From 23fa6e54ce978055f7d4af5f5f99bc6f419f990b Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Wed, 3 Dec 2014 22:33:34 +0000
Subject: Escape \u2028 and \u2029 in JSON output.

Closes #2169.
---
 rest_framework/renderers.py | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'rest_framework/renderers.py')

diff --git a/rest_framework/renderers.py b/rest_framework/renderers.py
index e87d16d0..64ad5a06 100644
--- a/rest_framework/renderers.py
+++ b/rest_framework/renderers.py
@@ -102,6 +102,11 @@ class JSONRenderer(BaseRenderer):
         # and may (or may not) be unicode.
         # On python 3.x json.dumps() returns unicode strings.
         if isinstance(ret, six.text_type):
+            # We always fully escape \u2028 and \u2029 to ensure we output JSON
+            # that is a strict javascript subset. If bytes were returned
+            # by json.dumps() then we don't have these characters in any case.
+            # See: http://timelessrepo.com/json-isnt-a-javascript-subset
+            ret = ret.replace('\u2028', '\\u2028').replace('\u2029', '\\u2029')
             return bytes(ret.encode('utf-8'))
         return ret
 
-- 
cgit v1.2.3