From 23fa6e54ce978055f7d4af5f5f99bc6f419f990b Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 3 Dec 2014 22:33:34 +0000 Subject: [PATCH] Escape \u2028 and \u2029 in JSON output. Closes #2169. --- rest_framework/renderers.py | 5 +++++ tests/test_renderers.py | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/rest_framework/renderers.py b/rest_framework/renderers.py index e87d16d0d..64ad5a065 100644 --- a/rest_framework/renderers.py +++ b/rest_framework/renderers.py @@ -102,6 +102,11 @@ class JSONRenderer(BaseRenderer): # and may (or may not) be unicode. # On python 3.x json.dumps() returns unicode strings. if isinstance(ret, six.text_type): + # We always fully escape \u2028 and \u2029 to ensure we output JSON + # that is a strict javascript subset. If bytes were returned + # by json.dumps() then we don't have these characters in any case. + # See: http://timelessrepo.com/json-isnt-a-javascript-subset + ret = ret.replace('\u2028', '\\u2028').replace('\u2029', '\\u2029') return bytes(ret.encode('utf-8')) return ret diff --git a/tests/test_renderers.py b/tests/test_renderers.py index 416d7f224..61dd7c7af 100644 --- a/tests/test_renderers.py +++ b/tests/test_renderers.py @@ -384,6 +384,15 @@ class UnicodeJSONRendererTests(TestCase): content = renderer.render(obj, 'application/json') self.assertEqual(content, '{"countries":["United Kingdom","France","EspaƱa"]}'.encode('utf-8')) + def test_u2028_u2029(self): + # The \u2028 and \u2029 characters should be escaped, + # even when the non-escaping unicode representation is used. + # Regression test for #2169 + obj = {'should_escape': '\u2028\u2029'} + renderer = JSONRenderer() + content = renderer.render(obj, 'application/json') + self.assertEqual(content, '{"should_escape":"\\u2028\\u2029"}'.encode('utf-8')) + class AsciiJSONRendererTests(TestCase): """