Fixed #18745 - Documentation change explaining tuple to list with signing.

Thanks to lee for the report.
2014-02-16 12:21:35 +01:00 · 2014-02-16 12:21:35 +01:00 · 653527de40
parent 9db4271bd1
commit 653527de40
1 changed files with 10 additions and 1 deletions
--- a/docs/topics/signing.txt
+++ b/docs/topics/signing.txt
@ -145,7 +145,7 @@ If you wish to protect a list, tuple or dictionary you can do so using the
 signing module's ``dumps`` and ``loads`` functions. These imitate Python's
 pickle module, but use JSON serialization under the hood. JSON ensures that
 even if your :setting:`SECRET_KEY` is stolen an attacker will not be able
-to execute arbitrary commands by exploiting the pickle format.::
+to execute arbitrary commands by exploiting the pickle format::

    >>> from django.core import signing
    >>> value = signing.dumps({"foo": "bar"})
@ -154,6 +154,15 @@ to execute arbitrary commands by exploiting the pickle format.::
    >>> signing.loads(value)
    {'foo': 'bar'}

+Because of the nature of JSON (there is no native distinction between lists
+and tuples) if you pass in a tuple, you will get a list from
+``signing.loads(object)``::
+
+    >>> from django.core import signing
+    >>> value = signing.dumps(('a','b','c'))
+    >>> signing.loads(value)
+    ['a', 'b', 'c']
+
 .. function:: dumps(obj, key=None, salt='django.core.signing', compress=False)

    Returns URL-safe, sha1 signed base64 compressed JSON string. Serialized