Opened 3 years ago

Closed 3 years ago

#32899 closed Cleanup/optimization (fixed)

enhance JSONResponse safe=True kwarg docs

Reported by: Thomas Grainger Owned by: Hasan Ramezani
Component: Documentation Version: 3.2
Severity: Normal Keywords:
Cc: Simon Willison Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Jacob Walls)

currently JSONResponse documents a safe kwarg

      Data to be dumped into json. By default only ``dict`` objects
      are allowed to be passed due to a security flaw before EcmaScript 5. See
      the ``safe`` parameter for more information.

EcmaScript 5 is mostly dead, but there are other advantages to only sending dicts, see https://twitter.com/simonw/status/1410682522908856320

Change History (9)

comment:1 by Jacob Walls, 3 years ago

Description: modified (diff)

comment:2 by Mariusz Felisiak, 3 years ago

Owner: Simon Willison removed
Status: assignednew
Triage Stage: UnreviewedAccepted

Agreed, we can enhance this warning. Thomas, would you like to submit a patch?

comment:3 by Mariusz Felisiak, 3 years ago

Cc: Simon Willison added

comment:4 by Hasan Ramezani, 3 years ago

Has patch: set
Owner: set to Hasan Ramezani
Status: newassigned

I added a small sentence to mention that object response makes the expansion of response simpler.

@Mariusz, I think is about the safe=True kwarg docs but you mentioned to enhance the warning. which warning do you mean?

comment:5 by Mariusz Felisiak, 3 years ago

Patch needs improvement: set

You've added a note to the docstring, which is fine, but we should also add a note to the warning in the docs.

comment:6 by Hasan Ramezani, 3 years ago

Patch needs improvement: unset

comment:7 by Hasan Ramezani, 3 years ago

@Mariusz, I got some reviews on PR. Could you please clarify for me what should I do? Thanks!

comment:8 by Carlton Gibson, 3 years ago

Triage Stage: AcceptedReady for checkin

comment:9 by Mariusz Felisiak <felisiak.mariusz@…>, 3 years ago

Resolution: fixed
Status: assignedclosed

In f5669fd:

Fixed #32899 -- Added note about avoiding non-dict objects in JsonResponse docs.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@…>

Note: See TracTickets for help on using tickets.
Back to Top