Re: [Django] #35885: JSONField does accept strings that look like dicts and incorrectly saves them as strings, breaking JSON filtering

[Django]

#35885: JSONField does accept strings that look like dicts and incorrectly saves
them as strings, breaking JSON filtering
-------------------------------------+-------------------------------------
     Reporter:  DataGreed            |                    Owner:  (none)
         Type:  Uncategorized        |                   Status:  closed
    Component:  Database layer       |                  Version:  5.0
  (models, ORM)                      |
     Severity:  Normal               |               Resolution:  invalid
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Comment (by DataGreed2):

 Replying to [comment:1 Simon Charette]:
 > JSON accepts top level string as valid input; that is including JSON
 serialized as a string.
 >
 > > [...] since developers usually sanitize the data at least by dumping
 the dict to json to make sure it is even possible to dump.
 >
 > I don't think this is a normal behavior. Usually data transits through
 through serialization layers that are in charge of parsing JSON strings as
 Python objects just like for datetimes, decimal, float, and other types.

 So what do you suggest? I encounter this bug throughout the years and I
 spend considerable amount of time trying to figure out the issue when the
 json deep filtering suddenly does not work.

 Why would you think this is not normal behaviour? Why IntegerField breaks
 if you try to save "FOO" in it and JSONField doesn't break when you save
 string in it? It should throw a validation error at least. Same goes with
 other fields that work properly, unlike JSONField that allows you to write
 data that cannot be parsed properly.

 > Having `JSONField` auto-magically perform a `json.loads` when provided a
 string input is backward incompatible and prevents storing JSON de-
 serializable strings as top level values (e.g. `"1", "false", "null"`).

 Well, you can jsut check it for these values before calling json.loads.
 Although, I have no ide why would you even try to write "false" or "1" in
 a JSONField.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/35885#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/0107019350348746-23f51158-eda2-4ca6-baa7-4a280e8f086d-000000%40eu-central-1.amazonses.com.