Json response list with django

Question

I want to use typeahead.js in my forms in Django 1.7. Furthermore I want to implement that using class based views.

As far as I understand the problem, I need to create a view that generates a JSON response for the ajax request coming from typeahead.js.

Is it a good idea to use django-braces for that?

What I have so far is this:

from braces.views import JSONResponseMixin

[...]

class TagList(JSONResponseMixin, ListView):
    """
    List Tags
    """
    model = Tag
    context_object_name = 'tags'

    def get(self, request, *args, **kwargs):
        objs = self.object_list()

        context_dict = {
            "name": <do something with "obs" to get just the name fields>
            "color": <do something with "obs" to get just the color fields>
        }

        return self.render_json_response(context_dict)

That's where I'm stuck at the moment. Am I on the right path? Or would it even be possible (and easy) to go without a third party app?

Answer 1

Serializing non-dictionary objects¶

In order to serialize objects other than dict you must set the safe parameter to False:

response = JsonResponse([1, 2, 3], safe=False)

https://docs.djangoproject.com/en/1.10/ref/request-response/#jsonresponse-objects

Edit:

But please be aware that this introduces a potentially serious CSRF vulnerability into your code [1] and IS NOT RECOMMENDED by the Django spec, hence it being called unsafe. If what you are returning requires authentication and you don't want a third party to be able to capture it then avoid at all costs.

In order to mitigate this vulnerability, you should wrap your list in a dictionary like so: {'context': ['some', 'list', 'elements']}

[1] https://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx/