JSON (Javascript Object Notation)

JSON (Javascript Object Notation) is a text-based, human-readable data interchange format used for representing simple data structures and objects in Web browser-based code. JSON is also sometimes used in desktop and server-side programming environments. JSON was originally based on the Javascript programming language and was introduced as the page scripting language for the Netscape Navigator Web browser.

JSON is used in Javascript on the Internet as an alternative to XML for organizing data. Like XML, JSON is language-independent and may be combined with C++, Java, Python, Lisp and many other languages. Unlike XML, however, JSON is simply a way to represent data structures, as opposed to a full markup language. JSON documents are relatively lightweight and are rapidly executed on Web server.

JSON consists of "name : object" pairs and punctuation in the form of brackets, parentheses, semi-colons and colons. Each object is defined with an operator like "text :" or "image :" and then grouped with a value for that operator. The simple structure and absence of mathematical notation or algorithms, JSON is easy to understand and quickly mastered, even by users with limited formal programming experience, which has spurred adoption of the format as a quick, approachable way to create interactive pages.

Novice users of JSON need to be aware of potential security implications. As JSON scripts automatically execute in any Web page that's requested by a Web browser, they can be used to implement JavaScript insertion attacks against a Web client, like a command injection or cross-site scripting. For example, if a hacker inserts non-JSON code into the string, like a Trojan horse, the targeted algorithm executes the text in as if it were Javascript and then returns the value of the last statement. If the only statement was a JSON value, there's no effect. If a previous statement contains other Javascript code, however, that code will be executed by the script. The hacker might then have access to all the variables a script has access to, potentially compromising a user's PC.

Editors at our sister site, The Ajaxian, blog about Ajax and JSON strategies and trends.

This was last updated in October 2007

Next Steps

Assess your needs for an document-based NoSQL DBMS

Continue Reading About JSON (Javascript Object Notation)

Dig Deeper on Web developer tools