{
    "info": {
        "author": "Charlie DeTar",
        "author_email": "cfd@mdia.mit.edu",
        "bugtrack_url": null,
        "classifiers": [
            "Environment :: Web Environment",
            "Framework :: Django",
            "Framework :: Django :: 1.9",
            "Intended Audience :: Developers",
            "License :: OSI Approved :: BSD License",
            "Operating System :: OS Independent",
            "Programming Language :: Python",
            "Programming Language :: Python :: 3",
            "Programming Language :: Python :: 3.4",
            "Programming Language :: Python :: 3.5",
            "Topic :: Internet :: WWW/HTTP",
            "Topic :: Internet :: WWW/HTTP :: Dynamic Content"
        ],
        "description": "==============================================\nescapejson function and django template filter\n==============================================\n\n**JSON is not javascript.** Many developers erroneously think that they can\njust place the output of ``json.dumps(obj)`` inside ``<script>`` tags and be\ngood to go -- but this is dangerously vulnerable to cross-site scripting\nattacks from 2 important edge cases for how JSON differs from javscript: (1)\nthe handling of a literal ``</script>`` within script blocks, and (2) the\nbehavior of two pesky unicode whitespace characters.\n\nThis very simple library provides a function ``escapejson``, and a Django\ntemplate filter of the same name.  The output of ``escapejson`` should be safe\nfor inclusion in HTML ``<script>`` tags, and interpretation directly as\njavascript.\n\nNOTE: this escaping is only \"safe\" if the input is a syntactically valid JSON\nstring.  The output is NOT safe if you pass it invalid JSON, whether from\nuntrusted JSON input or from a broken encoder.  This library does not validate\nthe correctness of the JSON it is fed.  Always use a conformant JSON encoder\n(e.g. ``json.dumps``) to ensure that the JSON is valid to start with.\n\nInstallation\n============\n\n::\n\n    pip install escapejson\n\nSupports python 2.7 and 3.3+.  Supports Django 1.7, 1.8, 1.9, 1.10. (Django not required).\n\nUsage\n=====\n\nExample API usage (with or without Django)\n-----------------------------------------\n::\n\n    import json\n    from escapejson import escapejson\n\n    my_obj = {'message': '</script><script>alert(\"oh no!\")</script>'}\n    my_str = json.dumps(myobj)\n    my_safe_str = escapejson(my_str)\n\nExample Django templates usage\n------------------------------\n\nFirst, add ``\"escapejson\"`` to ``INSTALLED_APPS`` in your project's ``settings.py``.::\n\n    # settings.py\n    INSTALLED_APPS = [\n        ...,\n        \"escapejson\",\n        ...,\n    ]\n        \n\nThen, use the ``escapejson`` library and filter::\n\n    {% load escapejson %}\n\n    <script>\n        var my_obj = {{obj_or_str|escapejson}};\n    </script>\n\nThis filter will attempt to JSON-encode any non-string object that is passed to it before\nescaping, or just escape any string that is passed to it.\n\n\nWhat it protects against\n========================\n\n</script> attacks\n-----------------\n\nAny string containing a literal ``</script>`` inside javascript within HTML\nscript tags will be interpreted by modern browsers as closing the script tag,\nresulting at best in broken scripts and syntax errors, and at worst in\nfull-blown XSS.  By escaping all ``/`` characters as ``\\/`` (a valid optional\nescape in the JSON spec), this is mitigated.\n\nU+2028 and U+2029\n-----------------\n\nTwo funky unicode whitespace characters count as valid JSON, but cause syntax\nerrors in javascript.  This is mitigated by replacing the literal characters\nwith the strings ``\\u2028`` and ``\\u2029``.\n[`reference <http://timelessrepo.com/json-isnt-a-javascript-subset/>`_]",
        "description_content_type": null,
        "docs_url": null,
        "download_url": "",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://github.com/yourcelf/escapejson",
        "keywords": "",
        "license": "BSD License",
        "maintainer": "",
        "maintainer_email": "",
        "name": "escapejson",
        "package_url": "https://pypi.org/project/escapejson/",
        "platform": "",
        "project_url": "https://pypi.org/project/escapejson/",
        "project_urls": {
            "Homepage": "https://github.com/yourcelf/escapejson"
        },
        "release_url": "https://pypi.org/project/escapejson/0.2/",
        "requires_dist": null,
        "requires_python": "",
        "summary": "Escape JSON strings for safe execution as literal javascript and inclusion in HTML <script> environments",
        "version": "0.2"
    },
    "last_serial": 2333963,
    "releases": {
        "0.1": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "acf137dae4469e48c25cc3b0ee58871a",
                    "sha256": "f2726a0177b820d494426d9b29e2a74e3ac3ffa834e4654d4a722ac923ae9d8c"
                },
                "downloads": -1,
                "filename": "escapejson-0.1.tar.gz",
                "has_sig": false,
                "md5_digest": "acf137dae4469e48c25cc3b0ee58871a",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 4713,
                "upload_time": "2016-09-09T17:18:45",
                "url": "https://files.pythonhosted.org/packages/40/06/1e0c6de4ffc7b6539aba1318d54dde6af3ebe04d5643e26e344fcee20fe6/escapejson-0.1.tar.gz"
            }
        ],
        "0.2": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "c2f400945048ac0370d1521f06ea6a59",
                    "sha256": "be5dcf4f92c12582c0893b6af9a5f685b95ebc157ba69fe29bc7718691e0c7d6"
                },
                "downloads": -1,
                "filename": "escapejson-0.2.tar.gz",
                "has_sig": false,
                "md5_digest": "c2f400945048ac0370d1521f06ea6a59",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 4736,
                "upload_time": "2016-09-09T17:34:10",
                "url": "https://files.pythonhosted.org/packages/66/67/c5405fd7020718795b9e84429d8223104fdbc80b603ea63eb6a5b6072e9b/escapejson-0.2.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "c2f400945048ac0370d1521f06ea6a59",
                "sha256": "be5dcf4f92c12582c0893b6af9a5f685b95ebc157ba69fe29bc7718691e0c7d6"
            },
            "downloads": -1,
            "filename": "escapejson-0.2.tar.gz",
            "has_sig": false,
            "md5_digest": "c2f400945048ac0370d1521f06ea6a59",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 4736,
            "upload_time": "2016-09-09T17:34:10",
            "url": "https://files.pythonhosted.org/packages/66/67/c5405fd7020718795b9e84429d8223104fdbc80b603ea63eb6a5b6072e9b/escapejson-0.2.tar.gz"
        }
    ]
}