> It's some informal notation, not really BNF, and I think it leaves it
> open which elements are allowed at the top level of a "json text" since
> it does not define what a "json text" actually is; it only defines what
> a json object and a json array is. So we should just follow the rfc4627
> which is clear about that point.
Yea, the RFC is clear about the fact that arrays are allowed as top
level elements, but it is exploitable, and it breaks the tg standard
convention of returning a dict, a string, or a list of strings that
become the body.
Of course because you can easily return a string, we're not stopping
people from using them if they really need them, they can always do
this:
return implejson.dumps(range(10))
and get what they want.
But it seems reasonable to not make using top level arrays too easy
given the security concerns, and given the fact that supporting it
would require breaking other more important features (the ability to
use generators to stream out very large data).
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
