http://turbogears.readthedocs.io/en/latest/reference/config-options.html#json-encoding
Just set json.allow_lists = True in your app_cfg.py On Wed, Jul 27, 2016 at 3:52 AM, Uwe Schroeder <[email protected]> wrote: > Hi all, > > so I ran into the issue to return a list via JSON, which turbogears > doesn't let me. To my understanding the vulnerability in question only > exists for GET requests – at least with any half way modern browser. So > wouldn't it be more consistent to only restrict json array returns if the > request was a GET and not a POST ? > > The problem I have with this is using a 3rd party software which requires > an array response (and no, it's not critical data so I couldn't care less > if anyone stole something that's indexed on google anyways). > > Sure it's easy to change in tg/controllers/decoratedcontroller.py – but I > rather stick to stock TG as much as possible (already have a bunch of hacks > in place which makes it a pain to upgrade) > > Thanks > > Uwe > > -- > You received this message because you are subscribed to the Google Groups > "TurboGears" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/turbogears. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/turbogears. For more options, visit https://groups.google.com/d/optout.
