Re: [PHP-DEV] Removing basic types from our JSON parser

[Rasmus Lerdorf]

Mark Karpeles wrote:
> Le samedi 13 décembre 2008 à 03:50 +0000, Scott MacVicar a écrit :
>> Hi All,
>>
>> Basic types were added to our JSON decoder to PHP 5.2.1, this allows  
>> one to use json_encode / json_decode on any of our scalar types. Omar  
>> correctly identified #38680 as not a bug but it appears that Ilia  
>> added support for this anyway violating the RFC [1]. Maybe there was a  
>> reason for this but I'm not sure why?
> 
> The reason was to "make json_decode() able to decode anything encoded by
> json_encode()". I believe many people may be depending on this (I saw a
> few codes).
> 
> If json_decode() is made to only accept arrays/struct, the same should
> be done to json_encode().
> 
> For reference I saw people use json_encode() to pass a string to
> javascript into their page while avoiding bugs/XSS with stuff like
> </script>.
> 
> var foo = <?=json_encode($my_string)?>;
> ... (yes, they maybe heared somewhere that JSON is *not* javascript, I
> told 'em too).
> 
> I also saw people using json_encode/json_decode as an alternate for
> serialize/unserialize.
> 
> Also, reading [2], I see about stringify "If value is an object or
> array, the structure will be visited recursively to determine the
> serialization of each membr or element.", this seems to assume that
> "value" can be something else than "an object or array".
> 
> At least on Firefox 3.2, it is not the case.

I think it does more than assume that.  The spec specifically says that
the value can be any Javascript value in the prototype:

 JSON.stringify(value, replacer, space)

  value       any JavaScript value, usually an object or array.

  replacer    an optional parameter that determines how object
              values are stringified for objects without a toJSON
              method. It can be a function or an array.

  space       an optional parameter that specifies the indentation
              of nested structures. If it is omitted, the text will
              be packed without extra whitespace. If it is a number,
              it will specify the number of spaces to indent at each
              level. If it is a string (such as '\t' or '&nbsp;'),
              it contains the characters used to indent at each level.

I think we should follow the spec, not individual browser implementations.

-Rasmus

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php