XML versus JSON

XML versus JSON

XML versus JSON








If you haven’t heard much about XML lately, you’re not the only one. XML has been rapidly falling out of favor with developers and has been replaced with a more flexible and faster format.

XML, the Extensible Markup Language, rose from the SGML format in the 1990s. It reached the 1.0 spec in 1997 and grew from there. The primary appeal of XML is that it was ideal for transferring data between other formats. It required far fewer filters for data conversion to share data between different applications that might have their own proprietary format. That’s one reason why with Office 2007, Microsoft shifted its Word and Excel file formats to XML-based format. Conversion to other formats was made much easier thanks to XML.

But XML had its flaws, mostly that it was excessively verbose and complex. Mapping XML to type systems of programming languages or databases can be difficult, especially when the data is highly structured to one application. There are too many tags, which take up too many characters and therefore slow the response down. Because it’s so “heavy,” XML is considered to be slow when working at Web speeds.

While developers didn’t necessarily dislike XML, any alternative was quickly embraced, with the big one being JSON, or JavaScript Object Notation. Originally written in JavaScript, it’s now available in multiple languages and has become a popular alternative to XML for asynchronous browser/server communication.

With so much developer activity around Web development, it’s no wonder JSON has become a popular alternative. A chart of tags used by developers who visit Stack Overflow, a popular developer forum, shows that XML has cratered in recent years. JSON shows a meteoric rise with a slight dip last year.


The reasons for JSON’s rise are fairly clear, according to Tim Perry, tech lead and open-source champion at Softwire, a custom software developer in the U.K.:

  • Complexity– “JSON is an intentionally simple and focused tool. That means it can’t represent the most complicated of structured and concepts standalone, but one of the big changes in development in recent years has been an acceptance that that’s not what’s useful. Flexible, composable tools, rather than large heavyweight systems, are gaining favor everywhere, and JSON’s ridden this wave well,” he says.
  • Security– XML has some major vulnerabilities even with proper parsing. These include known attacks like the Billion Laughs attack or External Entity attacks. “There are standard features of XML you can accidentally turn on, and put your system at substantial risk, which is not the case with JSON. It’s hard to build a tool that uses JSON and is exposed to risks like these, whereas it’s something you actively have to check for and avoid when using XML,” Perry says.
  • JavaScript– JSON is written in JavaScript and was originally defined to pull out the convenient syntax used in JavaScript as a data format in itself, for easy interoperability with JavaScript.
  • Tool support– Due to its popularity, more developer tools accept JSON as standard and momentum is building.

Blame it on JavaScript

While there are several reasons listed for JSON’s rise, its JavaScript’s popularity on both the client and server sides that has really made the difference, says Zeev Glozman, founder and CEO of Beame.io, an Israeli information security company. “Full software frameworks are being written in JavaScript [in the client], and in the server environment, node.js has become one of the most popular back-end server tools. The language allows native mapping into JSON serialized objects,” he says.

David Aktary, founder of AktaryTech, a custom software house, also cites the speed of JavaScript, and adds it offers developers a chance to embrace agile development methods for JavaScript. “There’s a lot more structure and rigor in the XML world, whereas JSON is kind of a wing it and kind of similar to waterfall vs. agile. When people are delivering code to production multiple times a day, you have to be flexible and fast and JSON is more suited to that,” he says.

Jon Bock, vice president of products and marketing for Snowflake Computing, a cloud data warehouse, agreed on the agile-JSON connection. “There is a connection between the needs of agile development and JSON in that rapidly evolving code often means rapid evolution in the data being generated by that code. Using JSON, the amount of extra work needed to package and unpackage new data elements on the sending and receiving sides can often be less because there is typically an easier mapping between the structures in the JSON representation and the structures in the code processing the data,” he says.

“When it comes to XML, you have to really think ahead about how you structure your data and write documents and code the XML for how the data is going to be, whereas JSON is completely flexible,” Aktary says. “The downside is you can get data you didn’t expect at runtime, where XML doesn’t allow that.”

XML put people off because it required so much up front work, says Aktary. “I remember having to do document type definitions and a lot of pre-work to structure my XML-based app, whereas with JSON you can define an object in JavaScript and add whatever properties at runtime. If you try that with XML at runtime it’s invalid.”

XML still has uses

Bock says that most new projects would be better served to be JSON-oriented, especially Web apps. “It doesn’t make sense to start a new project in XML unless it has data in XML form,” he says.

He added people shouldn’t migrate XML data to JSON for the sake of migrating, if what you have works, stick with it. And there are definitely pluses to XML, such as XML-based databases with queries and app logic all written in XML.

He also says that JSON is just a data interchange format where XML is a broader set of tools, one of which is metadata. XML supports metadata, JSON is just attributes, so there is a challenge to represent metadata in JSON. Also, there is no support for namespaces in JSON. Finally, binary coded files, like graphics files or documents, fit well into XML. JSON, not so much.

“There are a lot of standards around data use cases in XML that don’t exist JSON. Data interchange formats for records like EDI, which migrated to XML, have standard formats. Those don’t exist for JSON,” he says.