It is minimal, textual, and a subset of Java Script. A number of people independently discovered that Java Script's object literals were an ideal format for transmitting object-oriented data across the network.
Specifically, it is a subset of ECMA-262 (The ECMAScript programming Language Standard, Third Edition, December 1999). I made my own discovery in April of 2001 when I was CTO of State Software.
XMLHttp Request is severely limited by the same origin policy, so the response text can only come from the origining server.
If the server acts as a proxy and is incompetent in its filtering, then it could include dangerous scripts in the response text.
The most common way to use JSON is with XMLHttp Request.
Once a response text obtained, it can quickly be converted into a Java Script data structure and consumed by the program. The first is to use Java Script's This works because JSON is a safe subset of Java Script, but it is potentially dangerous because whatever the server sends will be executed.
JSON does not support octal or hex because it is minimal.
It completely circumvents the same origin policy so that data can be obtained from any server in the world. Tell your favorite browser maker "I want JSONRequest!
You'll be glad to know that JSON has exactly two boolean values, and that they are .
If it had exactly zero boolean values, it wouldn't be a data format.
If there is any risk of this, then the for data communication.
This allows for partial circumvention of the same origin policy in that communication with a different subdomain is possible. I am recommending a new data communication facility that will permit safe two-way data interchange between any page and any server.