Escape \u2028 and \u2029 in JSON output.

Closes #2169.
author: Tom Christie 2014-12-03 22:33:34 +0000
committer: Tom Christie 2014-12-03 22:33:34 +0000
commit: 23fa6e54ce978055f7d4af5f5f99bc6f419f990b (patch)
tree: d7b9596a2d242625768da599f294dec2471a1e06 /rest_framework/renderers.py
parent: 71a8cb2282d2cb5cb92e74975f762bbdf8ff0d69 (diff)
download: django-rest-framework-23fa6e54ce978055f7d4af5f5f99bc6f419f990b.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/rest_framework/renderers.py b/rest_framework/renderers.py
index e87d16d0..64ad5a06 100644
--- a/rest_framework/renderers.py
+++ b/rest_framework/renderers.py
@@ -102,6 +102,11 @@ class JSONRenderer(BaseRenderer):
         # and may (or may not) be unicode.
         # On python 3.x json.dumps() returns unicode strings.
         if isinstance(ret, six.text_type):
+            # We always fully escape \u2028 and \u2029 to ensure we output JSON
+            # that is a strict javascript subset. If bytes were returned
+            # by json.dumps() then we don't have these characters in any case.
+            # See: http://timelessrepo.com/json-isnt-a-javascript-subset
+            ret = ret.replace('\u2028', '\\u2028').replace('\u2029', '\\u2029')
             return bytes(ret.encode('utf-8'))
         return ret
author	Tom Christie	2014-12-03 22:33:34 +0000
committer	Tom Christie	2014-12-03 22:33:34 +0000
commit	23fa6e54ce978055f7d4af5f5f99bc6f419f990b (patch)
tree	d7b9596a2d242625768da599f294dec2471a1e06 /rest_framework/renderers.py
parent	71a8cb2282d2cb5cb92e74975f762bbdf8ff0d69 (diff)
download	django-rest-framework-23fa6e54ce978055f7d4af5f5f99bc6f419f990b.tar.bz2