Hello Russell
On Jul 16, 12:49 am, Russell Keith-Magee <[email protected]>
wrote:
> Sure, this _could_ be done. You can write and install custom
> serializer - you just need to work out exactly how a random database
> object is realized as a JavaScript object. The existing serializers
> should give you a reasonable idea of how to do this.
Sorry, I wasn't clear enough. I'm thinking of using a standard
serializer. So what's being sent is standard JSON.
> Has it been done already? Not to my knowledge, but I won't claim to
> have omniscient knowledge of the Django community. Google is your
> friend.
Yes, and I did look search before asking (apologies for not saying
that). Didn't find anything.
> Should it be done? I have a minor hesitation based around attack
> vectors - when sending JSON, you're sending raw data, so the potential
> for attacks is limited. However, if you're serializing objects with
> the expectation that they will be executable as received, you've
> opened up a door through which exploits could enter. Of course,
> whether this is actually a problem depends very much on how you handle
> the received objects. Caveat Emptor.
Yes, that's a good point.
> Also - keep in mind that from a Django perspective, a serializer is
> only half the job. There is also the deserializer, for converting a
> JavaScript object back into a database object. Of course, you may not
> need this for your own bespoke purposes.
Also a good point. The application I have in mind is a database that
contains help information, and I want deliver it in large pieces (or
even as one large piece) to a help widget that appears on a web page.
If you're interested, here's an example of what I want to deliver
http://www.mathtran.org/editor/
except that I want the help data to come from something like
http://www.mathtran.org/formulas/
best regards
Jonathan
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
