Source file src/encoding/json/v2/doc.go
1 // Copyright 2020 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 //go:build goexperiment.jsonv2 6 7 // Package json implements semantic processing of JSON as specified in RFC 8259. 8 // JSON is a simple data interchange format that can represent 9 // primitive data types such as booleans, strings, and numbers, 10 // in addition to structured data types such as objects and arrays. 11 // 12 // This package (encoding/json/v2) is experimental, 13 // and not subject to the Go 1 compatibility promise. 14 // It only exists when building with the GOEXPERIMENT=jsonv2 environment variable set. 15 // Most users should use [encoding/json]. 16 // 17 // [Marshal] and [Unmarshal] encode and decode Go values 18 // to/from JSON text contained within a []byte. 19 // [MarshalWrite] and [UnmarshalRead] operate on JSON text 20 // by writing to or reading from an [io.Writer] or [io.Reader]. 21 // [MarshalEncode] and [UnmarshalDecode] operate on JSON text 22 // by encoding to or decoding from a [jsontext.Encoder] or [jsontext.Decoder]. 23 // [Options] may be passed to each of the marshal or unmarshal functions 24 // to configure the semantic behavior of marshaling and unmarshaling 25 // (i.e., alter how JSON data is understood as Go data and vice versa). 26 // [jsontext.Options] may also be passed to the marshal or unmarshal functions 27 // to configure the syntactic behavior of encoding or decoding. 28 // 29 // The data types of JSON are mapped to/from the data types of Go based on 30 // the closest logical equivalent between the two type systems. For example, 31 // a JSON boolean corresponds with a Go bool, 32 // a JSON string corresponds with a Go string, 33 // a JSON number corresponds with a Go int, uint or float, 34 // a JSON array corresponds with a Go slice or array, and 35 // a JSON object corresponds with a Go struct or map. 36 // See the documentation on [Marshal] and [Unmarshal] for a comprehensive list 37 // of how the JSON and Go type systems correspond. 38 // 39 // Arbitrary Go types can customize their JSON representation by implementing 40 // [Marshaler], [MarshalerTo], [Unmarshaler], or [UnmarshalerFrom]. 41 // This provides authors of Go types with control over how their types are 42 // serialized as JSON. Alternatively, users can implement functions that match 43 // [MarshalFunc], [MarshalToFunc], [UnmarshalFunc], or [UnmarshalFromFunc] 44 // to specify the JSON representation for arbitrary types. 45 // This provides callers of JSON functionality with control over 46 // how any arbitrary type is serialized as JSON. 47 // 48 // # JSON Representation of Go structs 49 // 50 // A Go struct is naturally represented as a JSON object, 51 // where each Go struct field corresponds with a JSON object member. 52 // When marshaling, all Go struct fields are recursively encoded in depth-first 53 // order as JSON object members except those that are ignored or omitted. 54 // When unmarshaling, JSON object members are recursively decoded 55 // into the corresponding Go struct fields. 56 // Object members that do not match any struct fields, 57 // also known as “unknown members”, are ignored by default or rejected 58 // if [RejectUnknownMembers] is specified. 59 // 60 // The representation of each struct field can be customized in the 61 // "json" struct field tag, where the tag is a comma separated list of options. 62 // As a special case, if the entire tag is `json:"-"`, 63 // then the field is ignored with regard to its JSON representation. 64 // Some options also have equivalent behavior controlled by a caller-specified [Options]. 65 // Field-specified options take precedence over caller-specified options. 66 // 67 // The first option is the JSON object name override for the Go struct field. 68 // If the name is not specified, then the Go struct field name 69 // is used as the JSON object name. 70 // By default, unmarshaling uses case-sensitive matching to identify 71 // the Go struct field associated with a JSON object name. 72 // 73 // After the name, the following tag options are supported: 74 // 75 // - omitzero: When marshaling, the "omitzero" option specifies that 76 // the struct field should be omitted if the field value is zero 77 // as determined by the "IsZero() bool" method if present, 78 // otherwise based on whether the field is the zero Go value. 79 // This option has no effect when unmarshaling. 80 // 81 // - omitempty: When marshaling, the "omitempty" option specifies that 82 // the struct field should be omitted if the field value would have been 83 // encoded as a JSON null, empty string, empty object, or empty array. 84 // This option has no effect when unmarshaling. 85 // 86 // - string: The "string" option specifies that [StringifyNumbers] 87 // be set when marshaling or unmarshaling a struct field value. 88 // This causes numeric types to be encoded as a JSON number 89 // within a JSON string, and to be decoded from a JSON string 90 // containing the JSON number without any surrounding whitespace. 91 // This extra level of encoding is often necessary since 92 // many JSON parsers cannot precisely represent 64-bit integers. 93 // 94 // - case: When unmarshaling, the "case" option specifies how 95 // JSON object names are matched with the JSON name for Go struct fields. 96 // The option is a key-value pair specified as "case:value" where 97 // the value must either be 'ignore' or 'strict'. 98 // The 'ignore' value specifies that matching is case-insensitive 99 // where dashes and underscores are also ignored. If multiple fields match, 100 // the first declared field in breadth-first order takes precedence. 101 // The 'strict' value specifies that matching is case-sensitive. 102 // This takes precedence over the [MatchCaseInsensitiveNames] option. 103 // 104 // - inline: The "inline" option specifies that 105 // the JSON representable content of this field type is to be promoted 106 // as if they were specified in the parent struct. 107 // It is the JSON equivalent of Go struct embedding. 108 // A Go embedded field is implicitly inlined unless an explicit JSON name 109 // is specified. The inlined field must be a Go struct 110 // (that does not implement any JSON methods), [jsontext.Value], 111 // map[~string]T, or an unnamed pointer to such types. When marshaling, 112 // inlined fields from a pointer type are omitted if it is nil. 113 // Inlined fields of type [jsontext.Value] and map[~string]T are called 114 // “inlined fallbacks” as they can represent all possible 115 // JSON object members not directly handled by the parent struct. 116 // Only one inlined fallback field may be specified in a struct, 117 // while many non-fallback fields may be specified. This option 118 // must not be specified with any other option (including the JSON name). 119 // 120 // The "omitzero" and "omitempty" options are mostly semantically identical. 121 // The former is defined in terms of the Go type system, 122 // while the latter in terms of the JSON type system. 123 // Consequently they behave differently in some circumstances. 124 // For example, only a nil slice or map is omitted under "omitzero", while 125 // an empty slice or map is omitted under "omitempty" regardless of nilness. 126 // The "omitzero" option is useful for types with a well-defined zero value 127 // (e.g., [net/netip.Addr]) or have an IsZero method (e.g., [time.Time.IsZero]). 128 // 129 // Every Go struct corresponds to a list of JSON representable fields 130 // which is constructed by performing a breadth-first search over 131 // all struct fields (excluding unexported or ignored fields), 132 // where the search recursively descends into inlined structs. 133 // The set of non-inlined fields in a struct must have unique JSON names. 134 // If multiple fields all have the same JSON name, then the one 135 // at shallowest depth takes precedence and the other fields at deeper depths 136 // are excluded from the list of JSON representable fields. 137 // If multiple fields at the shallowest depth have the same JSON name, 138 // but exactly one is explicitly tagged with a JSON name, 139 // then that field takes precedence and all others are excluded from the list. 140 // This is analogous to Go visibility rules for struct field selection 141 // with embedded struct types. 142 // 143 // Marshaling or unmarshaling a non-empty struct 144 // without any JSON representable fields results in a [SemanticError]. 145 // Unexported fields must not have any `json` tags except for `json:"-"`. 146 // 147 // # Security Considerations 148 // 149 // JSON is frequently used as a data interchange format to communicate 150 // between different systems, possibly implemented in different languages. 151 // For interoperability and security reasons, it is important that 152 // all implementations agree upon the semantic meaning of the data. 153 // 154 // [For example, suppose we have two micro-services.] 155 // The first service is responsible for authenticating a JSON request, 156 // while the second service is responsible for executing the request 157 // (having assumed that the prior service authenticated the request). 158 // If an attacker were able to maliciously craft a JSON request such that 159 // both services believe that the same request is from different users, 160 // it could bypass the authenticator with valid credentials for one user, 161 // but maliciously perform an action on behalf of a different user. 162 // 163 // According to RFC 8259, there unfortunately exist many JSON texts 164 // that are syntactically valid but semantically ambiguous. 165 // For example, the standard does not define how to interpret duplicate 166 // names within an object. 167 // 168 // The v1 [encoding/json] and [encoding/json/v2] packages 169 // interpret some inputs in different ways. In particular: 170 // 171 // - The standard specifies that JSON must be encoded using UTF-8. 172 // By default, v1 replaces invalid bytes of UTF-8 in JSON strings 173 // with the Unicode replacement character, 174 // while v2 rejects inputs with invalid UTF-8. 175 // To change the default, specify the [jsontext.AllowInvalidUTF8] option. 176 // The replacement of invalid UTF-8 is a form of data corruption 177 // that alters the precise meaning of strings. 178 // 179 // - The standard does not specify a particular behavior when 180 // duplicate names are encountered within a JSON object, 181 // which means that different implementations may behave differently. 182 // By default, v1 allows for the presence of duplicate names, 183 // while v2 rejects duplicate names. 184 // To change the default, specify the [jsontext.AllowDuplicateNames] option. 185 // If allowed, object members are processed in the order they are observed, 186 // meaning that later values will replace or be merged into prior values, 187 // depending on the Go value type. 188 // 189 // - The standard defines a JSON object as an unordered collection of name/value pairs. 190 // While ordering can be observed through the underlying [jsontext] API, 191 // both v1 and v2 generally avoid exposing the ordering. 192 // No application should semantically depend on the order of object members. 193 // Allowing duplicate names is a vector through which ordering of members 194 // can accidentally be observed and depended upon. 195 // 196 // - The standard suggests that JSON object names are typically compared 197 // based on equality of the sequence of Unicode code points, 198 // which implies that comparing names is often case-sensitive. 199 // When unmarshaling a JSON object into a Go struct, 200 // by default, v1 uses a (loose) case-insensitive match on the name, 201 // while v2 uses a (strict) case-sensitive match on the name. 202 // To change the default, specify the [MatchCaseInsensitiveNames] option. 203 // The use of case-insensitive matching provides another vector through 204 // which duplicate names can occur. Allowing case-insensitive matching 205 // means that v1 or v2 might interpret JSON objects differently from most 206 // other JSON implementations (which typically use a case-sensitive match). 207 // 208 // - The standard does not specify a particular behavior when 209 // an unknown name in a JSON object is encountered. 210 // When unmarshaling a JSON object into a Go struct, by default 211 // both v1 and v2 ignore unknown names and their corresponding values. 212 // To change the default, specify the [RejectUnknownMembers] option. 213 // 214 // - The standard suggests that implementations may use a float64 215 // to represent a JSON number. Consequently, large JSON integers 216 // may lose precision when stored as a floating-point type. 217 // Both v1 and v2 correctly preserve precision when marshaling and 218 // unmarshaling a concrete integer type. However, even if v1 and v2 219 // preserve precision for concrete types, other JSON implementations 220 // may not be able to preserve precision for outputs produced by v1 or v2. 221 // The `string` tag option can be used to specify that an integer type 222 // is to be quoted within a JSON string to avoid loss of precision. 223 // Furthermore, v1 and v2 may still lose precision when unmarshaling 224 // into an any interface value, where unmarshal uses a float64 225 // by default to represent a JSON number. 226 // To change the default, specify the [WithUnmarshalers] option 227 // with a custom unmarshaler that pre-populates the interface value 228 // with a concrete Go type that can preserve precision. 229 // 230 // RFC 8785 specifies a canonical form for any JSON text, 231 // which explicitly defines specific behaviors that RFC 8259 leaves undefined. 232 // In theory, if a text can successfully [jsontext.Value.Canonicalize] 233 // without changing the semantic meaning of the data, then it provides a 234 // greater degree of confidence that the data is more secure and interoperable. 235 // 236 // The v2 API generally chooses more secure defaults than v1, 237 // but care should still be taken with large integers or unknown members. 238 // 239 // [For example, suppose we have two micro-services.]: https://www.youtube.com/watch?v=avilmOcHKHE&t=1057s 240 package json 241 242 // requireKeyedLiterals can be embedded in a struct to require keyed literals. 243 type requireKeyedLiterals struct{} 244 245 // nonComparable can be embedded in a struct to prevent comparability. 246 type nonComparable [0]func() 247