Fixed a security problem caused by changed simplejson semantics.

Notice: this was never in a release version of Flask.
2010-04-19 18:51:04 +02:00 · 2010-04-19 18:51:04 +02:00 · ade490514d
commit ade490514d
parent 07e515b071
4 changed files with 16 additions and 2 deletions
--- a/docs/patterns/jquery.rst
+++ b/docs/patterns/jquery.rst
@ -77,7 +77,8 @@ inside a `script` block here where different rules apply.
   will not be parsed.  Everything until ``</script>`` is handled as script.
   This also means that there must never be any ``</`` between the script
   tags.  ``|tojson`` is kindly enough to do the right thing here and
-   escape backslashes for you.
+   escape slashes for you (``{{ "</script>"|tojson|safe }`` is rendered as
+   ``"<\/script>"``).


 JSON View Functions