fusionbox / django-argonauts Goto Github PK
View Code? Open in Web Editor NEWDEPRECATED: A lightweight collection of JSON helpers for Django.
Home Page: https://pypi.python.org/pypi/django-argonauts/
License: BSD 2-Clause "Simplified" License
DEPRECATED: A lightweight collection of JSON helpers for Django.
Home Page: https://pypi.python.org/pypi/django-argonauts/
License: BSD 2-Clause "Simplified" License
so I can do var x = JSON.parse('{{ foo|json }}');
This way I can run eslint and other code transformers over the code.
See: http://benalpert.com/2012/08/03/preventing-xss-json.html
I think the current escaping of '<' prevents against this, but just wanted to be sure.
Should we replace </ with <]/ as this article suggests?
Needs information on how to install and integrate with projects.
Ie:
pip install django-argonauts
I would assume that since there are template tags, it also needs to be added to the INSTALLED_APPS
list in settings.py
INSTALLED_APPS += ['argonauts']
In my template I'm trying to pass the csrf_token
to JavaScript using the |json
filter. This worked previously on Django 1.6, however, it seems that in Django 1.8 the csrf_token
has become lazy. I wonder if there are similar issues with request.user being a lazy user?
Traceback:
Traceback (most recent call last):
File "/XXX/lib/python2.7/site-packages/django/contrib/staticfiles/handlers.py", line 63, in __call__
return self.application(environ, start_response)
File "/XXX/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 189, in __call__
response = self.get_response(request)
File "/XXX/lib/python2.7/site-packages/django/core/handlers/base.py", line 218, in get_response
response = self.handle_uncaught_exception(request, resolver, sys.exc_info())
File "/XXX/lib/python2.7/site-packages/django/core/handlers/base.py", line 261, in handle_uncaught_exception
return debug.technical_500_response(request, *exc_info)
File "/XXX/lib/python2.7/site-packages/django_extensions/management/technical_response.py", line 5, in null_technical_500_response
six.reraise(exc_type, exc_value, tb)
File "/XXX/lib/python2.7/site-packages/django/core/handlers/base.py", line 164, in get_response
response = response.render()
File "/XXX/lib/python2.7/site-packages/django/template/response.py", line 158, in render
self.content = self.rendered_content
File "/XXX/lib/python2.7/site-packages/django/template/response.py", line 135, in rendered_content
content = template.render(context, self._request)
File "/XXX/lib/python2.7/site-packages/django_jinja/backend.py", line 105, in render
return self.template.render(context)
File "/XXX/lib/python2.7/site-packages/jinja2/environment.py", line 969, in render
return self.environment.handle_exception(exc_info, True)
File "/XXX/lib/python2.7/site-packages/jinja2/environment.py", line 742, in handle_exception
reraise(exc_type, exc_value, tb)
# ...
var CSRF_TOKEN = {{ csrf_token|json }};
File "/XXX/lib/python2.7/site-packages/argonauts/templatetags/argonauts.py", line 23, in json
json_str = json_dumps(a)
File "/XXX/lib/python2.7/site-packages/argonauts/__init__.py", line 29, in dumps
return json.dumps(*args, **kwargs)
File "/usr/lib64/python2.7/json/__init__.py", line 250, in dumps
sort_keys=sort_keys, **kw).encode(obj)
File "/usr/lib64/python2.7/json/encoder.py", line 201, in encode
return encode_basestring_ascii(o)
TypeError: first argument must be a string, not SimpleLazyObject
Would be nice to know what if anything changed during the last release.
(but we could wait until next release)
The problem http://www.thespanner.co.uk/2011/07/25/the-json-specification-is-now-wrong/
Yahoo serializer escapes these chars https://github.com/yahoo/serialize-javascript/blob/adfee60681dd02b0c4ec73793ad4bb39bbff46ef/index.js#L20
in the context of |json
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.