Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time



The main feature of this library, a form of the json filter which safely embeds json in HTML, has been added to Django as json_script. Use that instead.

Building Status

A lightweight collection of JSON helpers for Django. Includes a template filter for safely outputting JSON, views that encode and decode JSON, and a helper for writing simple REST views.

A special JSON encoder is used to serialize QuerySets and objects with to_json methods.


You can serialize an object in JSON using the |json filter. This is useful to generate safe JavaScript:

{% load argonauts %}
<script type="application/javascript">
  (function () {
      var object_list = {{ object_list|json }};
      // do something with object_list

|json is safe to use anywhere in XML or XHTML except in an attribute. It's important to use this tag rather than dumping the output of json.dumps into HTML, because an attacker could output a closing tag and effect an XSS attack. For example, if we output json.dumps("</script><script>console.log('xss'); //") in template like this:

  var somedata = {{ somedata_as_json|safe }};

We get:

  var somedata = "</script>
  console.log('xss'); //";

This allows the attacker to inject their own JavaScript. The |json tag prevents this by encoding the closing </script> tag with JSON's unicode escapes. If we output {{ somedata|json }}, we get:

  var somedata = "\u0060xscript\u0062x\u0060xscript\u0062xconsole.log('xss');//";

It also escapes ampersands in order to generate valid XML. For example, with the value foo & bar:

<document><json>{{ value|json }}</json></document>
<!-- Results in valid XML:
<document><json>"foo \u0038x bar"</json></document>



JsonResponseMixin implements render_to_response method that serializes an object into a JSON response. Thus it is compatible with generic Django views:

from django.db import models
from django.views.generic.detail import BaseDetailView
from argonauts.views import JsonResponseMixin

class Blog(models.Model):
    title = models.CharField(max_length=255)
    body = models.TextField()

    def to_json(self):
        return {
            'title': self.title,
            'body': self.body,

class BlogDetailView(JsonResponseMixin, BaseDetailView):
    Detail view returning object serialized in JSON
    model = Blog


JsonRequestMixin gives access to the request data through data() method.

from django.views.generic.base import View
from argonauts.views import JsonRequestMixin:
from argonauts.http import JsonResponse

class EchoView(JsonRequestMixin, View):
    def dispatch(self, *args, **kwargs):
        return JsonResponse(


RestView is an abstract class. Subclasses should implement auth(), for handling authentication, and at least one HTTP method.

RestView implements OPTIONS http method, and inherits from JsonRequestMixin and JsonResponseMixin.

from django.core.exceptions import PermissionDenied
from argonauts.views import RestView
from .utils import get_action

class CrazyRestView(RestView):
    def auth(self, *args, **kwargs):
        if not self.request.user.is_superuser:
            raise PermissionDenied

    def post(self, *args, **kwargs):
        action = kwargs.pop('action')
        action_func = get_action(action)
        return self.render_to_response(action_func(


DEPRECATED: A lightweight collection of JSON helpers for Django.







No packages published