XML and JSON (JavaScript Object Notation)

Original article. If you need to reprint it, please indicate the source.

When defining Ajax services, what data formats should we use to respond to various requests?
Of course, if you are requesting a piece of markup code, HTML is the most suitable. After the client requests data, it can be directly inserted into the front-end page. If the client needs pure data, should we provide XML or JSON? What are the advantages and disadvantages of the two? After understanding the differences between the two, we can make a trade-off based on the actual situation.

We will compare the following aspects:
1. Client
When the client sends XMLHttpRequest to the server, the request data can be obtained. Which data format is easier to process?
 
JSON example: {
"Author": "Gambardella, Matthew ",
"Title": "XML developer's Guide ",
"Genre": "computer"
}

For JSON data, you only need to call the Javascript eval method to serialize the JSON string into a JavaScript Object, and then you can directly access it. As follows:

VaR book = eval (request. responsetext );
Alert (book. Author );

XML example: <Book>
<Author> Gambardella, Matthew </author>
<Title> XML developer's guide </title>
<Genre> Computer </genre>
</Book>

XML data is a DOM tree data structure. Developers must use Dom APIs to access and process XML data. In addition, Dom implementations vary in different browsers, therefore, the programming method for xml dom becomes more complex. See the following implementation method:

VaR book = request. responsexml;
VaR authors = book. getelementsbytagname ("author ");
Alert (authors [0]. firstchild. textcontent );

In addition, for xmldom, the browser does not currently support query statements similar to XPath. Obviously, accessing xmldom data is much more complicated than accessing JSON data.

2. Server Side
What data formats are easier to process when the server needs to send data to the client?

Obviously, for how to serialize or serialize an object into an XML string, various programming languages on the server are provided, and there are also multiple methods. For example, the. NET Framework provides the xmlserializer class to serialize an object into an XML document. In addition, developers can also use xmlwriter and xmldocument to directly construct XML strings.

JSON is rarely provided, which requires developers to do it themselves or use some open source libraries. In the serialization or deserialization of complex objects, XML should be more stable as it was earlier.

At this point, XML is better than JSON.

3. Security
JSON is a secure subset of JavaScript and does not contain values and calls. Therefore, when loading JSON data into JavaScript objects, we use many JavaScript libraries.EvalFunction. This means that the retrieved JSON data will be parsed and executed. Note thatRun, Especially if some data comes from user input, it may bring unexpected security issues. Attackers can also use this vulnerability to send malformed and malicious JSON data.EvalThe function executes the malicious code.


In this regard, we also need to ensure JSON security when using JSON as the data exchange format. A common method is to use a regular expression to check whether JSON data contains malicious code keywords.

XML is relatively safer.

4. Performance
In terms of data transmission volume, JSON is obviously better than XML, and JSON is more lightweight. It does not have as many open and closing tags as XML. JSON is superior to XML in terms of data parsing speed.

5. Others
In addition, from the perspective of data format verification, XML verification technology is more mature, while JSON verification is still relatively small.