Python to JavaScript object graph (de)serialization - javascript

I'm trying to send an object graph from Python to JavaScript running in a browser, and I was wondering whether there is a pair of ready-to-use libraries for handling serialization on the Python side and deserialization on the JavaScript side. JSON does not support object references out of the box, the docs for JS-YAML say it's not production-ready in a browser environment, and I didn't find anything for XML. Any suggestions?
edit: Here's an example for what I mean by "JSON does not support object references out of the box": I have a shop database with products and orders and a many-to-many relationship between them. If I put a bunch of orders into the Python JSON serializer, the result will contain multiple serializations (copies) of each product, because the JSON serializer has no way of saying, "I've serialized this product already, so I'll just insert a reference to it". So I put the result on the wire and deserialize it on the client, and now I have multiple JavaScript objects representing the same product, which is bad.

how about jsonpickle? JS is awesome with json out of box, adding json pickling in python is the missing link:
jsonpickle

Related

"The client needs to convert the JSON into HTML" meaning

In this article Escaping the SPA rabbit hole with modern Rails
it says that
“The client needs to convert the JSON into HTML before rendering
anything”.
What exactly does that mean?
Is the JSON payload comprised of data values, for example “price : 100” with which you update a HTML control that already exists on the client i.e a Drop down list?
,or,
does the JSON payload contain snippets of UI encoded somehow in JSON, for example an encoded Drop down list, together with the data values to populate it with, which the client will render both? in that case also altering/adding new controls to the UI (consisting of HTML) of the client?
JSON is data format it will contain data that needs to be transformed into view elements in case of browser HTML is needed before end user will see anything but such JSON data can be also used in other applications that don't need HTML and are using different means to visualize that data.

javascript - Why shouldn't the server respond with a JSON Array?

According to this Angular 2 guide:
Don't expect the decoded JSON to be the heroes array directly. This server always wraps JSON results in an object with a data property. You have to unwrap it to get the heroes. This is conventional web API behavior, driven by security concerns.
('Heroes' is an array of objects).
The link in the above paragraph says :
Always return JSON with an Object on the outside
Always have the outside primitive be an object for JSON strings:
Exploitable:
[{"object": "inside an array"}]
Not exploitable:
{"object": "not inside an array"}
Also not exploitable:
{"result": [{"object": "inside an array"}]}
My Question is: Why shouldn't the server return something like a JSON array?
Say :
[
"apples"
,"oranges"
, "peaches"
]
How is this a security concern ?
To avoid JSON Hijacking:
The fact that this is a JSON array is important. It turns out that a script that contains a JSON array is a valid JavaScript script and can thus be executed. A script that just contains a JSON object is not a valid JavaScript file.
For example, if you had a JavaScript file that contained the following JSON: {“Id”:1, “Balance”:3.14} And you had a script tag that referenced that file:
<script src="http://example.com/SomeJson"></script>
You would get a JavaScript error in your HTML page. However, through an unfortunate coincidence, if you have a script tag that references a file only containing a JSON array, that would be considered valid JavaScript and the array gets executed.
So allowing JSON to be returned as anything but an object would make it possible to return a JSON array that contained code that could be run on the client level (in a context where the client isn't expecting it to be runnable, could be malicious, etc). Only returning JSON objects prevents this from happening.
This was rather bad advice that has since been removed from the angular tutorial.
The linked OWASP Cheet Sheet lists three ways to defend against JSON Hijacking. The one the tutorial picked is the hardest to implement correctly, because one must educate every single developer, and audit every single REST resource, rather than writing a single HttpInterceptor to extend CSRF-defenses to GET requests.
JSON hijacking can only occur due to browser bugs, which tend to be fixed quickly (this does not imply such attacks are impossible, but the easy exploits no longer work in modern browsers)

Json object (de)serialization. Typed languages with class hierarchy

I encountered a problem with JSONs in web client-server application.
Context: scala (could be any typed language with inheritance), typescript+angularjs, json representation in NoSql postgresql, same json sent to web client.
How can I add type to json representation to get features such as:
describes generics like List
enables easy usage of inheritance in javascript/typescript world
can be deserialized line by line (like SAX) by json deserializer to get fast transformation with minimum memory used
Adding attribute to object like {myList: (...) , (...), type: ?? } interferes with point 3 due to no guarantee of attributes order.
Adding type as attribute name List#Integer#: {myList: (...) , (...)} makes the code ugly on client side due to additional wrapper/prefix everywhere.
How to solve this problem? Maybe somebody knows of Scala json library that already supports types?
Many libraries just assume that you know what type you are loading...
Workaround: Optimised deserializing is needed only on server side. For web client I transform JSON from List#Integer#: {myList: (...) , (...)} to {myList: (...) , (...), type: "List#Integer#" }
Adding type node to every object inferfers with frameworks, components i.e.: angular tree accepts only one children container at each node. Drag&drop doesn't work then. Working with flat type attribute is more predictable.

JSON diff of large JSON data, finding some JSON as a subset of another JSON

I have a problem I'd like to solve to not have to spend a lot of manual work to analyze as an alternative.
I have 2 JSON objects (returned from different web service API or HTTP responses). There is intersecting data between the 2 JSON objects, and they share similar JSON structure, but not identical. One JSON (the smaller one) is like a subset of the bigger JSON object.
I want to find all the interesecting data between the two objects. Actually, I'm more interested in the shared parameters/properties within the object, not really the actual values of the parameters/properties of each object. Because I want to eventually use data from one JSON output to construct the other JSON as input to an API call. Unfortunately, I don't have the documentation that defines the JSON for each API. :(
What makes this tougher is the JSON objects are huge. One spans a page if you print it out via Windows Notepad. The other spans 37 pages. The APIs return the JSON output compressed as a single line. Normal text compare doesn't do much, I'd have to reformat manually or w/ script to break up object w/ newlines, etc. for a text compare to work well. Tried with Beyond Compare tool.
I could do manual search/grep but that's a pain to cycle through all the parameters inside the smaller JSON. Could write code to do it but I'd also have to spend time to do that, and test if the code works also. Or maybe there's some ready made code already for that...
Or can look for JSON diff type tools. Searched for some. Came across these:
https://github.com/samsonjs/json-diff or https://tlrobinson.net/projects/javascript-fun/jsondiff
https://github.com/andreyvit/json-diff
both failed to do what I wanted. Presumably the JSON is either too complex or too large to process.
Any thoughts on best solution? Or might the best solution for now be manual analysis w/ grep for each parameter/property?
In terms of a code solution, any language will do. I just need a parser or diff tool that will do what I want.
Sorry, can't share the JSON data structure with you either, it may be considered confidential.
Beyond Compare works well, if you set up a JSON file format in it to use Python to pretty-print the JSON. Sample setup for Windows:
Install Python 2.7.
In Beyond Compare, go under Tools, under File Formats.
Click New. Choose Text Format. Enter "JSON" as a name.
Under the General tab:
Mask: *.json
Under the Conversion tab:
Conversion: External program (Unicode filenames)
Loading: c:\Python27\python.exe -m json.tool %s %t
Note, that second parameter in the command line must be %t, if you enter two %ss you will suffer data loss.
Click Save.
Jeremy Simmons has created a better File Format package Posted on forum: "JsonFileFormat.bcpkg" for BEYOND COMPARE that does not require python or so to be installed.
Just download the file and open it with BC and you are good to go. So, its much more simpler.
JSON File Format
I needed a file format for JSON files.
I wanted to pretty-print & sort my JSON to make comparison easy.
I have attached my bcpackage with my completed JSON File Format.
The formatting is done via jq - http://stedolan.github.io/jq/
Props to
Stephen Dolan for the utility https://github.com/stedolan.
I have sent a message to the folks at Scooter Software asking them to
include it in the page with additional formats.
If you're interested in seeing it on there, I'm sure a quick reply to
the thread with an up-vote would help them see the value posting it.
Attached Files Attached Files File Type: bcpkg JsonFileFormat.bcpkg
(449.8 KB, 58 views)
I have a small GPL project that would do the trick for simple JSON. I have not added support for nested entities as it is more of a simple ObjectDB solution and not actually JSON (Despite the fact it was clearly inspired by it.
Long and short the API is pretty simple. Make a new group, populate it, and then pull a subset via whatever logical parameters you need.
https://github.com/danielbchapman/groups
The API is used basically like ->
SubGroup items = group
.notEqual("field", "value")
.lessThan("field2", 50); //...etc...
There's actually support for basic unions and joins which would do pretty much what you want.
Long and short you probably want a Set as your data-type. Considering your comparisons are probably complex you need a more complex set of methods.
My only caution is that it is GPL. If your data is confidential, odds are you may not be interested in that license.

ORM for Javascript/JSON

I am working on a web application that gets JSON data from the server (Ruby/Rails) into the client using jQuery/ajax and then renders it to the browser using jQuery to populate the DOM. To simplify access to my data on the client side, I would like to use an object-relational mapper similar to ActiveRecord, but which starts with JSON data instead of data directly from a SQL data source.
Are there any such ORMs in Javascript that convert a JSON data set (itself derived from a set of SQL queries on the server side) to a set of ActiveRecord-like objects?
I may be missing something here, but JSON (JavaScript Object Notation) is already a Javascript object in and of itself.
If the data you are getting from the server doesn't map well to a usable Javascript object, I would argue that it's the server side that needs to change to return a more useful serialized object rather than a simple recordset.
ExtJS has a very nice JsonStore class
There is CouchDB which is a DB written in Erlang that uses HTTP as the transport. This eliminates the need for middle-ware and permits you to navigate the DB directly with AJAX calls. I can't speak good or bad about it. I haven't heard much about it in months and it seems as if the hype train departed a few years ago.
You can't have an ORM to a remote DB in Javascript.. An, ORM requires transcendental knowledge of the DB schema, and sending that out with an API just isn't that pragmatic as of yet.
For persistent local storage, there is the now deprecated Google Gears and the HTML5 Clientside DB.
Yes there is JSON ODM. Exactly what you are looking for. If you need a method that is not supported yet post an issue and I'll try my best to support it as soon as possible.
If you like it please give it a star!

Categories