[Django] #20701: Using python dicts directly in javascript

12 views
Skip to first unread message

Django

unread,
Jul 4, 2013, 8:40:52 AM7/4/13
to django-...@googlegroups.com
#20701: Using python dicts directly in javascript
----------------------------------+--------------------
Reporter: tim0306+django@… | Owner: nobody
Type: New feature | Status: new
Component: Uncategorized | Version: 1.5
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
----------------------------------+--------------------
I'm using Django to push some data from python into some javascript code.
So I use RequestContext to set up the variables and hen use HttpResponse
to render the template with the variables.

The javascript code (highcharts) follows a similar syntax as pythons dict,
namely:
name: 'Female',
color: 'rgba(223, 83, 83, .5)',
data: [[161.2, 51.6], [163.8, 67.3]]

So I tried to directly use a python dict as a context, but got the
following result:
'color': 'rgba(223, 83, 83, .5)'
'name': 'Female'

The dict data makes it into the final html, but the quotes of the string
literals are respresented by '

It would be a great feature if the coupling from dict to template would
work. To make this more generic maybe some preprocessing function could be
defined that preps the dict data before it is pushed into the template.

--
Ticket URL: <https://code.djangoproject.com/ticket/20701>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Jul 4, 2013, 5:45:22 PM7/4/13
to django-...@googlegroups.com
#20701: Using python dicts directly in javascript
----------------------------------+--------------------------------------
Reporter: tim0306+django@… | Owner: nobody
Type: New feature | Status: closed
Component: Uncategorized | Version: 1.5
Severity: Normal | Resolution: duplicate
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
----------------------------------+--------------------------------------
Changes (by aaugustin):

* status: new => closed
* needs_better_patch: => 0
* resolution: => duplicate
* needs_tests: => 0
* needs_docs: => 0


Comment:

This is a duplicate of #17419 which cannot be implemented without
introducing major security problems (XSS). It's impossible to serialize an
arbitrary data structure into JavaScript embedded in HTML with Python's
`json` module with adequate escaping. Trust me, I tried hard.

Request the JSON blob with AJAX instead.

--
Ticket URL: <https://code.djangoproject.com/ticket/20701#comment:1>

Reply all
Reply to author
Forward
0 new messages