Merge pull request #2195 from tomchristie/tomchristie-escape-u2028-u2029-json

Escape \u2028 and \u2029 in JSON output.
author: Tom Christie 2014-12-05 12:35:24 +0000
committer: Tom Christie 2014-12-05 12:35:24 +0000
commit: de4ef6e3945e1281e0145d7ca19b6213f2aebfc6 (patch)
tree: 065407b1b7e444ea37ba9d18e72045fdc99cb871 /rest_framework
parent: e2b39088345e564a06ce332b740215600c29e481 (diff)
parent: 23fa6e54ce978055f7d4af5f5f99bc6f419f990b (diff)
download: django-rest-framework-de4ef6e3945e1281e0145d7ca19b6213f2aebfc6.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/rest_framework/renderers.py b/rest_framework/renderers.py
index 31d3ef5f..07f1c628 100644
--- a/rest_framework/renderers.py
+++ b/rest_framework/renderers.py
@@ -102,6 +102,11 @@ class JSONRenderer(BaseRenderer):
         # and may (or may not) be unicode.
         # On python 3.x json.dumps() returns unicode strings.
         if isinstance(ret, six.text_type):
+            # We always fully escape \u2028 and \u2029 to ensure we output JSON
+            # that is a strict javascript subset. If bytes were returned
+            # by json.dumps() then we don't have these characters in any case.
+            # See: http://timelessrepo.com/json-isnt-a-javascript-subset
+            ret = ret.replace('\u2028', '\\u2028').replace('\u2029', '\\u2029')
             return bytes(ret.encode('utf-8'))
         return ret
author	Tom Christie	2014-12-05 12:35:24 +0000
committer	Tom Christie	2014-12-05 12:35:24 +0000
commit	de4ef6e3945e1281e0145d7ca19b6213f2aebfc6 (patch)
tree	065407b1b7e444ea37ba9d18e72045fdc99cb871 /rest_framework
parent	e2b39088345e564a06ce332b740215600c29e481 (diff)
parent	23fa6e54ce978055f7d4af5f5f99bc6f419f990b (diff)
download	django-rest-framework-de4ef6e3945e1281e0145d7ca19b6213f2aebfc6.tar.bz2