Context Navigation

← Previous Ticket
Next Ticket →

#32899 closed Cleanup/optimization (fixed)

enhance JSONResponse safe=True kwarg docs

Reported by:	Thomas Grainger	Owned by:	Hasan Ramezani
Component:	Documentation	Version:	3.2
Severity:	Normal	Keywords:
Cc:	Simon Willison	Triage Stage:	Ready for checkin
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description (last modified by Jacob Walls)

currently JSONResponse documents a safe kwarg

      Data to be dumped into json. By default only ``dict`` objects
      are allowed to be passed due to a security flaw before EcmaScript 5. See
      the ``safe`` parameter for more information.

EcmaScript 5 is mostly dead, but there are other advantages to only sending dicts, see https://twitter.com/simonw/status/1410682522908856320

Change History (9)

comment:1 by Jacob Walls, 3 years ago

Description:	modified (diff)

comment:2 by Mariusz Felisiak, 3 years ago

Owner:	Simon Willison removed
Status:	assigned → new
Triage Stage:	Unreviewed → Accepted

Agreed, we can enhance this warning. Thomas, would you like to submit a patch?

comment:3 by Mariusz Felisiak, 3 years ago

Cc:	Simon Willison added

comment:4 by Hasan Ramezani, 3 years ago

Has patch:	set
Owner:	set to Hasan Ramezani
Status:	new → assigned

I added a small sentence to mention that object response makes the expansion of response simpler.

@Mariusz, I think is about the safe=True kwarg docs but you mentioned to enhance the warning. which warning do you mean?

comment:5 by Mariusz Felisiak, 3 years ago

Patch needs improvement:	set

You've added a note to the docstring, which is fine, but we should also add a note to the warning in the docs.

comment:6 by Hasan Ramezani, 3 years ago

Patch needs improvement:	unset

comment:7 by Hasan Ramezani, 3 years ago

@Mariusz, I got some reviews on PR. Could you please clarify for me what should I do? Thanks!

comment:8 by Carlton Gibson, 3 years ago

Triage Stage:	Accepted → Ready for checkin

comment:9 by Mariusz Felisiak <felisiak.mariusz@…>, 3 years ago

Resolution:	→ fixed
Status:	assigned → closed

In f5669fd:

Fixed #32899 -- Added note about avoiding non-dict objects in JsonResponse docs.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@…>

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues