If you haven't heard much about XML lately, you're not the only one. XML has been rapidly falling out of favor with developers and has been replaced with a more flexible and faster format.
XML, the Extensible Markup Language, rose from the SGML format in the 1990s. It reached the 1.0 spec in 1997 and grew from there. The primary appeal of XML is that it was ideal for transferring data between other formats. It required far fewer filters for data conversion to share data between different applications that might have their own proprietary format. That's one reason why with Office 2007, Microsoft shifted its Word and Excel file formats to XML-based format. Conversion to other formats was made much easier thanks to XML.
But XML had its flaws, mostly that it was excessively verbose and complex. Mapping XML to type systems of programming languages or databases can be difficult, especially when the data is highly structured to one application. There are too many tags, which take up too many characters and therefore slow the response down. Because it's so "heavy," XML is considered to be slow when working at Web speeds.
With so much developer activity around Web development, it's no wonder JSON has become a popular alternative. A chart of tags used by developers who visit Stack Overflow, a popular developer forum, shows that XML has cratered in recent years. JSON shows a meteoric rise with a slight dip last year.
The reasons for JSON's rise are fairly clear, according to Tim Perry, tech lead and open-source champion at Softwire, a custom software developer in the U.K.:
- Complexity – "JSON is an intentionally simple and focused tool. That means it can't represent the most complicated of structured and concepts standalone, but one of the big changes in development in recent years has been an acceptance that that's not what's useful. Flexible, composable tools, rather than large heavyweight systems, are gaining favor everywhere, and JSON's ridden this wave well," he says.
- Security – XML has some major vulnerabilities even with proper parsing. These include known attacks like the Billion Laughs attack or External Entity attacks. "There are standard features of XML you can accidentally turn on, and put your system at substantial risk, which is not the case with JSON. It's hard to build a tool that uses JSON and is exposed to risks like these, whereas it's something you actively have to check for and avoid when using XML," Perry says.
- Tool support – Due to its popularity, more developer tools accept JSON as standard and momentum is building.
Sign up for CIO Asia eNewsletters.