id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
27183	JSONField improperly escaped in admin interface during normal usage	Jeff Cook	nobody	"The line of code at https://github.com/django/django/blob/68de48c96328e13d5dbdb1f3006e4a1ca74f3c34/django/contrib/postgres/forms/jsonb.py#L45 results in the escaping of a plain JSON string. That's because the string is already in valid JSON when run through json.dumps. This is user-facing and visible in the Django admin interface when a JSONField is edited.

With the current code, the line in the admin looks like this: http://imgur.com/fw29t1c.jpg

If we just return value instead of json.dumps(value), we get this: http://imgur.com/msBT1tI.jpg

(Someone may want to attach those jpgs directly to this report for posterity; I don't know what the convention is on this bug tracker)

In fact, looking at the code now, I wonder if we just need to swap lines 44 and 45. It would seem that if a value is invalid JSON, as the check on line 43 implies, that we *should* be dumping it through the json serializer, whereas if it's valid JSON, we shouldn't. Maybe the logic just got swapped there.

#25532 deals with a similar topic."	Bug	closed	contrib.postgres	1.10	Normal	duplicate			Unreviewed	0	0	0	0	0	0