Sorry, other posters have picked up two of my errors. It is a while since I used application/json and I was running on (incorrect) memory. My reasoning for using plain text is as follows.
I regard parsing JSON using eval() as a security risk on the client side. If you have complete control of the server side then it is safe but I choose to be conservative and safer. I use the json2.js library to parse JSON rather than using eval() and making the MIME type text prevents accidental use of eval. Here are some links about parsing JSON. http://funkatron.com/site/comments/safely-parsing-json-in-javascript/ http://yuiblog.com/blog/2007/04/10/json-and-browser-security/ With regard to marking fields as safe - yes, Matt Hoskins is right. I have fixed that in a later version of my template but I didn't have the latest version to hand (different laptop) so I used an old version. In some cases, I don't use templates to build a JSON response. It can be straightforward to write it as a string inline. I don't personally yet use the built in Python JSON module as I don't want to limit the Python versions that I can deploy with but I am sure that I will move to this at some point. Cheers Ian On Jun 17, 9:37 am, Matt Hoskins <skaffe...@googlemail.com> wrote: > I was just copying Ian's choice of mimetype - see Ian's comment above > "I choose text/plain deliberately but you might choose text/json (or > something else)."... Although it's worth pointing out that "text/json" > shouldn't be used, since "application/json" is, as you rightly point, > the mimetype for json data :). > > On Jun 17, 9:18 am, Dmitry Dulepov <dmitry.dule...@gmail.com> wrote: > > > > > Small correction: mime type should be application/json. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
