I want to know if python's json.dumps
method's output is safe for rendering directly into html/js script without escaping.
my_dict = {...}
my_dict_json_str = json.dumps(my_dict)
and then rendering this
<script>
var my_dict = {{my_dict_json_str}};
</script>
Does this work every time or are there some characters that will break it?
json.dumps
is not safe for html use without proper escaping.
>>> json.dumps({"one": "</script>"})
'{"one": "</script>"}'
This behaviour can break your html.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.