Code

Opened 5 years ago

Closed 3 years ago

#10920 closed Uncategorized (invalid)

json serializer should not return javascript array

Reported by: j_king Owned by: nobody
Component: Core (Serialization) Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX:

Description

http://directwebremoting.org/blog/joe/2007/03/05/json_is_not_as_safe_as_people_think_it_is.html

At the very least, it should return a top-level JSON object:

{response: [{pk: 1,
             some_field: "hi!"},
            {pk: 2,
             some_field: "hiya!"}]}

Attachments (0)

Change History (2)

comment:1 Changed 5 years ago by anonymous

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Design decision needed

comment:2 Changed 3 years ago by lukeplant

  • Easy pickings unset
  • Resolution set to invalid
  • Severity set to Normal
  • Status changed from new to closed
  • Type set to Uncategorized

This is not something that a JSON serializer should be concerned about - it is the responsibility of the app developer. JSON is not just used by web apps using AJAX.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.