My coworker recently introduced me to one of the most blatantly bad behaviors in web browser history. He introduced it thus:

The thing is, that there is nothing wrong with what simplejson is doing. The problem is that this little piece of json is not handled properly in IE and IE actually executes the javascript in the script tag regardless of the fact that it's inside a string. This can leave an application wide open to XSS attacks. IE seems to do this for at least the text/plain mime-type.

I just released a new version of jsonschema 0.2 alpha over at http://code.google.com/p/jsonschema

The source can be downloaded here: jsonschema-0.2a.tar.gz
The documentation can be found here: jsonschema (version 0.2a) documentation

The new release includes the following notable changes.

• The additionalProperties attribute is now validated.
• Using schemas in the type attribute now works properly.
• Changed support for unique attribute to the "identity" attribute (Note: this is not a backwards compatible change)
• Fixed a bug where the original schema object/dictionary was modified by the validator
• Added a new "interactive mode" which will add default values to objects if not specified as readonly by the schema
• Made error messages a bit more friendly.
• Fixed bugs with validating Unicode strings

The additionalProperties attribute is used to define the format of additional properties that aren't explicitly specified in the properties attribute. This is useful for json like

where you have some things like game scores and the name of the attribute is someone's name which can't be defined in schema. You can use it like so:

The type field was also fixed so that it handles adding schemas as types, so now you can define,

This can let you define more complex types for use in schema.

Kris Zyp (the author of the JSONSchema proposal) mentioned jsonschema on his blog at json.com. Thanks Kris!!

I just released the first version for a project that I've been working on since the Python Onsen. It's a validator for JSON Schema written in Python. It's based on the JSON Schema Proposal Second Draft.

The source can be downloaded here: jsonschema-0.1a.tar.gz
The documentation can be found here: jsonschema (version 0.1a) documentation

JSON Schema's purpose is to allow validation of JSON documents much like XML Schema, DTD. You can use it to define what kind of data should be present in the document as well as the structure of the data. You might have some JSON for a contact like so:

And you could describe this in JSON Schema with the following:

This can be validated with something like the following Python code:

It can be easily extended to include support for new properties or to override the default validation for standard properties so I think it could be used for a wide range of applications. I plan to use it for a Form Maker application (code) on GAE. Let me know what you think!

This weekend I went to the Python Onsen (Japanese) organized by voluntas. Python Onsen is an event where people who like or are interested in python get together at a Japanese Ryokan/Onsen and program/mingle/study together. The event started Friday but I had to work so I joined everyone yesterday. If you aren't famaliar with the Ryokan experience check out the Ryokan link. Essentially you have a traditional style room and traditional meals are served twice a day (with generous proportions).

In between meals there was a lot of programming and talk about programming. I was recieved pretty well considering that I was the only non-Japanese in the group of 28 or so people. I spent the time here working on a form maker project for google app engine which will be using JSON quite a bit for server communication and API interfaces. It is programmed on the client side using the google web toolkit and it during the course of development it became clear that there would be a need for a way to validate incoming JSON on the client and server (for error checking and security) as well as making the interface easier to deal with. Currently the typing of the JSON data makes dealing with it in Java a real pain.

We realized this could be done with a schema, kind of like XML Schema. Something that could be used as a way to define the structure of the JSON and thus allow programs to validate it. So after searching a bit we found the JSON Schema proposal. JSON schema is maintained in JSON and can be maintained inline so if it is, it doesn't solve any security issues, but it looks like a good way to validate and do error checking on JSON data that might be coming from an external (or internal) source. So one programmer whipped up a simple validator in python which I will hopefully be working on and using on the server side of my application while I'll be going ahead and creating a clent side schema and JSON parsing library over top of, or separate from, the existing JSON library for the google web toolkit.

Pretty good for a two day hackathon.