How to filter the @jsonify warning
Christoph Haas
I'm trying the ExtJS Javascript framework in a workflow-style Pylons
project. And that means passing a lot of JSON data around. There is a
certain cross-site vulnerability problem when sending JSON arrays (versus
JSON dictionaries or scalars). But without working around it on the ExtJS
side I will have to use arrays. So I tried to be smart and ignore the
warning from the @jsonify decorator (which is flooding my logs):
22:53:51,387 WARNI [pylons.decorators] JSON responses with Array envelopes
are susceptible to cross-site data leak attacks, see
http://pylonshq.com/warnings/JSONArray
Unfortunately I wasn't very lucky. I tried to use:
import warnings
warnings.filterwarnings('ignore', 'JSON responses with Array envelopes')
in several places like lib/base.py or config/environment.py but the warning
always still appeared. Where would I put that code to be successful? I
know it's close to trivial to just copy the @jsonify decorator function
and removing that line. I'm more interested in how to suppress the
warnings.
Any ideas?
Cheers
Christoph
--
A guess is just a guess until you turn it into a pie chart.
Then it's an analysis. (Scott Adams)
Philip Jenvey
I'd recommend environment.py for the most appropriate place for this.
It's not working because the message argument should be an RE match,
whereas you're assuming it's an RE search. Try:
> warnings.filterwarnings('ignore', '.*JSON responses with Array
> envelopes.*')
--
Philip Jenvey
Ben Bangert
> Unfortunately I wasn't very lucky. I tried to use:
>
> import warnings
> warnings.filterwarnings('ignore', 'JSON responses with Array
> envelopes')
You need to specify the warning itself that is being thrown, rather
than the message of it. Ie:
warnings.filterwarnings('ignore', module='pylons.decorators')
As the entire message itself is a bit long.
Or if since it compiles them to be regexp, maybe:
warnings.filterwarnings('ignore', 'JSON responses with.*')
would do the trick.
Cheers,
Ben