Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jsonify doesn't accept a list #170

Closed
kwellman opened this issue Feb 16, 2011 · 7 comments · Fixed by #1671
Closed

jsonify doesn't accept a list #170

kwellman opened this issue Feb 16, 2011 · 7 comments · Fixed by #1671

Comments

@kwellman
Copy link

I was suprised to find that jsonify(['hello', 'world']) will raise a TypeError even though

[
"hello",
"world"
]

is valid json.

I think there should be a check to see if the first argument is a list instance and just do a json dump of the first argument if it is or something like that.
@mitsuhiko
Copy link
Contributor

It's there for security reasons: http://flask.pocoo.org/docs/security/#json-security

@adamjernst
Copy link

Can we have a way around this, perhaps a kwarg like allow_lists?

I'm building a backend API with Flask and the data is public and unauthenticated, so I don't need to worry about security in this case. I respect Flask's decision to be secure by default, but it would be nice to have a way around it.

@chrispaolini
Copy link

I'm not sure what the point of the restriction is. Someone could easily just hit users/1 users/2 users/3 and such and get the JSON from each individually. All this does is stop jsonify from being useful for lists.
Is there an alternative?

@apiguy
Copy link

apiguy commented Jan 9, 2013

Top level arrays are generally considered unsafe in json responses. Armin wrote an article about it once I believe: http://flask.pocoo.org/docs/security/#json-security

It's really not difficult to just do jsonify(results=my_list) and then in your javascript access it using data.results (or whatever your client language is)

@sigmavirus24
Copy link

If you're insistent on doing this, make your own response object, import the json module, dump your list as a string and fill the response object accordingly.

@chrispaolini
Copy link

I see. So just top-level have the issues. Fair enough. Thanks for the post apiguy

@sigmavirus24 sigmavirus24 mentioned this issue Feb 1, 2013
Closed
@jgehrcke jgehrcke mentioned this issue Sep 16, 2014
Closed
@duaneking duaneking mentioned this issue Oct 19, 2014
Closed
@methane methane mentioned this issue Oct 19, 2014
Closed
6 tasks
@untitaker
Copy link
Contributor

Please continue discussion at #248

@pallets pallets locked and limited conversation to collaborators Oct 19, 2014
jackramey referenced this issue in jackramey/MTGLeague May 5, 2016
@jackramey
API now works for a set of objects
3641665
romuald pushed a commit to romuald/flask that referenced this issue May 3, 2018
@jeffwidman
Add support for serializing top-level arrays to JSON
daceb3e 
Fix pallets#170, pallets#248, pallets#510, pallets#673, pallets#1177
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for serializing top-level arrays to JSON
7 participants
@mitsuhiko @adamjernst @apiguy @sigmavirus24 @kwellman @untitaker @chrispaolini