A lightweight collection of JSON helpers for Django.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fusionbox from gravatar.com fusionbox

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License
  • Author: Fusionbox, Inc.
  • Tags rest, json, views, django, helpers
Classifiers

Project description

Building Status

A lightweight collection of JSON helpers for Django. Includes a template filter for safely outputting JSON, views that encode and decode JSON, and a helper for writing simple REST views.

A special JSON encoder is used to serialize QuerySets and objects with to_json methods.

Filter

You can serialize an object in JSON using the |json filter. This is useful to generate safe JavaScript:

{% load argonauts %}
<script type="application/javascript">
  (function () {
      var object_list = {{ object_list|json }};
      // do something with object_list
  })();
</script>

|json is safe to use anywhere in XML or XHTML except in an attribute. It’s important to use this tag rather than dumping the output of json.dumps into HTML, because an attacker could output a closing tag and effect an XSS attack. For example, if we output json.dumps("</script><script>console.log('xss'); //") in template like this:

<script>
  var somedata = {{ somedata_as_json|safe }};
</script>

We get:

<script>
  var somedata = "</script>
<script>
  console.log('xss'); //";
</script>

This allows the attacker to inject their own JavaScript. The |json tag prevents this by encoding the closing </script> tag with JSON’s unicode escapes. If we output {{ somedata|json }}, we get:

<script>
  var somedata = "\u0060xscript\u0062x\u0060xscript\u0062xconsole.log('xss');//";
</script>

It also escapes ampersands in order to generate valid XML. For example, with the value foo & bar:

<document><json>{{ value|json }}</json></document>
<!-- Results in valid XML:
<document><json>"foo \u0038x bar"</json></document>
-->

Views

JsonResponseMixin

JsonResponseMixin implements render_to_response method that serializes an object into a JSON response. Thus it is compatible with generic Django views:

from django.db import models
from django.views.generic.detail import BaseDetailView
from argonauts.views import JsonResponseMixin

class Blog(models.Model):
    title = models.CharField(max_length=255)
    body = models.TextField()

    def to_json(self):
        return {
            'title': self.title,
            'body': self.body,
        }

class BlogDetailView(JsonResponseMixin, BaseDetailView):
    """
    Detail view returning object serialized in JSON
    """
    model = Blog

JsonRequestMixin

JsonRequestMixin gives access to the request data through data() method.

from django.views.generic.base import View
from argonauts.views import JsonRequestMixin:
from argonauts.http import JsonResponse

class EchoView(JsonRequestMixin, View):
    def dispatch(self, *args, **kwargs):
        return JsonResponse(self.data())

RestView

RestView is an abstract class. Subclasses should implement auth(), for handling authentication, and at least one HTTP method.

RestView implements OPTIONS http method, and inherits from JsonRequestMixin and JsonResponseMixin.

from django.core.exceptions import PermissionDenied
from argonauts.views import RestView
from .utils import get_action

class CrazyRestView(RestView):
    def auth(self, *args, **kwargs):
        if not self.request.user.is_superuser:
            raise PermissionDenied

    def post(self, *args, **kwargs):
        action = kwargs.pop('action')
        action_func = get_action(action)
        return self.render_to_response(action_func(self.data()))

Changelog

1.2.0 (2016-09-20)

  • Add support for requests without a Content-Type header to JsonTestClient

  • Remove support for old versions of Django (<= 1.7)

1.1.4 (2015-07-29)

  • Tests mocked http requests don’t always have charset

1.1.3 (2015-05-27)

  • Fixed package (include the CHANGELOG in MANIFEST.in)

1.1.2 (2015-05-27)

  • Added JsonTestCase and JsonTestMixin

1.1.1 (2015-04-20)

  • Fixed package

1.1.0 (2015-04-20)

Cleanup:

  • Dropped support for Django 1.3

  • Added support for Python 3

  • Updated documentation

  • Switched testing to py.test

  • Switched to zest.releaser

1.0.1 (2013-10-06)

  • Fixed tests

1.0.0 (2013-07-05)

Initial release:

  • Extracted from django-fusionbox

  • Safe JSON Serializer

  • Safe JSON template filter

  • JSON Views

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fusionbox from gravatar.com fusionbox

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License
  • Author: Fusionbox, Inc.
  • Tags rest, json, views, django, helpers
Classifiers

Release history Release notifications | RSS feed

This version

1.2.0

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-argonauts-1.2.0.tar.gz (7.4 kB view details)

Uploaded Source

File details

Details for the file django-argonauts-1.2.0.tar.gz.

File metadata

File hashes

Hashes for django-argonauts-1.2.0.tar.gz
Algorithm Hash digest
SHA256 7a41748545c839ed8145036c0b9f2d0cd03fa856ee77aa0f6ba4d96e4086811a
MD5 22e8d2efc63eea80c714bfb38a2956a0
BLAKE2b-256 00fa440898ae46aceb7094d3b5b2bdd5f63a2190b80e21becf46609aa4ef6571

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page