Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

XML is toast, long live JSON

Andy Patrizio | June 10, 2016
XML was useful in its time, but it has been supplanted by faster, more flexible formats.

If you haven't heard much about XML lately, you're not the only one. XML has been rapidly falling out of favor with developers and has been replaced with a more flexible and faster format.

XML, the Extensible Markup Language, rose from the SGML format in the 1990s. It reached the 1.0 spec in 1997 and grew from there. The primary appeal of XML is that it was ideal for transferring data between other formats. It required far fewer filters for data conversion to share data between different applications that might have their own proprietary format. That's one reason why with Office 2007, Microsoft shifted its Word and Excel file formats to XML-based format. Conversion to other formats was made much easier thanks to XML.

But XML had its flaws, mostly that it was excessively verbose and complex. Mapping XML to type systems of programming languages or databases can be difficult, especially when the data is highly structured to one application. There are too many tags, which take up too many characters and therefore slow the response down. Because it's so "heavy," XML is considered to be slow when working at Web speeds.

While developers didn't necessarily dislike XML, any alternative was quickly embraced, with the big one being JSON, or JavaScript Object Notation. Originally written in JavaScript, it's now available in multiple languages and has become a popular alternative to XML for asynchronous browser/server communication.

With so much developer activity around Web development, it's no wonder JSON has become a popular alternative. A chart of tags used by developers who visit Stack Overflow, a popular developer forum, shows that XML has cratered in recent years. JSON shows a meteoric rise with a slight dip last year.

Click for larger image.

The reasons for JSON's rise are fairly clear, according to Tim Perry, tech lead and open-source champion at Softwire, a custom software developer in the U.K.:

  • Complexity – "JSON is an intentionally simple and focused tool. That means it can't represent the most complicated of structured and concepts standalone, but one of the big changes in development in recent years has been an acceptance that that's not what's useful. Flexible, composable tools, rather than large heavyweight systems, are gaining favor everywhere, and JSON's ridden this wave well," he says.
  • Security – XML has some major vulnerabilities even with proper parsing. These include known attacks like the Billion Laughs attack or External Entity attacks. "There are standard features of XML you can accidentally turn on, and put your system at substantial risk, which is not the case with JSON. It's hard to build a tool that uses JSON and is exposed to risks like these, whereas it's something you actively have to check for and avoid when using XML," Perry says.
  • JavaScript - JSON is written in JavaScript and was originally defined to pull out the convenient syntax used in JavaScript as a data format in itself, for easy interoperability with JavaScript.
  • Tool support – Due to its popularity, more developer tools accept JSON as standard and momentum is building.


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.