[issue18290] json encoder does not support JSONP/JavaScript safe escaping
Tom Christie added the comment: I believe the status of this should be reassessed and that python should default to escaping '\u2028' and '\u2029'. *Strictly* speaking this isn't a bug and is per the JSON spec. *However* this *is* a bug in the JSON spec - which *should* be a strict subset of JSON. Given that both escaped and unescaped are valid, ensuring that those two characters *are* always escaped would clearly be more user-friendly behavior on our part, and *would* lead to less bugs in, say web frameworks that use the JSON module and then pass the output to template (eg populating a javscript variable with some JSON output). -- nosy: +tomchristie ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18290 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18290] json encoder does not support JSONP/JavaScript safe escaping
Serhiy Storchaka added the comment: There is explicit note in the documentation about incompatibility with JavaScript. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18290 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18290] json encoder does not support JSONP/JavaScript safe escaping
Tom Christie added the comment: There is explicit note in the documentation about incompatibility with JavaScript. That may be, but we're still unnecessarily making for a poorer user experience. There's no good reason why we shouldn't just treat \u2028 and \u2029 as control characters - it's only going to making things better for developers using the json module. It is an unnecessary usability bug as it stands. Just because JSON has a bug in its spec wrt those two characters, doesn't mean we can't help our users avoid ever having to know about that or work around it in user code. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18290 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18290] json encoder does not support JSONP/JavaScript safe escaping
Changes by Serhiy Storchaka storch...@gmail.com: -- stage: - committed/rejected status: pending - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18290 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18290] json encoder does not support JSONP/JavaScript safe escaping
Serhiy Storchaka added the comment: Embedding JSON inside script tag doesn't differ from embedding any string in some format (i.e. JSON in Python string, Python sources in HTML, or XML in a shell script). We just escape characters which have special meaning. I propose close this issue because embedding JSON (as any other generated code) in inline JavaScript can be done very easily with a sequence of string replaces. This has no relations to the json module. -- status: open - pending ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18290 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18290] json encoder does not support JSONP/JavaScript safe escaping
Serhiy Storchaka added the comment: I think this is not JSON issue. If you need escaping of some domain-specific characters, do it youself. I.e. json.dump(...).replace('\u2028', r'\u2028').replace('\u2029', r'\u2029').replace('/', r'\u003c\u002f') -- resolution: - invalid status: open - pending ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18290 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18290] json encoder does not support JSONP/JavaScript safe escaping
Antoine Pitrou added the comment: On the one hand, supporting JSONP is a valid request for the json module. On the other hand, according to Wikipedia, There have been some criticisms raised about JSONP. Cross-origin resource sharing (CORS) is a more recent method of getting data from a server in a different domain, which addresses some of those criticisms. Therefore, supporting JSONP might not really be worth it. -- status: pending - open ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18290 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18290] json encoder does not support JSONP/JavaScript safe escaping
Changes by Serhiy Storchaka storch...@gmail.com: -- nosy: +ezio.melotti, pitrou, rhettinger, serhiy.storchaka ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18290 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18290] json encoder does not support JSONP/JavaScript safe escaping
Antti Haapala added the comment: My mistake in writing, json ofc does specify that control characters be escaped. Then, it needs to be pointed out that JSON module DOES not currently escape \u007f-\u009f as it maybe strictly should unicodedata.category('\u007f') 'Cc' json.dumps({'a': '\u007f'}, ensure_ascii=False) '{a: \x7f}' -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18290 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com