141 items tagged “json”
2007
Security; AJAX; JSON; Satisfaction. The JSON attack I linked to earlier only works against raw arrays, which technically aren’t valid JSON anyway.
JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor.
json-taglib. Because JSON just doesn’t have enough angle brackets.
Safe JSON (via) Subtle but important point about JSON APIs: you shouldn’t use a callback or variable assignment for JSON incorporating private user data, especially if it’s at a predictable URL.
Badge Any RSS Feed With Yahoo! Pipes. Smart hack from Kent Brewster. Uses Yahoo! Pipes’ JSON output plus a few lines of JavaScript to create a badge from any RSS feed.
Apache Solr 1.1. Solr is the search Web Service built on top of Lucene. The latest release introduces JSON, Python and Ruby response formats in addition to XML.
Why doesn’t Python have more data format readers in the stdlib? I for one would love to see simplejson included in the standard library, with or without a C implementation.
2006
Seems easy to me; if you want to serialize a data structure that’s not too text-heavy and all you want is for the receiver to get the same data structure with minimal effort, and you trust the other end to get the i18n right, JSON is hunky-dory.
— Tim Bray
Javascript character set screw-ups (via) Some browsers treat JavaScript files as having the same content-type as the page from which they are linked. This could cause problems with UTF-8 encoded JSON; the workaround is serving up ASCII with unicode escape sequences.
The good thing about reinventing the wheel is that you can get a round one.
Why JSON isn’t just for JavaScript
Dave Winer’s discovery of JSON (and shock that “it’s not even XML”) has triggered an interesting discussion thread, on his blog and elsewhere. Plenty of people have re-assured him (and themselves) that it’s only used for JavaScript—it’s convenient in the browser but irrelevant elsewhere.
[... 787 words]I read on Niall Kennedy that del.icio.us has come up with an API that returns a JSON structure, and I figured, sheez it can't be that hard to parse, so let's see what it looks like, and damn, IT'S NOT EVEN XML! [...] Who did this travesty? Let's find a tree and string them up. Now.
PHP: JSON Functions. Now bundled in PHP 5. A great way to move data from PHP to some other language.
Keep your JSON valid
I’m a big fan of JSON, and it’s great to see it turning up as an output option for so many Web APIs. Unfortunately, many of these APIs are getting the details slightly wrong and in doing so are producing invalid JSON.
[... 311 words]Proposed RFC for application/json (via) Douglas Crockford is putting JSON through the IETF.
Flickr API + JSON + MochiKit + Django. Short and sweet.
Don’t serve JSON as text/html. Another sneaky XSS trick.
Django and JSON. Neat trick to serialize Djange QuerySets as JSON.
2005
JSON and Yahoo!’s JavaScript APIs
I had the pleasure yesterday of seeing Douglas Crockford speak about JSON, the ultra-simple data interchange format he has been promoting as an alternative to XML. JSON is a subset of JavaScript, based around that language’s array, string and object literal syntax.
[... 240 words]Using JSON with Yahoo! Web Services (via) No more cross-domain script access problems.
Introducing JSON (via) A data-interchange format based on JavaScript objects and arrays.