Internet Engineering Task Force (IETF) P. Bryan, Ed. Request for Comments: 6902 Salesforce.com Category: Standards Track M. Nottingham, Ed. ISSN: 2070-1721 Akamai April 2013
Internet Engineering Task Force (IETF) P. Bryan, Ed. Request for Comments: 6902 Salesforce.com Category: Standards Track M. Nottingham, Ed. ISSN: 2070-1721 Akamai April 2013
JavaScript Object Notation (JSON) Patch
JavaScript对象表示法(JSON)修补程序
Abstract
摘要
JSON Patch defines a JSON document structure for expressing a sequence of operations to apply to a JavaScript Object Notation (JSON) document; it is suitable for use with the HTTP PATCH method. The "application/json-patch+json" media type is used to identify such patch documents.
JSON补丁定义了一个JSON文档结构,用于表示应用于JavaScript对象表示法(JSON)文档的操作序列;它适合与HTTP补丁方法一起使用。“application/json patch+json”媒体类型用于标识此类补丁文档。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6902.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6902.
Copyright Notice
版权公告
Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2013 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Document Structure . . . . . . . . . . . . . . . . . . . . . . 3 4. Operations . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. add . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.2. remove . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4.3. replace . . . . . . . . . . . . . . . . . . . . . . . . . 6 4.4. move . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4.5. copy . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 4.6. test . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 5. Error Handling . . . . . . . . . . . . . . . . . . . . . . . . 8 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 9.1. Normative References . . . . . . . . . . . . . . . . . . . 10 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 12 A.1. Adding an Object Member . . . . . . . . . . . . . . . . . 12 A.2. Adding an Array Element . . . . . . . . . . . . . . . . . 12 A.3. Removing an Object Member . . . . . . . . . . . . . . . . 12 A.4. Removing an Array Element . . . . . . . . . . . . . . . . 13 A.5. Replacing a Value . . . . . . . . . . . . . . . . . . . . 13 A.6. Moving a Value . . . . . . . . . . . . . . . . . . . . . . 14 A.7. Moving an Array Element . . . . . . . . . . . . . . . . . 14 A.8. Testing a Value: Success . . . . . . . . . . . . . . . . . 15 A.9. Testing a Value: Error . . . . . . . . . . . . . . . . . . 15 A.10. Adding a Nested Member Object . . . . . . . . . . . . . . 15 A.11. Ignoring Unrecognized Elements . . . . . . . . . . . . . . 16 A.12. Adding to a Nonexistent Target . . . . . . . . . . . . . . 16 A.13. Invalid JSON Patch Document . . . . . . . . . . . . . . . 17 A.14. ~ Escape Ordering . . . . . . . . . . . . . . . . . . . . 17 A.15. Comparing Strings and Numbers . . . . . . . . . . . . . . 17 A.16. Adding an Array Value . . . . . . . . . . . . . . . . . . 18
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Document Structure . . . . . . . . . . . . . . . . . . . . . . 3 4. Operations . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. add . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.2. remove . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4.3. replace . . . . . . . . . . . . . . . . . . . . . . . . . 6 4.4. move . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4.5. copy . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 4.6. test . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 5. Error Handling . . . . . . . . . . . . . . . . . . . . . . . . 8 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 9.1. Normative References . . . . . . . . . . . . . . . . . . . 10 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 12 A.1. Adding an Object Member . . . . . . . . . . . . . . . . . 12 A.2. Adding an Array Element . . . . . . . . . . . . . . . . . 12 A.3. Removing an Object Member . . . . . . . . . . . . . . . . 12 A.4. Removing an Array Element . . . . . . . . . . . . . . . . 13 A.5. Replacing a Value . . . . . . . . . . . . . . . . . . . . 13 A.6. Moving a Value . . . . . . . . . . . . . . . . . . . . . . 14 A.7. Moving an Array Element . . . . . . . . . . . . . . . . . 14 A.8. Testing a Value: Success . . . . . . . . . . . . . . . . . 15 A.9. Testing a Value: Error . . . . . . . . . . . . . . . . . . 15 A.10. Adding a Nested Member Object . . . . . . . . . . . . . . 15 A.11. Ignoring Unrecognized Elements . . . . . . . . . . . . . . 16 A.12. Adding to a Nonexistent Target . . . . . . . . . . . . . . 16 A.13. Invalid JSON Patch Document . . . . . . . . . . . . . . . 17 A.14. ~ Escape Ordering . . . . . . . . . . . . . . . . . . . . 17 A.15. Comparing Strings and Numbers . . . . . . . . . . . . . . 17 A.16. Adding an Array Value . . . . . . . . . . . . . . . . . . 18
JavaScript Object Notation (JSON) [RFC4627] is a common format for the exchange and storage of structured data. HTTP PATCH [RFC5789] extends the Hypertext Transfer Protocol (HTTP) [RFC2616] with a method to perform partial modifications to resources.
JavaScript对象表示法(JSON)[RFC4627]是交换和存储结构化数据的常用格式。HTTP补丁[RFC5789]扩展了超文本传输协议(HTTP)[RFC2616],使用一种方法对资源执行部分修改。
JSON Patch is a format (identified by the media type "application/ json-patch+json") for expressing a sequence of operations to apply to a target JSON document; it is suitable for use with the HTTP PATCH method.
JSON补丁是一种格式(由媒体类型“application/JSON Patch+JSON”标识),用于表示应用于目标JSON文档的操作序列;它适合与HTTP补丁方法一起使用。
This format is also potentially useful in other cases in which it is necessary to make partial updates to a JSON document or to a data structure that has similar constraints (i.e., they can be serialized as an object or an array using the JSON grammar).
这种格式在需要对JSON文档或具有类似约束的数据结构(即,可以使用JSON语法将其序列化为对象或数组)进行部分更新的其他情况下也可能有用。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
A JSON Patch document is a JSON [RFC4627] document that represents an array of objects. Each object represents a single operation to be applied to the target JSON document.
JSON补丁文档是表示对象数组的JSON[RFC4627]文档。每个对象表示要应用于目标JSON文档的单个操作。
The following is an example JSON Patch document, transferred in an HTTP PATCH request:
以下是在HTTP补丁请求中传输的JSON补丁文档示例:
PATCH /my/data HTTP/1.1 Host: example.org Content-Length: 326 Content-Type: application/json-patch+json If-Match: "abc123"
PATCH /my/data HTTP/1.1 Host: example.org Content-Length: 326 Content-Type: application/json-patch+json If-Match: "abc123"
[ { "op": "test", "path": "/a/b/c", "value": "foo" }, { "op": "remove", "path": "/a/b/c" }, { "op": "add", "path": "/a/b/c", "value": [ "foo", "bar" ] }, { "op": "replace", "path": "/a/b/c", "value": 42 }, { "op": "move", "from": "/a/b/c", "path": "/a/b/d" }, { "op": "copy", "from": "/a/b/d", "path": "/a/b/e" } ]
[ { "op": "test", "path": "/a/b/c", "value": "foo" }, { "op": "remove", "path": "/a/b/c" }, { "op": "add", "path": "/a/b/c", "value": [ "foo", "bar" ] }, { "op": "replace", "path": "/a/b/c", "value": 42 }, { "op": "move", "from": "/a/b/c", "path": "/a/b/d" }, { "op": "copy", "from": "/a/b/d", "path": "/a/b/e" } ]
Evaluation of a JSON Patch document begins against a target JSON document. Operations are applied sequentially in the order they appear in the array. Each operation in the sequence is applied to the target document; the resulting document becomes the target of the next operation. Evaluation continues until all operations are successfully applied or until an error condition is encountered.
JSON补丁文档的评估从目标JSON文档开始。操作按它们在数组中出现的顺序顺序应用。序列中的每个操作都应用于目标文档;生成的文档将成为下一个操作的目标。评估将继续,直到成功应用所有操作或遇到错误条件。
Operation objects MUST have exactly one "op" member, whose value indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or "test"; other values are errors. The semantics of each object is defined below.
操作对象必须只有一个“op”成员,其值指示要执行的操作。其值必须是“添加”、“删除”、“替换”、“移动”、“复制”或“测试”之一;其他值是错误。每个对象的语义定义如下。
Additionally, operation objects MUST have exactly one "path" member. That member's value is a string containing a JSON-Pointer value [RFC6901] that references a location within the target document (the "target location") where the operation is performed.
此外,操作对象必须只有一个“路径”成员。该成员的值是一个包含JSON指针值[RFC6901]的字符串,该值引用执行操作的目标文档(“目标位置”)中的一个位置。
The meanings of other operation object members are defined by operation (see the subsections below). Members that are not explicitly defined for the operation in question MUST be ignored (i.e., the operation will complete as if the undefined member did not appear in the object).
其他操作对象成员的含义由操作定义(参见下面的小节)。必须忽略未为相关操作显式定义的成员(即,操作将完成,就像未定义的成员未出现在对象中一样)。
Note that the ordering of members in JSON objects is not significant; therefore, the following operation objects are equivalent:
请注意,JSON对象中成员的顺序并不重要;因此,以下操作对象是等效的:
{ "op": "add", "path": "/a/b/c", "value": "foo" } { "path": "/a/b/c", "op": "add", "value": "foo" } { "value": "foo", "path": "/a/b/c", "op": "add" }
{ "op": "add", "path": "/a/b/c", "value": "foo" } { "path": "/a/b/c", "op": "add", "value": "foo" } { "value": "foo", "path": "/a/b/c", "op": "add" }
Operations are applied to the data structures represented by a JSON document, i.e., after any unescaping (see [RFC4627], Section 2.5) takes place.
操作应用于JSON文档所表示的数据结构,即,在任何不可回避(参见[RFC4627],第2.5节)发生后。
The "add" operation performs one of the following functions, depending upon what the target location references:
“添加”操作根据目标位置引用的内容执行以下功能之一:
o If the target location specifies an array index, a new value is inserted into the array at the specified index.
o 如果目标位置指定了数组索引,则会在指定索引处向数组中插入一个新值。
o If the target location specifies an object member that does not already exist, a new member is added to the object.
o 如果目标位置指定了一个尚不存在的对象成员,则会向该对象添加一个新成员。
o If the target location specifies an object member that does exist, that member's value is replaced.
o 如果目标位置指定确实存在的对象成员,则替换该成员的值。
The operation object MUST contain a "value" member whose content specifies the value to be added.
操作对象必须包含一个“值”成员,其内容指定要添加的值。
For example:
例如:
{ "op": "add", "path": "/a/b/c", "value": [ "foo", "bar" ] }
{ "op": "add", "path": "/a/b/c", "value": [ "foo", "bar" ] }
When the operation is applied, the target location MUST reference one of:
当应用该操作时,目标位置必须引用以下之一:
o The root of the target document - whereupon the specified value becomes the entire content of the target document.
o 目标文档的根-因此指定的值成为目标文档的全部内容。
o A member to add to an existing object - whereupon the supplied value is added to that object at the indicated location. If the member already exists, it is replaced by the specified value.
o 要添加到现有对象的成员-因此,提供的值将添加到该对象的指定位置。如果成员已存在,则将用指定的值替换该成员。
o An element to add to an existing array - whereupon the supplied value is added to the array at the indicated location. Any elements at or above the specified index are shifted one position to the right. The specified index MUST NOT be greater than the number of elements in the array. If the "-" character is used to index the end of the array (see [RFC6901]), this has the effect of appending the value to the array.
o 要添加到现有数组中的元素-因此,提供的值将添加到指定位置的数组中。位于或高于指定索引的任何元素将向右移动一个位置。指定的索引不得大于数组中的元素数。如果使用“-”字符对数组的结尾进行索引(请参见[RFC6901]),这将产生将值追加到数组的效果。
Because this operation is designed to add to existing objects and arrays, its target location will often not exist. Although the pointer's error handling algorithm will thus be invoked, this specification defines the error handling behavior for "add" pointers to ignore that error and add the value as specified.
由于此操作旨在添加到现有对象和数组中,因此其目标位置通常不存在。尽管指针的错误处理算法将因此被调用,但本规范定义了“添加”指针的错误处理行为,以忽略该错误并按指定添加值。
However, the object itself or an array containing it does need to exist, and it remains an error for that not to be the case. For example, an "add" with a target location of "/a/b" starting with this document:
但是,对象本身或包含它的数组确实需要存在,如果不是这样,它仍然是一个错误。例如,目标位置为“/a/b”且以本文档开头的“添加”:
{ "a": { "foo": 1 } }
{ "a": { "foo": 1 } }
is not an error, because "a" exists, and "b" will be added to its value. It is an error in this document:
不是错误,因为“a”存在,“b”将添加到其值中。这是本文档中的一个错误:
{ "q": { "bar": 2 } }
{ "q": { "bar": 2 } }
because "a" does not exist.
因为“a”不存在。
The "remove" operation removes the value at the target location.
“删除”操作删除目标位置的值。
The target location MUST exist for the operation to be successful.
目标位置必须存在,操作才能成功。
For example:
例如:
{ "op": "remove", "path": "/a/b/c" }
{ "op": "remove", "path": "/a/b/c" }
If removing an element from an array, any elements above the specified index are shifted one position to the left.
如果从数组中删除元素,则指定索引上方的任何元素都会向左移动一个位置。
The "replace" operation replaces the value at the target location with a new value. The operation object MUST contain a "value" member whose content specifies the replacement value.
“替换”操作将目标位置的值替换为新值。操作对象必须包含一个“值”成员,其内容指定替换值。
The target location MUST exist for the operation to be successful.
目标位置必须存在,操作才能成功。
For example:
例如:
{ "op": "replace", "path": "/a/b/c", "value": 42 }
{ "op": "replace", "path": "/a/b/c", "value": 42 }
This operation is functionally identical to a "remove" operation for a value, followed immediately by an "add" operation at the same location with the replacement value.
此操作在功能上与值的“删除”操作相同,然后在替换值所在的同一位置立即执行“添加”操作。
The "move" operation removes the value at a specified location and adds it to the target location.
“移动”操作将删除指定位置的值,并将其添加到目标位置。
The operation object MUST contain a "from" member, which is a string containing a JSON Pointer value that references the location in the target document to move the value from.
操作对象必须包含一个“from”成员,该成员是一个包含JSON指针值的字符串,该值引用目标文档中要从中移动值的位置。
The "from" location MUST exist for the operation to be successful.
“发件人”位置必须存在,操作才能成功。
For example:
例如:
{ "op": "move", "from": "/a/b/c", "path": "/a/b/d" }
{ "op": "move", "from": "/a/b/c", "path": "/a/b/d" }
This operation is functionally identical to a "remove" operation on the "from" location, followed immediately by an "add" operation at the target location with the value that was just removed.
此操作在功能上与“from”位置上的“remove”操作相同,之后是目标位置上的“add”操作,其值刚刚被删除。
The "from" location MUST NOT be a proper prefix of the "path" location; i.e., a location cannot be moved into one of its children.
“from”位置不能是“path”位置的正确前缀;i、 例如,无法将位置移动到其子位置之一。
The "copy" operation copies the value at a specified location to the target location.
“复制”操作将指定位置的值复制到目标位置。
The operation object MUST contain a "from" member, which is a string containing a JSON Pointer value that references the location in the target document to copy the value from.
操作对象必须包含一个“from”成员,该成员是一个字符串,其中包含一个JSON指针值,该值引用要从中复制值的目标文档中的位置。
The "from" location MUST exist for the operation to be successful.
“发件人”位置必须存在,操作才能成功。
For example:
例如:
{ "op": "copy", "from": "/a/b/c", "path": "/a/b/e" }
{ "op": "copy", "from": "/a/b/c", "path": "/a/b/e" }
This operation is functionally identical to an "add" operation at the target location using the value specified in the "from" member.
此操作在功能上与使用“from”成员中指定的值在目标位置执行的“add”操作相同。
The "test" operation tests that a value at the target location is equal to a specified value.
“测试”操作测试目标位置的值是否等于指定值。
The operation object MUST contain a "value" member that conveys the value to be compared to the target location's value.
操作对象必须包含一个“值”成员,该成员传递要与目标位置的值进行比较的值。
The target location MUST be equal to the "value" value for the operation to be considered successful.
目标位置必须等于操作成功的“值”。
Here, "equal" means that the value at the target location and the value conveyed by "value" are of the same JSON type, and that they are considered equal by the following rules for that type:
这里,“相等”表示目标位置的值和“值”传递的值属于相同的JSON类型,并且根据该类型的以下规则,它们被视为相等:
o strings: are considered equal if they contain the same number of Unicode characters and their code points are byte-by-byte equal.
o 字符串:如果它们包含相同数量的Unicode字符,并且它们的代码点逐字节相等,则认为它们相等。
o numbers: are considered equal if their values are numerically equal.
o 数字:如果它们的值在数字上相等,则认为它们相等。
o arrays: are considered equal if they contain the same number of values, and if each value can be considered equal to the value at the corresponding position in the other array, using this list of type-specific rules.
o 数组:如果它们包含相同数量的值,并且使用此类型特定规则列表,每个值都可以被视为等于另一个数组中相应位置的值,则认为它们相等。
o objects: are considered equal if they contain the same number of members, and if each member can be considered equal to a member in the other object, by comparing their keys (as strings) and their values (using this list of type-specific rules).
o 对象:如果它们包含相同数量的成员,并且通过比较它们的键(作为字符串)及其值(使用此类型特定规则列表),每个成员都可以被视为等同于另一个对象中的成员,则认为它们相等。
o literals (false, true, and null): are considered equal if they are the same.
o 文字(false、true和null):如果它们相同,则视为相等。
Note that the comparison that is done is a logical comparison; e.g., whitespace between the member values of an array is not significant.
注意,所做的比较是逻辑比较;e、 例如,数组的成员值之间的空白不重要。
Also, note that ordering of the serialization of object members is not significant.
另外,请注意,对象成员的序列化顺序并不重要。
For example:
例如:
{ "op": "test", "path": "/a/b/c", "value": "foo" }
{ "op": "test", "path": "/a/b/c", "value": "foo" }
If a normative requirement is violated by a JSON Patch document, or if an operation is not successful, evaluation of the JSON Patch document SHOULD terminate and application of the entire patch document SHALL NOT be deemed successful.
如果JSON修补程序文档违反了规范性要求,或者操作不成功,则JSON修补程序文档的评估应终止,整个修补程序文档的应用不应被视为成功。
See [RFC5789], Section 2.2 for considerations regarding handling errors when JSON Patch is used with the HTTP PATCH method, including suggested status codes to use to indicate various conditions.
请参阅[RFC5789],第2.2节,了解在HTTP修补程序方法中使用JSON修补程序时处理错误的注意事项,包括用于指示各种条件的建议状态代码。
Note that the HTTP PATCH method is atomic, as per [RFC5789]. Therefore, the following patch would result in no changes being made to the document at all (because the "test" operation results in an error):
请注意,根据[RFC5789],HTTP补丁方法是原子的。因此,以下修补程序不会导致对文档进行任何更改(因为“测试”操作会导致错误):
[ { "op": "replace", "path": "/a/b/c", "value": 42 }, { "op": "test", "path": "/a/b/c", "value": "C" } ]
[ { "op": "replace", "path": "/a/b/c", "value": 42 }, { "op": "test", "path": "/a/b/c", "value": "C" } ]
The Internet media type for a JSON Patch document is application/ json-patch+json.
JSON修补程序文档的Internet媒体类型为application/JSON Patch+JSON。
Type name: application
类型名称:应用程序
Subtype name: json-patch+json
子类型名称:json补丁+json
Required parameters: none
所需参数:无
Optional parameters: none
可选参数:无
Encoding considerations: binary
编码注意事项:二进制
Security considerations: See Security Considerations in Section 7.
安全注意事项:参见第7节中的安全注意事项。
Interoperability considerations: N/A
互操作性注意事项:不适用
Published specification: RFC 6902
已发布规范:RFC 6902
Applications that use this media type: Applications that manipulate JSON documents.
使用此媒体类型的应用程序:操作JSON文档的应用程序。
Additional information:
其他信息:
Magic number(s): N/A
Magic number(s): N/A
File extension(s): .json-patch
文件扩展名:.json补丁
Macintosh file type code(s): TEXT
Macintosh文件类型代码:文本
Person & email address to contact for further information: Paul C. Bryan <pbryan@anode.ca>
Person & email address to contact for further information: Paul C. Bryan <pbryan@anode.ca>
Intended usage: COMMON
预期用途:普通
Restrictions on usage: none
使用限制:无
Author: Paul C. Bryan <pbryan@anode.ca>
Author: Paul C. Bryan <pbryan@anode.ca>
Change controller: IETF
更改控制器:IETF
This specification has the same security considerations as JSON [RFC4627] and JSON-Pointer [RFC6901].
此规范与JSON[RFC4627]和JSON指针[RFC6901]具有相同的安全注意事项。
A few older Web browsers can be coerced into loading an arbitrary JSON document whose root is an array, leading to a situation in which a JSON Patch document containing sensitive information could be exposed to attackers, even if access is authenticated. This is known as a Cross-Site Request Forgery (CSRF) attack [CSRF].
一些较旧的Web浏览器可能会被强制加载根为数组的任意JSON文档,从而导致包含敏感信息的JSON修补程序文档可能会暴露给攻击者,即使访问已通过身份验证。这称为跨站点请求伪造(CSRF)攻击[CSRF]。
However, such browsers are not widely used (at the time of writing, it is estimated that they are used in less than 1% of the market). Publishers who are nevertheless concerned about this attack are advised to avoid making such documents available with HTTP GET.
然而,此类浏览器并未得到广泛使用(在撰写本文时,据估计,它们在不到1%的市场中使用)。尽管如此,仍建议担心此攻击的发布者避免使用HTTP GET提供此类文档。
The following individuals contributed ideas, feedback and wording to this specification:
以下个人为本规范提供了想法、反馈和措辞:
Mike Acar, Mike Amundsen, Cyrus Daboo, Paul Davis, Stefan Koegl, Murray S. Kucherawy, Dean Landolt, Randall Leeds, James Manger, Julian Reschke, James Snell, Eli Stevens, and Henry S. Thompson.
迈克·阿卡尔、迈克·阿蒙森、赛勒斯·达布、保罗·戴维斯、斯特凡·科格尔、默里·S·库奇拉维、迪安·兰多尔特、兰德尔·利兹、詹姆斯·马格尔、朱利安·雷什克、詹姆斯·斯内尔、埃利·史蒂文斯和亨利·S·汤普森。
The structure of a JSON Patch document was influenced by the XML Patch document specification [RFC5261].
JSON修补程序文档的结构受XML修补程序文档规范[RFC5261]的影响。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC4627] Crockford, D., "The application/json Media Type for JavaScript Object Notation (JSON)", RFC 4627, July 2006.
[RFC4627]Crockford,D.,“JavaScript对象表示法(json)的应用程序/json媒体类型”,RFC4627,2006年7月。
[RFC6901] Bryan, P., Ed., Zyp, K., and M. Nottingham, Ed., "JavaScript Object Notation (JSON) Pointer", RFC 6901, April 2013.
[RFC6901]Bryan,P.,Ed.,Zyp,K.,和M.Nottingham,Ed.,“JavaScript对象表示法(JSON)指针”,RFC 69012013年4月。
[CSRF] Barth, A., Jackson, C., and J. Mitchell, "Robust Defenses for Cross-Site Request Forgery", ACM Conference on Computer and Communications Security, October 2008, <http://seclab.stanford.edu/websec/csrf/csrf.pdf>.
[CSRF]Barth,A.,Jackson,C.,和J.Mitchell,“跨站点请求伪造的强大防御”,ACM计算机和通信安全会议,2008年10月<http://seclab.stanford.edu/websec/csrf/csrf.pdf>.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[RFC2616]菲尔丁,R.,盖蒂斯,J.,莫卧儿,J.,弗莱斯蒂克,H.,马斯特,L.,利奇,P.,和T.伯纳斯李,“超文本传输协议——HTTP/1.1”,RFC 2616,1999年6月。
[RFC5261] Urpalainen, J., "An Extensible Markup Language (XML) Patch Operations Framework Utilizing XML Path Language (XPath) Selectors", RFC 5261, September 2008.
[RFC5261]Urpalainen,J.,“利用XML路径语言(XPath)选择器的可扩展标记语言(XML)修补程序操作框架”,RFC 52612008年9月。
[RFC5789] Dusseault, L. and J. Snell, "PATCH Method for HTTP", RFC 5789, March 2010.
[RFC5789]Dusseault,L.和J.Snell,“HTTP的补丁方法”,RFC 5789,2010年3月。
An example target JSON document:
一个示例目标JSON文档:
{ "foo": "bar"}
{ "foo": "bar"}
A JSON Patch document:
JSON修补程序文档:
[ { "op": "add", "path": "/baz", "value": "qux" } ]
[ { "op": "add", "path": "/baz", "value": "qux" } ]
The resulting JSON document:
生成的JSON文档:
{ "baz": "qux", "foo": "bar" }
{ "baz": "qux", "foo": "bar" }
An example target JSON document:
一个示例目标JSON文档:
{ "foo": [ "bar", "baz" ] }
{ "foo": [ "bar", "baz" ] }
A JSON Patch document:
JSON修补程序文档:
[ { "op": "add", "path": "/foo/1", "value": "qux" } ]
[ { "op": "add", "path": "/foo/1", "value": "qux" } ]
The resulting JSON document:
生成的JSON文档:
{ "foo": [ "bar", "qux", "baz" ] }
{ "foo": [ "bar", "qux", "baz" ] }
An example target JSON document:
一个示例目标JSON文档:
{ "baz": "qux", "foo": "bar" }
{ "baz": "qux", "foo": "bar" }
A JSON Patch document:
JSON修补程序文档:
[ { "op": "remove", "path": "/baz" } ]
[ { "op": "remove", "path": "/baz" } ]
The resulting JSON document:
生成的JSON文档:
{ "foo": "bar" }
{ "foo": "bar" }
An example target JSON document:
一个示例目标JSON文档:
{ "foo": [ "bar", "qux", "baz" ] }
{ "foo": [ "bar", "qux", "baz" ] }
A JSON Patch document:
JSON修补程序文档:
[ { "op": "remove", "path": "/foo/1" } ]
[ { "op": "remove", "path": "/foo/1" } ]
The resulting JSON document:
生成的JSON文档:
{ "foo": [ "bar", "baz" ] }
{ "foo": [ "bar", "baz" ] }
An example target JSON document:
一个示例目标JSON文档:
{ "baz": "qux", "foo": "bar" }
{ "baz": "qux", "foo": "bar" }
A JSON Patch document:
JSON修补程序文档:
[ { "op": "replace", "path": "/baz", "value": "boo" } ]
[ { "op": "replace", "path": "/baz", "value": "boo" } ]
The resulting JSON document:
生成的JSON文档:
{ "baz": "boo", "foo": "bar" }
{ "baz": "boo", "foo": "bar" }
An example target JSON document:
一个示例目标JSON文档:
{ "foo": { "bar": "baz", "waldo": "fred" }, "qux": { "corge": "grault" } }
{ "foo": { "bar": "baz", "waldo": "fred" }, "qux": { "corge": "grault" } }
A JSON Patch document:
JSON修补程序文档:
[ { "op": "move", "from": "/foo/waldo", "path": "/qux/thud" } ]
[ { "op": "move", "from": "/foo/waldo", "path": "/qux/thud" } ]
The resulting JSON document:
生成的JSON文档:
{ "foo": { "bar": "baz" }, "qux": { "corge": "grault", "thud": "fred" } }
{ "foo": { "bar": "baz" }, "qux": { "corge": "grault", "thud": "fred" } }
An example target JSON document:
一个示例目标JSON文档:
{ "foo": [ "all", "grass", "cows", "eat" ] }
{ "foo": [ "all", "grass", "cows", "eat" ] }
A JSON Patch document:
JSON修补程序文档:
[ { "op": "move", "from": "/foo/1", "path": "/foo/3" } ]
[ { "op": "move", "from": "/foo/1", "path": "/foo/3" } ]
The resulting JSON document:
生成的JSON文档:
{ "foo": [ "all", "cows", "eat", "grass" ] }
{ "foo": [ "all", "cows", "eat", "grass" ] }
An example target JSON document:
一个示例目标JSON文档:
{ "baz": "qux", "foo": [ "a", 2, "c" ] }
{ "baz": "qux", "foo": [ "a", 2, "c" ] }
A JSON Patch document that will result in successful evaluation:
将导致成功评估的JSON修补程序文档:
[ { "op": "test", "path": "/baz", "value": "qux" }, { "op": "test", "path": "/foo/1", "value": 2 } ]
[ { "op": "test", "path": "/baz", "value": "qux" }, { "op": "test", "path": "/foo/1", "value": 2 } ]
An example target JSON document:
一个示例目标JSON文档:
{ "baz": "qux" }
{ "baz": "qux" }
A JSON Patch document that will result in an error condition:
将导致错误情况的JSON修补程序文档:
[ { "op": "test", "path": "/baz", "value": "bar" } ]
[ { "op": "test", "path": "/baz", "value": "bar" } ]
An example target JSON document:
一个示例目标JSON文档:
{ "foo": "bar" }
{ "foo": "bar" }
A JSON Patch document:
JSON修补程序文档:
[ { "op": "add", "path": "/child", "value": { "grandchild": { } } } ]
[ { "op": "add", "path": "/child", "value": { "grandchild": { } } } ]
The resulting JSON document:
生成的JSON文档:
{ "foo": "bar", "child": { "grandchild": { } } }
{ "foo": "bar", "child": { "grandchild": { } } }
An example target JSON document:
一个示例目标JSON文档:
{ "foo": "bar" }
{ "foo": "bar" }
A JSON Patch document:
JSON修补程序文档:
[ { "op": "add", "path": "/baz", "value": "qux", "xyz": 123 } ]
[ { "op": "add", "path": "/baz", "value": "qux", "xyz": 123 } ]
The resulting JSON document:
生成的JSON文档:
{ "foo": "bar", "baz": "qux" }
{ "foo": "bar", "baz": "qux" }
An example target JSON document:
一个示例目标JSON文档:
{ "foo": "bar" }
{ "foo": "bar" }
A JSON Patch document:
JSON修补程序文档:
[ { "op": "add", "path": "/baz/bat", "value": "qux" } ]
[ { "op": "add", "path": "/baz/bat", "value": "qux" } ]
This JSON Patch document, applied to the target JSON document above, would result in an error (therefore, it would not be applied), because the "add" operation's target location that references neither the root of the document, nor a member of an existing object, nor a member of an existing array.
应用于上述目标JSON文档的此JSON修补程序文档将导致错误(因此,不会应用它),因为“添加”操作的目标位置既不引用文档的根,也不引用现有对象的成员,也不引用现有数组的成员。
A JSON Patch document:
JSON修补程序文档:
[ { "op": "add", "path": "/baz", "value": "qux", "op": "remove" } ]
[ { "op": "add", "path": "/baz", "value": "qux", "op": "remove" } ]
This JSON Patch document cannot be treated as an "add" operation, because it contains a later "op":"remove" element. JSON requires that object member names be unique with a "SHOULD" requirement, and there is no standard error handling for duplicates.
此JSON修补程序文档不能视为“添加”操作,因为它包含后面的“op”:“remove”元素。JSON要求对象成员名称必须是唯一的,并且有“应该”的要求,并且没有针对重复项的标准错误处理。
An example target JSON document:
一个示例目标JSON文档:
{ "/": 9, "~1": 10 }
{ "/": 9, "~1": 10 }
A JSON Patch document:
JSON修补程序文档:
[ {"op": "test", "path": "/~01", "value": 10} ]
[ {"op": "test", "path": "/~01", "value": 10} ]
The resulting JSON document:
生成的JSON文档:
{ "/": 9, "~1": 10 }
{ "/": 9, "~1": 10 }
An example target JSON document:
一个示例目标JSON文档:
{ "/": 9, "~1": 10 }
{ "/": 9, "~1": 10 }
A JSON Patch document:
JSON修补程序文档:
[ {"op": "test", "path": "/~01", "value": "10"} ]
[ {"op": "test", "path": "/~01", "value": "10"} ]
This results in an error, because the test fails. The document value is numeric, whereas the value being tested for is a string.
这会导致错误,因为测试失败。文档值是数字,而测试的值是字符串。
An example target JSON document:
一个示例目标JSON文档:
{ "foo": ["bar"] }
{ "foo": ["bar"] }
A JSON Patch document:
JSON修补程序文档:
[ { "op": "add", "path": "/foo/-", "value": ["abc", "def"] } ]
[ { "op": "add", "path": "/foo/-", "value": ["abc", "def"] } ]
The resulting JSON document:
生成的JSON文档:
{ "foo": ["bar", ["abc", "def"]] }
{ "foo": ["bar", ["abc", "def"]] }
Authors' Addresses
作者地址
Paul C. Bryan (editor) Salesforce.com
保罗·C·布莱恩(编辑)Salesforce.com
Phone: +1 604 783 1481 EMail: pbryan@anode.ca
Phone: +1 604 783 1481 EMail: pbryan@anode.ca
Mark Nottingham (editor) Akamai
马克·诺丁汉(编辑)Akamai
EMail: mnot@mnot.net
EMail: mnot@mnot.net