JSON specification WAS: Re: JSON Duplicate Keys

Jeremy Darling jeremy.darling at gmail.com
Thu Jun 6 06:25:59 PDT 2013

The only thing that limiting key names in a data description language does
is to force people to have to escape those keys when they need to use them.
 As an example in Mongo they use $ to denote special action taken by the DB
and do not allow any keys in the BSON (yes, I know it isn't JSON) packet to
start with a $.  So if you need (or want) to store something like an
Aggregation Pipeline inside Mongo you have to escape your keys that start
with $, this also means that when you pull your documents back out you have
to unescape those sequences.

Thinking about this for JSON that means that if you were wanting to
serialize a complete object (prototype, setters, getters, etc) you would
then have to escape all of those as well.  Since JavaScript doesn't really
have a standard symbol for stating "This is a control key" then dev's would
have to code for all possible key words in their escape/unescape sequence.

Or the spec would have to be amended to contain some type of
"isReservedKey" statement.  This just introduces a whole new can of worms
and more breaking points.

At the end of the day, JSON is what JSON is, a data description and
transport language.  As such it should be as flexible as possible within
reason.  Duplicate Keys should never have been allowed in the spec in the
first place (most all key/value stores don't allow it) or if they were
allowed when decomposed to JS objects they should have created arrays of
values much like most frameworks do for duplicate keys in the HTTP headers.

I don't exactly understand your point in bullet 2?  Why do < and > have to
be encoded, they are perfectly valid values inside of a string today, and
again many libraries make use of this functionality for transporting HTML,
XML, and Text fragments.  To Crockfords point, "should not break" becomes
the issue with changing what should and should not be encoded.

Or did I mis-understand your points?

Just my two cents,
 - Jeremy

On Thu, Jun 6, 2013 at 8:00 AM, gaz Heyes <gazheyes at gmail.com> wrote:

> Hey all
> Since Doug is here I thought I'd use the opportunity to discuss the broken
> JSON spec.
> When ES5 introduced line/para separators for valid new lines in JavaScript
> this broke the JSON specification. The code sample used within the RFC is
> also broken since line/para separators would cause eval to fail. It needs
> to be fixed IMO. While taking this opportunity to fix the specification by
> forcing line/para to unicode escapes e.g \u2028, \u2029 we should also
> force "<" into \x3c and ">" into \x3e. I propose the following changes:
> 1. Remove the awful invalid code sample.
> 2. The string section instead of "Any character may be escaped." there
> should be some exceptions. < and > must be encoded with hex/unicode
> escapes. Line/Para separators must be encoded to unicode escapes and
> finally right-to-left and left-to-right mark should also required to be
> encoded in unicode escapes.
> I think we also need to discuss the keywords present in json keys for
> example:
> {"__proto__":[]}
> Should proto be a banned keyword in JSON keys? I think giving data the
> ability to control it's type could break things when it's used elsewhere.
> There is also an argument for requiring hex escapes for characters lower
> than 0x09 but I guess a lot of people will be against that.
> Thanks
> Gareth
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130606/67775f39/attachment-0001.html>

More information about the es-discuss mailing list