1.0.0 Summary
Tittle:【EatBook】-NO.1.EatBook.1.JavaData.1.001-《JSON 必知必会-Introduction to JavaScript Object Notation》-
Style:Java-Json
Series:O'Reilly Turing
Publishing House:人民邮电
Page Number:129
Since:2017-04-06
End:2017-04-06
Total Hours:4
Degree Of Diffculty:low-2
Degree Of Mastery:frequently-1
Practical Level:A-1
Desired Goal:All relation to JSON
Archieve Goal:foundation usge, secure concept
Gerneral Evaluation:snack book
Read From:EBook
Reader:kingdelee
Source Code:https://github.com/lindsaybassett/json
Related Links:
http://shop.oreilly.com/product/0636920041597.do
https://jsonformatter.curiousconcept.com/
http://jsonlint.com/
http://www.cnblogs.com/kingdelee/
Cover:
1.1.0
Json is a data interchange format
1.2.0 K-V Form
Json is base on JavaScript Object Notation literal(字面量).
{
"brand": "Crocs",
"color": "pink",
"size": 9,
"hasLaces": false
}
1.2.1 Illegal
None of ""
{
title: "This is my title.",
body: "This is the body."
}
Error of ''
{
'title': 'This is my title.',
'body': 'This is the body.'
}
1.2.2 Contain Numbers
Value can be string, number, boolean, null, obj, array.
{
"brand": "Crocs",
"size": 9,
"hasLaces": false,
"color": null
}
1.2.3 MIME
application/json
1.3.1 Emun Form
[
"witty",
"charming",
"brave",
"bold"
]
1.3.2 Object Form
{
"person": {
"name": "Lindsay Bassett",
"heightInInches": 66,
"head": {
"hair": {
"color": "light blond",
"length": "short",
"style": "A-line"
},
"eyes": "green"
}
}
}
1.3.3 Nest ""
Illegal
{
"promo": "Say "Bob's the best!" at checkout for free 8oz bag of kibble."
}
Legal
{
"promo": "Say \"Bob's the best!\" at checkout for free 8oz bag of kibble."
}
1.3.4 BackLash \
Illegal
{
"location": "C:\Program Files"
}
Legal
{
"location": "C:\\Program Files"
}
Escape character:
\/ slash(正斜线)
\b backward channel(退格符)
\f form feed character(换页符)
\t tab character(制表符)
\n newline(换行符)
\r carriage return(回车符)
\u 后面跟十六进制字符
1.3.5 array
mixture in array:
{
"eggCarton": [
"egg",
null,
"egg",
"egg",
"egg",
5,
"egg"
]
}
string in array:
{
"students": [
"Jane Thomas",
"Bob Roberts",
"Robert Bobert",
"Thomas Janerson"
]
}
number in array:
{
"scores": [
93.5,
66.7,
87.6,
92
]
}
array nest object:
{
"test": [
{
"question": "The sky is blue.",
"answer": true
},
{
"question": "The earth is flat.",
"answer": false
},
{
"question": "A cat is a dog.",
"answer": false
}
]
}
array nest array:
{
"tests": [
[
true,
false,
false,
false
],
[
true,
true,
true,
true,
false
],
[
true,
false,
true
]
]
}
legal empty json object:
{}
Json array:
[
{
"user": "bobbarker"
},
{
"phone": "555-555-5555"
}
]
legal empty json array:
[]
Point:
1.json array is a executable javascript, explorer will parse and executed:
[{"Id":3,"Name":hyddd,"Money":10000}]
2.json object is not a executable javascript, explorer won't parse and executed:
{"Id":3,"Name":hyddd,"Money":10000}
1.4.0 Schema
http://json-schema.org/
1.5.0 Secure
CSRF
XSS
1.5.1
Don't use JSON.eval():
<!DOCTYPE html>
<html>
<head>
<title>Introduction to JavaScript Object Notation</title>
<script>
var jsonString = '{"animal":"cat"}';
var myObject = eval("(" + jsonString + ")");
alert(myObject.animal);
</script>
</head>
<body>
<h1>Introduction to JavaScript Object Notation</h1>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<title>Introduction to JavaScript Object Notation</title>
<script>
var jsonString = "alert('this is bad')";
var myObject = eval("(" + jsonString + ")");
alert(myObject.animal);
</script>
</head>
<body>
<h1>Introduction to JavaScript Object Notation</h1>
</body>
</html>
use JSON.parse() in instead of JSON.eval():
<!DOCTYPE html>
<html>
<head>
<title>Introduction to JavaScript Object Notation</title>
<script>
var jsonString = '{"animal":"cat"}';
var myObject = JSON.parse(jsonString);
alert(myObject.animal);
</script>
</head>
<body>
<h1>Introduction to JavaScript Object Notation</h1>
</body>
</html>
1.5.2 Use escape character instead of html code
no secure:
{
"message": "<div onmouseover=\"alert('gotcha!')\">hover here.</div>"
}
secure perhaps:
<div>
1.6.0
serialized and deserialized:
<!DOCTYPE html>
<html>
<head>
<title>Introduction to JavaScript Object Notation</title>
<script>
var myXMLHttpRequest = new XMLHttpRequest();
var url = "http://api.openweathermap.org/data/2.5/weather?lat=35&lon=139";
myXMLHttpRequest.onreadystatechange = function() {
if (myXMLHttpRequest.readyState === 4 && myXMLHttpRequest.status === 200) {
// the JSON response deserialized
var myObject = JSON.parse(myXMLHttpRequest.responseText);
// let's display the weather on the page
var description = "It's " + myObject.weather[0].description + " and " + myObject.main.temp + " degrees in " + myObject.name + ".";
document.getElementById("weather").innerHTML = description; // The object serialized
var myJSON = JSON.stringify(myObject);
// let's display this in the div with the id "json"
document.getElementById("json").innerHTML = myJSON;
}
else if (myXMLHttpRequest.readyState === 4 && myXMLHttpRequest.status !== 200)
{
// fail.
document.getElementById("weather").innerHTML = "failed.";
document.getElementById("json").innerHTML = "failed.";
document.getElementById("error").innerHTML = "Unable to connect to the open weather map API. Are you connected to the internet? Is <a href='http://api.openweathermap.org/data/2.5/weather?lat=35&lon=139'>this page</a> responsing? If it's not, try again later."
}
}
myXMLHttpRequest.open("GET", url, true);
myXMLHttpRequest.send();
</script>
</head>
<body>
<h1>Introduction to JavaScript Object Notation</h1>
<h2>The Weather</h2>
<div id="weather">
loading...
</div>
<h2>The JSON as a String</h2>
<div id="json">
loading...
</div>
<div id="error">
</div>
</body>
</html>
1.6.1 CORS Secure
Insecure:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods:GET, POST
Access-Control-Allow-Origin:*
Secure:
Access-Control-Allow-Methods:POST
Access-Control-Allow-Origin:http://www.somebank.com
1.6.2 JSON-P
example10.json:
getTheAnimal({
"animal": "cat"
});
<!DOCTYPE html>
<html>
<head>
<title>Introduction to JavaScript Object Notation</title>
<script>
// example 6-11, modified to alert the variable "myAnimal"
function getTheAnimal(data) {
var myAnimal = data.animal; // will be "cat"
alert(myAnimal);
}
// example 6-12, modified for the src file to load from example10.json
var script = document.createElement("script");
script.type = "text/javascript";
script.src = "example10.json";
document.getElementsByTagName('head')[0].appendChild(script);
</script>
</head>
<body>
<h1>Introduction to JavaScript Object Notation</h1>
</body>
</html>
1.7.0 some example
{
"total_rows": 2,
"offset": 0,
"rows": [
{
"id": "ddc14efcf71396463f53c0f880001538",
"key": "Barker",
"value": null
},
{
"id": "3636fa3c716f9dd4f7407bd6f700076c",
"key": "Jackson",
"value": null
}
]
}