Simon Willison’s Weblog

106 items tagged “json”

Dare left something out (and it’s important). Dave Winer: “You should at least learn the lessons and add to REST what it needs to catch up with XML-RPC. Seriously. What’s missing in REST, btw, is a standard method of serializing structs, lists and scalar types.” That would be JSON. # 18th August 2008, 9:39 am

IMG-2-JSON (via) I’m not the only person deploying simple JSON-P APIs on App Engine: Adam Burmister’s tool extracts dimension, mimetype and EXIF metadata when provided the URL to an image file. # 12th August 2008, 9:43 am

json-head. I’ve deployed another App Engine mini-app, which provides a JSON-P API for running HEAD requests against an arbitrary URL (useful for checking things like Content-Length and Content-Type headers and whether a URL returns 200). App Engine’s urlfetch limitations mean it can only deal with port 80 and 443 requests. # 29th July 2008, 3:41 pm

Browser Uploads to S3 using HTML POST Forms. I didn’t know you could do this: create a regular HTML form that gives people permission to upload direct to your own S3 bucket, using a signed JSON policy statement in a hidden form field to prevent third parties from abusing your S3 account. # 27th June 2008, 12:11 pm

jsontime. Nat and I threw this together this morning—it runs on Google App Engine and exposes Python’s pytz timezone library over JSONP. # 21st June 2008, 7:07 pm

XML is better if you have more text and fewer tags. And JSON is better if you have more tags and less text. Argh! I mean, come on, it’s that easy. But you know, there’s a big debate about it.

Steve Yegge # 15th June 2008, 6:09 pm

Dopplr place googlemaps, with and without Yahoo Geo API bounding box adjustment. Dopplr uses Geonames for most geo information, but is now mixing in bounding box data from the Yahoo! Geo web service to improve the default zoom level for their maps. The JSON callback API means no server-side code is required on Dopplr’s end. # 17th May 2008, 11:35 pm

Session variables without cookies. Brilliant but terrifying hack—you can store up to 2 MB of data in window.name and it persists between multiple pages, even across domains. Doesn’t work with new tabs though, and storing JSON in it and eval()ing it is a bad idea—a malicious site could populate it before sending the user to you. # 13th May 2008, 9:59 pm

Persevere adds Comet Support. Persevere sounds neat: a RESTful HTTP/JSON data store (the interface reminds me of CouchDB) which recently gained the ability to “subscribe” to a resource and receive notifications of updates via comet. # 13th May 2008, 8:09 am

Google AJAX Search API: Flash and Server Side Access. Over a year after Google shot down their SOAP Search API, they’ve quietly released a JSON based one under the guise of supporting “Flash and other non JavaScript environments”. Comes with the strange requirement that an HTTP referer be sent with every request; the API key is optional. # 22nd April 2008, 7:16 pm

CouchDB, XML, and E4X. Brilliant—CouchDB now enables SpiderMonkey’s E4X support, meaning CouchDB views can easily query XML documents stored inside JSON objects using E4X syntax. # 5th March 2008, 12:31 am

Social Graph API. This is freaking awesome. Input one or more URLs to your profile pages and it returns a huge dump of crawled relationship data, based on XFN, FOAF and OpenID links. No API key required and it supports JSON callbacks so you can incorporate it in to a site without even needing to write any extra server-side code. # 3rd February 2008, 10:34 pm

The Art & Science of JavaScript. The JavaScript book I contributed to is now shipping! My chapter describes how to build a Flickr / Google Maps mashup entirely using client-side code (via JSON-P). # 12th January 2008, 7:05 pm

[Release] CouchDB 0.7.0. This is a huge milestone for the project—it’s the first official release to include the JSON REST API instead of XML, and it’s also the first release that is “intended for widespread use”. # 17th November 2007, 12:25 am

CouchDB first impressions. Jacob’s been poking at CouchDB. Inserting data is slow, but everything else looks pretty slick considering how recently the JSON / JavaScript views functionality was added. # 19th October 2007, 11:43 am

hasAccount. Stuart proposes a light-weight API for letting any site know if a user has an account (and is signed in) on another service. I wouldn’t want to deploy this without being confident that my CSRF protection was in order. # 28th September 2007, 9:10 am

How should JSON strings be represented in Erlang? Erlang’s poor support for strings makes this a surprisingly tricky question. # 14th September 2007, 8:17 am

CouchDB: Thinking beyond the RDBMS. CouchDB is a fascinating project—an Erlang powered non-relational database with a JSON API that lets you define “views” (really computed tables) based on JavaScript functions that execute using map/reduce. Damien Katz, the main developer currently works for MySQL and used to work on Lotus Notes. # 3rd September 2007, 9:48 am

Freebase developer documentation. The JSON API and particularly the query language are fascinating. # 3rd September 2007, 2:38 am

Cabochon event server. Written in Python (on top of SQLObject and Paste), uses JSON for messages, allows event consumers to subscribe with a callback URL. # 2nd August 2007, 8:36 am

JSON and Browser Security. Douglas Crockford suggests using secret tokens to protect JSON content, and avoiding wrapper hacks to protect unauthorised JSON delivery as they may fall foul of undiscovered browser bugs in the future. # 11th April 2007, 12:52 am

XML and JSON. James Clark on JSON’s strengths and weaknesses compared to XML. # 9th April 2007, 8:57 pm

Fortify JavaScript Hijacking FUD. Bob Ippolito points out the flaws in the recent widely disseminated JavaScript Hijacking paper. While the paper does miss some important details, it’s good that more people are now aware of the security implications involved in serving JSON up wrapped in an array. # 5th April 2007, 10:51 pm

Triplr. Ultra simple GET-based web service for converting RSS / Atom / RDF / Microformats+GRDDL to HTML / ntriples / RDF / RSS / JSON / Turtle. Small pieces, loosely joined. # 30th March 2007, 3:30 pm

JSON and JSON-RPC for Erlang. Nice example of using lists:reverse and an accumulator to efficiently build a string in reverse order. # 25th March 2007, 4:29 pm

Security; AJAX; JSON; Satisfaction. The JSON attack I linked to earlier only works against raw arrays, which technically aren’t valid JSON anyway. # 6th March 2007, 8:06 am

JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor. # 5th March 2007, 10:51 pm

json-taglib. Because JSON just doesn’t have enough angle brackets. # 4th March 2007, 8:52 pm

Safe JSON (via) Subtle but important point about JSON APIs: you shouldn’t use a callback or variable assignment for JSON incorporating private user data, especially if it’s at a predictable URL. # 2nd March 2007, 1:11 pm

Badge Any RSS Feed With Yahoo! Pipes. Smart hack from Kent Brewster. Uses Yahoo! Pipes’ JSON output plus a few lines of JavaScript to create a badge from any RSS feed. # 16th February 2007, 8:21 am