[configuration] JSON format

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[configuration] JSON format

Hao Zheng-2
hi all configuration devs,

I have a simple and straightforward idea on JSON format. Since Java 6
suppports scripting in Java, it include the Mozilla Rhino engine for
the JavaScript programming language. JSON is a subset of Javascript,
so we can use a simple call "eval()" to parse the configuration file.
Then we can access the structure in Java, as described in
http://java.sun.com/developer/technicalArticles/J2SE/Desktop/scripting/
. In this way, no parser is needed. Do you think it could be a
possible way?

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [configuration] JSON format

Emmanuel Bourg-3
This is an interesting idea and could be a way to provide quickly an
initial implementation of the JSON format. However the scripting API is
only available in Java 6, and Commons Configuration 2.0 targets Java 5
(Commons Configuration 1.x is stuck with the Java 1.3 compatibility). In
the end we'll have to write our own parser to support a wide range of
systems (Mac OS X doesn't have a final release of Java 6 yet).

Instead of the standard scripting API we may use the Rhino API directly,
but this is a heavy dependency (700k) for such a simple format.

Emmanuel Bourg


Hao Zheng a écrit :

> hi all configuration devs,
>
> I have a simple and straightforward idea on JSON format. Since Java 6
> suppports scripting in Java, it include the Mozilla Rhino engine for
> the JavaScript programming language. JSON is a subset of Javascript,
> so we can use a simple call "eval()" to parse the configuration file.
> Then we can access the structure in Java, as described in
> http://java.sun.com/developer/technicalArticles/J2SE/Desktop/scripting/
> . In this way, no parser is needed. Do you think it could be a
> possible way?

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [configuration] JSON format

Emmanuel Bourg-3
In reply to this post by Hao Zheng-2
This is an interesting idea and could be a way to provide quickly an
initial implementation of the JSON format. However the scripting API is
only available in Java 6, and Commons Configuration 2.0 targets Java 5
(Commons Configuration 1.x is stuck with the Java 1.3 compatibility). In
the end we'll have to write our own parser to support a wide range of
systems (Mac OS X doesn't have a final release of Java 6 yet).

Instead of the standard scripting API we may use the Rhino API directly,
but this is a heavy dependency (700k) for such a simple format.

Emmanuel Bourg


Hao Zheng a écrit :

> hi all configuration devs,
>
> I have a simple and straightforward idea on JSON format. Since Java 6
> suppports scripting in Java, it include the Mozilla Rhino engine for
> the JavaScript programming language. JSON is a subset of Javascript,
> so we can use a simple call "eval()" to parse the configuration file.
> Then we can access the structure in Java, as described in
> http://java.sun.com/developer/technicalArticles/J2SE/Desktop/scripting/
> . In this way, no parser is needed. Do you think it could be a
> possible way?

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [configuration] JSON format

Mario Ivankovits
Hi!
>> JSON is a subset of Javascript,
>> so we can use a simple call "eval()" to parse the configuration file.
Wouldn't that be dangerous for something like "script injection"?
One might be able to pass in a faked JSON string with some code in there
which will be executed on eval() then, no?

Ciao,
Mario


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: [configuration] JSON format

Jörg Schaible-2
Mario Ivankovits wrote:
> Hi!
>>> JSON is a subset of Javascript,
>>> so we can use a simple call "eval()" to parse the
> configuration file.
> Wouldn't that be dangerous for something like "script injection"?
> One might be able to pass in a faked JSON string with some
> code in there
> which will be executed on eval() then, no?

Yes. Additionally JSON does not allow any method calls, but calling eval will provide the full JavaScript functionality. Therefore you will have to use a real JSON parser to read JSON only (e.g. http://www.json.org/java/index.html).

- Jörg

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [configuration] JSON format

Hao Zheng-2
In reply to this post by Emmanuel Bourg-3
I haven't considered all things. You are right. We also have to
support Java 1.x. Forget my idea :)

On Tue, Apr 8, 2008 at 5:28 PM, Emmanuel Bourg <[hidden email]> wrote:

> This is an interesting idea and could be a way to provide quickly an initial
> implementation of the JSON format. However the scripting API is only
> available in Java 6, and Commons Configuration 2.0 targets Java 5 (Commons
> Configuration 1.x is stuck with the Java 1.3 compatibility). In the end
> we'll have to write our own parser to support a wide range of systems (Mac
> OS X doesn't have a final release of Java 6 yet).
>
>  Instead of the standard scripting API we may use the Rhino API directly,
> but this is a heavy dependency (700k) for such a simple format.
>
>  Emmanuel Bourg
>
>
>  Hao Zheng a écrit :
>
>
>
> > hi all configuration devs,
> >
> > I have a simple and straightforward idea on JSON format. Since Java 6
> > suppports scripting in Java, it include the Mozilla Rhino engine for
> > the JavaScript programming language. JSON is a subset of Javascript,
> > so we can use a simple call "eval()" to parse the configuration file.
> > Then we can access the structure in Java, as described in
> > http://java.sun.com/developer/technicalArticles/J2SE/Desktop/scripting/
> > . In this way, no parser is needed. Do you think it could be a
> > possible way?
> >
>
>  ---------------------------------------------------------------------
>  To unsubscribe, e-mail: [hidden email]
>  For additional commands, e-mail: [hidden email]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [configuration] JSON format

Hao Zheng-2
In reply to this post by Jörg Schaible-2
yes, security is another issue. thanks for pointing that. just forget my idea.

On Tue, Apr 8, 2008 at 5:42 PM, Jörg Schaible
<[hidden email]> wrote:

> Mario Ivankovits wrote:
>  > Hi!
>  >>> JSON is a subset of Javascript,
>  >>> so we can use a simple call "eval()" to parse the
>  > configuration file.
>  > Wouldn't that be dangerous for something like "script injection"?
>  > One might be able to pass in a faked JSON string with some
>  > code in there
>  > which will be executed on eval() then, no?
>
>  Yes. Additionally JSON does not allow any method calls, but calling eval will provide the full JavaScript functionality. Therefore you will have to use a real JSON parser to read JSON only (e.g. http://www.json.org/java/index.html).
>
>  - Jörg
>
>
>
>  ---------------------------------------------------------------------
>  To unsubscribe, e-mail: [hidden email]
>  For additional commands, e-mail: [hidden email]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]