The JavaScript Object Notation, JSON short [ dʒeɪsən ], is a compact data format for man and machine easily readable text form for the purpose of data exchange between applications. Any valid JSON document to be a valid JavaScript, and can be interpreted by eval (). Due to small variations in the amount of allowable Unicode characters, however it is possible to generate JSON objects that are not accepted by a standards-compliant JavaScript interpreter. Apart from this JSON but regardless of the programming language. Parsers exist in virtually all widely used languages ​​. JSON is specified by Douglas Crockford.

  • 5.1 The basic idea: JSON queries via script tags
  • 5.2 Padding
  • 5.3 script element injection ( insert program code )
  • 5.4 Safety risks
  • 5.5 Cross-Site Request Forgery
  • 5.6 history
  • 5.7 Cross - Origin Resource Sharing

Areas of application

  • In conjunction with JavaScript on demand ( JOD), Ajax or WebSockets to transfer data between client and server.
  • Substitute for XML in areas where resources (memory, CPU power ) should be used sparingly. This is especially true in the development of desktop -like web applications.

Data structure and format definition

The data can be nested, for example, an array of objects is possible. As Encoding JSON used by default UTF -8. Also, UTF -16 and UTF -32 are possible.

JSON recognizes the following data types:

  • The key is a string.
  • The value is an object, an array, a string, a number, or one of the expressions are true, false, or null.

Non-significant white space characters are used.


JSON does not support all data types supported by JavaScript. Therefore, in the serialization

  • Date objects converted as a string in the ISO 8601 format, and
  • Function, RegExp, and Error objects discarded.


{    " Publisher ": " Xema "    " Number ": " 1234-5678-9012-3456 "    "Cover": 2e 6,    " Currency ": " EUR "    " Owner ": {      "Name": " Doe",      " First name ": " Max "      "male": true,      " Hobbies ": [" riding", " golfing ", "Read" ]      "Age ": 42,      "Children": [ ],      "Partner": null    } } Difference XML

The syntax of JSON is simpler and appears therefore often more readable and easier especially writable. Usually JSON also reduces the overhead compared to XML.

In XML, many values ​​and properties could potentially be described both as attributes and child nodes, which can lead to problems if this is not prevented by very strict specification. In JSON can not experience this problem.

JSON data are in contrast to XML data typed with only a few basic types are supported. A strength of JSON is the fact that it is in the definition itself, there are some limitations to valid JavaScript. This allows a JSON definition in JavaScript reacted directly with the eval ( ) function in a JavaScript object. When data from potentially unsafe sources but a parser should necessarily be used, as well as possibly eval executes malicious program instructions.

XML is a markup language and thus more versatile than JSON is a data exchange format. XML is more widely used, but is pushed back there from JSON due to its simplicity, where no sophisticated distinctions are necessary. Both formats are not well suited for representing Binärdatenmengen because both do not support binary data.

For comparison, the above example in an XML form:

< Credit Card    Publisher = " Xema "    Number = " 1234-5678-9012-3456 "    Coverage = " 2e 6 "    Currency = " euro " >    < owner      Name = " Doe"      First name = " Max"      Male = "true"      Age = " 42"      Partner = " null" >             Riding        Golf        Reading              After removal of the optional space the JSON object 224 bytes, the XML object is 289 bytes ( an increase of 29%) in size. Often attributes can also be formulated as a child node, the example might look like this:

   To fix Xema    1234-5678-9012-3456    2e 6    EURO < / currency >         Doe < / name >      Max < / first name >      true             Riding        Golf        Reading           42 < / Age >           Null < / Partner>    This property would be great with removing the spaces 362 byte ( an increase of 62%).

JSONP (JSON with Padding )

JSONP (JSON with Padding ) allows the transmission of ( JSON ) data on domain boundaries.

Usually done Ajax data queries to the server via the XMLHttpRequest object of a web browser. Based on the same- origin policy does not work when displayed in a web browser to access a Web page server about this object tries, which is in a different domain than the indicated website. The problem can be circumvented by JSONP.

The basic idea: JSON queries via script tags

In the src attribute of an UTF-16 UTF-32 Whitespace character Same-Origin-Policy Client (computing) Cross-Origin Resource Sharing Erlang (programming language)