an agreement is necessary is the serialization of data types defined by the JavaScript syntax that are not part of the JSON standard, e.g. Date, Function, Regular Expression, and undefined.

Metadata and schema

MIME type

The official MIME type for JSON text is "application/json", and most modern implementations have adopted this.
The unofficial MIME type "text/json" or the content-type "text/javascript" also get legacy support by many service providers, browsers, servers, web applications, libraries, frameworks, and APIs. Notable examples include the Google Search API, Yahoo!, Flickr, Facebook API, Lift framework, Dojo Toolkit 0.4, etc.

JSON Schema

JSON Schema specifies a JSON-based format to define the structure of JSON data for validation, documentation, and interaction control. It provides a contract for the JSON data required by a given application, and how that data can be modified.
JSON Schema is based on the concepts from XML Schema, but is JSON-based. As in XSD, the same serialization/deserialization tools can be used both for the schema and data; and is self-describing. It is specified in an Internet Draft at the IETF, currently in 2019-09 draft, which was released on September 19, 2019. There are several validators available for different programming languages, each with varying levels of conformance.
There is no standard filename extension, but some have suggested .schema.json.
Example JSON Schema :


The JSON Schema above can be used to test the validity of the JSON text below:

Object references

The JSON standard does not support object references, but an IETF draft standard for JSON-based object references exists. The Dojo Toolkit supports object references using standard JSON; specifically, the dojox.json.ref module provides support for several forms of referencing including circular, multiple, inter-message, and lazy referencing. Internally both do so by assigning a key for such references and resolving it at parse-time; the IETF draft only specifies the URL syntax, but Dojo allows more.
Alternatively, non-standard solutions exist such as the use of Mozilla JavaScript Sharp Variables. However this functionality became obsolete with JavaScript 1.8.5 and was removed in Firefox version 12.

Applications

JSON-RPC

is a remote procedure call protocol built on JSON, as a replacement for XML-RPC or SOAP. It is a simple protocol that defines only a handful of data types and commands. JSON-RPC lets a system send notifications and multiple calls to the server that can be answered out of order.
Example of a JSON-RPC 2.0 request and response using positional parameters.

-->
<--

AJAJ

refers to the same dynamic web page methodology as Ajax, but instead of XML, JSON is the data format. AJAJ is a web development technique that provides for the ability of a webpage to request new data after it has loaded into the web browser. Typically it renders new data from the server in response to user actions on that webpage. For example, what the user types into a search box, client-side code then sends to the server, which immediately responds with a drop-down list of matching database items.
The following JavaScript code is an example of a client using XMLHttpRequest to request data in JSON format from a server.

var my_JSON_object;
var http_request = new XMLHttpRequest;
http_request.open;
http_request.responseType = "json";
http_request.onreadystatechange = function ;
http_request.send;

As a configuration language

While JSON is a data serialization format, it has seen ad hoc usage as a configuration language. In this use case, support for comments and other features have been deemed useful, which has led to several nonstandard JSON supersets being created. Among them are HJSON, HOCON, and JSON5. The primary objective of version 1.2 of YAML was to make the nonstandard format a strict JSON superset.
In 2012, Douglas Crockford had this to say about comments in JSON when used as a configuration language: "I know that the lack of comments makes some people sad, but it shouldn't. Suppose you are using JSON to keep configuration files, which you would like to annotate. Go ahead and insert all the comments you like. Then pipe it through JSMin before handing it to your JSON parser."

Security considerations

JSON is intended as a data serialization format. However, its design as a subset of JavaScript can lead to the misconception that it is safe to pass JSON texts to the JavaScript function. This is not safe, due to the fact that certain valid JSON texts, specifically those containing or, are actually not valid JavaScript code.
To avoid the many pitfalls caused by executing arbitrary code from the Internet, a new function, was first added to the fifth edition of ECMAScript, which as of 2017 is supported by all major browsers. For non-supported browsers, an API-compatible JavaScript library is provided by Douglas Crockford. In addition, the TC39 proposal made ECMAScript a strict JSON superset as of the language's 2019 revision.
Various JSON parser implementations have suffered from denial-of-service attack and mass assignment vulnerability.

Comparison with other formats

JSON is promoted as a low-overhead alternative to XML as both of these formats have widespread support for creation, reading, and decoding in the real-world situations where they are commonly used. Apart from XML, examples could include CSV and YAML. Also, Google Protocol Buffers can fill this role, although it is not a data interchange language.

YAML

version 1.2 is a superset of JSON; prior versions were not strictly compatible. For example, escaping a slash with a backslash is valid in JSON, but was not valid in YAML. Such escaping is common practice when injecting JSON into HTML to protect against cross-site scripting attacks.
YAML supports comments, while JSON does not.

XML

has been used to describe structured data and to serialize objects. Various XML-based protocols exist to represent the same kind of data structures as JSON for the same kind of data interchange purposes. Data can be encoded in XML in several ways. The most expansive form using tag pairs results in a much larger representation than JSON, but if data is stored in attributes and 'short tag' form where the closing tag is replaced with '/>', the representation is often about the same size as JSON or just a little larger. However, an XML attribute can only have a single value and each attribute can appear at most once on each element.
XML separates "data" from "metadata", while JSON does not have such a concept.
Another key difference is the addressing of values. JSON has objects with a simple "key" → "value" mapping, whereas in XML addressing happens on "nodes", which all receive a unique ID via the XML processor. Additionally, the XML standard defines a common attribute "xml:id", that can be used by the user, to set an ID explicitly.
XML tag names cannot contain any of the characters !"#$%&'*+,/;<=>?@^`~, nor a space character, and cannot begin with "-", ".", or a numeric digit, whereas JSON keys can.
XML values are strings of characters, with no built-in type safety. XML has the concept of schema, that permits strong typing, user-defined types, predefined tags, and formal structure, allowing for formal validation of an XML stream. JSON has strong typing built-in, and has a similar schema concept in JSON Schema.
XML supports comments, while JSON does not.

Samples

JSON sample



Both of the following examples carry the same kind of information as the JSON example above in different ways, except that XML doesn't carry the data type.

YAML sample

The JSON text above is also entirely valid YAML. YAML also offers an alternative syntax intended to be more human-accessible by replacing nested delimiters like , , and " marks with indentation.

first name: John
last name: Smith
age: 25
address:
street address: 21 2nd Street
city: New York
state: NY
postal code: '10021'
phone numbers:
- type: home
number: 212 555-1234
- type: fax
number: 646 555-4567
sex:
type: male

XML samples

Note that the XML examples below don't encode the data type, and would need something like a schema to encode the same information as the JSON example above does as is. Note that since XML tag names cannot contain spaces, another naming convention has to be used to represent the JSON keys.


John
Smith
25

21 2nd Street
New York
NY
10021



home
212 555-1234


fax
646 555-4567



male



The properties can also be serialized using attributes instead of tags: