p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #18745 - Documentation change explaining tuple to list with signing. 

Thanks to lee for the report.
This commit is contained in:
MattBlack85 2014-02-16 12:21:35 +01:00
parent 9db4271bd1
commit 653527de40
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/topics/signing.txt
View File

@ -145,7 +145,7 @@ If you wish to protect a list, tuple or dictionary you can do so using the
signing module's ``dumps`` and ``loads`` functions. These imitate Python's signing module's ``dumps`` and ``loads`` functions. These imitate Python's
pickle module, but use JSON serialization under the hood. JSON ensures that pickle module, but use JSON serialization under the hood. JSON ensures that
even if your :setting:`SECRET_KEY` is stolen an attacker will not be able even if your :setting:`SECRET_KEY` is stolen an attacker will not be able
to execute arbitrary commands by exploiting the pickle format.:: to execute arbitrary commands by exploiting the pickle format::
>>> from django.core import signing >>> from django.core import signing
>>> value = signing.dumps({"foo": "bar"}) >>> value = signing.dumps({"foo": "bar"})
@ -154,6 +154,15 @@ to execute arbitrary commands by exploiting the pickle format.::
>>> signing.loads(value) >>> signing.loads(value)
{'foo': 'bar'} {'foo': 'bar'}
Because of the nature of JSON (there is no native distinction between lists
and tuples) if you pass in a tuple, you will get a list from
``signing.loads(object)``::
>>> from django.core import signing
>>> value = signing.dumps(('a','b','c'))
>>> signing.loads(value)
['a', 'b', 'c']
.. function:: dumps(obj, key=None, salt='django.core.signing', compress=False) .. function:: dumps(obj, key=None, salt='django.core.signing', compress=False)
Returns URL-safe, sha1 signed base64 compressed JSON string. Serialized Returns URL-safe, sha1 signed base64 compressed JSON string. Serialized