jsonify and return a list #168

Closed
tzulberti opened this Issue Feb 12, 2011 · 2 comments

Comments

3 participants
@tzulberti

I tryed to do the following:
term = request.args.get('term')
query = db.session.query(Class)
query = query.filter(Class.name.like('%s%%' % term))
return jsonify ([{'label' : klass.name } for klass in query.all()])

and it returned the following excpetion:
File "C:\Users\tzulberti\envs\uml\lib\site-packages\flask-0.6.1-py2.7.egg\flask\app.py", line 889, in call
return self.wsgi_app(environ, start_response)
File "C:\Users\tzulberti\envs\uml\lib\site-packages\flask-0.6.1-py2.7.egg\flask\app.py", line 879, in wsgi_app
response = self.make_response(self.handle_exception(e))
File "C:\Users\tzulberti\envs\uml\lib\site-packages\flask-0.6.1-py2.7.egg\flask\app.py", line 876, in wsgi_app
rv = self.dispatch_request()
File "C:\Users\tzulberti\envs\uml\lib\site-packages\flask-0.6.1-py2.7.egg\flask\app.py", line 695, in dispatch_request
return self.view_functionsrule.endpoint
File "E:\Proyectos\pywebuml\src\pywebuml\web.py", line 50, in autocomplete_search
return jsonify([{'label' : klass.name } for klass in query.all()])
File "C:\Users\tzulberti\envs\uml\lib\site-packages\flask-0.6.1-py2.7.egg\flask\helpers.py", line 106, in jsonify
return current_app.response_class(json.dumps(dict(_args, *_kwargs),
ValueError: dictionary update sequence element #0 has length 1; 2 is required

But when using from json import dump the result of the query is returned without any problem.
ValueError: dictionary update sequence element #0 has length 1; 2 is required

@mitsuhiko

This comment has been minimized.

Show comment Hide comment
@mitsuhiko

mitsuhiko Feb 12, 2011

Member

For security reasons only dictionaries can be returned. Return a dictionary with a single key:

return jsonify(items=[... for x in iterable[)

http://flask.pocoo.org/docs/security/#json-security

Member

mitsuhiko commented Feb 12, 2011

For security reasons only dictionaries can be returned. Return a dictionary with a single key:

return jsonify(items=[... for x in iterable[)

http://flask.pocoo.org/docs/security/#json-security

@sssilver

This comment has been minimized.

Show comment Hide comment
@sssilver

sssilver Aug 25, 2015

Since ECMAScript 5 has fixed the security problem, should we reopen this?

Since ECMAScript 5 has fixed the security problem, should we reopen this?

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment