Opened 11 years ago
Closed 11 years ago
#20701 closed New feature (duplicate)
Using python dicts directly in javascript
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Uncategorized | Version: | 1.5 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I'm using Django to push some data from python into some javascript code. So I use RequestContext to set up the variables and hen use HttpResponse to render the template with the variables.
The javascript code (highcharts) follows a similar syntax as pythons dict, namely:
name: 'Female',
color: 'rgba(223, 83, 83, .5)',
data: 161.2, 51.6], [163.8, 67.3
So I tried to directly use a python dict as a context, but got the following result:
'color': 'rgba(223, 83, 83, .5)'
'name': 'Female'
The dict data makes it into the final html, but the quotes of the string literals are respresented by '
It would be a great feature if the coupling from dict to template would work. To make this more generic maybe some preprocessing function could be defined that preps the dict data before it is pushed into the template.
This is a duplicate of #17419 which cannot be implemented without introducing major security problems (XSS). It's impossible to serialize an arbitrary data structure into JavaScript embedded in HTML with Python's
jsonmodule with adequate escaping. Trust me, I tried hard.Request the JSON blob with AJAX instead.