My attempts to reproduce it (I have quite a lot of code that returns JSON
arrays) on the smattering of browsers I had handy resulted in no apparent
vulnerabilities.
On Tuesday, February 17, 2015 at 10:30:20 AM UTC+10:30, Tom Christie wrote:
>
> I haven't dug out sources on this, but I think that
I haven't dug out sources on this, but I think that vulnerability had been
dealt with a long time ago, and isn't an issue on browsers with any real market
share today.
Would need to double check though - don't remember where I came across it
previously.
--
You received this message because yo
Cheers for the quick reply... well, you learn more about how shit JS is
every day :P
--
C
On 17 February 2015 at 10:41, Florian Apolloner
wrote:
>
>
> On Tuesday, February 17, 2015 at 12:30:25 AM UTC+1, Curtis Maloney wrote:
>>
>> Ran into this bug this morning... what's the rationale behind
>>
On Tuesday, February 17, 2015 at 12:30:25 AM UTC+1, Curtis Maloney wrote:
>
> Ran into this bug this morning... what's the rationale behind JsonResponse
> only accepting dict types unless you set safe=False to allow _any_ type?
>
Cause dict maps to object which is somewhat safe.
> Surely lis
Ran into this bug this morning... what's the rationale behind JsonResponse
only accepting dict types unless you set safe=False to allow _any_ type?
Surely list/tuple should also be permitted?
There's a test explicitly ensuring lists fail.
I'm not comfortable turning off ALL type safe-guards just