ECMAScript 5: The Long-Awaited Javascript Update

JSON Support

Next up is full built-in support for the JSON protocol. Programmers always need a way to store and transfer data. Often, XML is the preferred format for storing the data. However, XML must be parsed, and then data structures must be built based on the contained data.

JSON is a different animal altogether. Like XML, JSON is a text-based format for storing data. But unlike XML, it can be directly parsed by an ECMAScript or JavaScript interpreter. Indeed, JSON stands for JavaScript Object Notation. That’s because essentially JSON is JavaScript code, or at least a subset of JavaScript code. Variables can be populated simply by passing the JSON text through the eval function, thus skipping huge steps that are otherwise required with formats such as XML.

JSON data can be easily stored on a Web server in text files or in a database. Using AJAX, an ECMAScript program can retrieve the data and evaluate it.

However, just using the built-in eval function can result in a huge security risk. The eval function can evaluate entire JavaScript code, and isn’t limited to parsing data. As such, some third-party libraries have created specialized routines that will first scan the data, checking for security problems (such as executable code, and not just data structures).

With Edition 5 of ECMAScript, this function is built right into the language. The language has a new object called JSON, which includes only two functions: parse and stringify. Now, instead of risking security with eval and instead of relying on third-party libraries, you can simply call JSON.parse to parse your JSON data safely. And if you have data that you want formatted as JSON text, you can call JSON.stringify.

The JSON.parse function recognizes a limited subset of the ECMAScript language. The specification includes the grammar of this subset. If text is passed in that does not conform to the grammar in this subset, a syntax error is returned.

Although JSON is useful, one reason many programmers prefer XML is you can transform the data as you’re parsing it, filtering out only certain aspects of it.

For example, you might have an XML file that contains a list of customers. Each customer might have a name, address and phone number. You might want just a list of names and phone numbers, skipping the addresses.

You could fully process the XML and end up with a list of objects containing names, addresses and phone numbers, and then ignore the addresses. Or you could manually walk through the XML data, picking out only the names and phone numbers. Or, if you’re an XML guru, you would likely use a transform.

Using declarative programming, you would specify what the transformed XML looks like. The XML library would take the existing XML and automatically transform it into a different XML; in this case, XML that contains only names and phone numbers of the customers. Then you could parse the resulting XML. That sounds complicated, but it’s actually easier when done correctly.

The designers of Edition 5 of ECMAScript were obviously aware of the need for transformations. As such, they included in the specification an optional parameter to the JSON.parse function called a reviver, which is a function you pass into parse that lets you filter and transform the data. This means programmers familiar with XML will likely find JSON to be similar in power.