Closed gamesbook closed 4 years ago
The code that is needed is as follows:
try: # JsonResponse is only available in Django >= 1.7
from django.http import JsonResponse
except ImportError:
from django.utils import simplejson
from django.http import HttpResponse
class JsonResponse(HttpResponse):
"""
JSON response
"""
def __init__(self, content, mimetype='application/json', status=None, content_type=None):
super(JsonResponse, self).__init__(
content=simplejson.dumps(content),
mimetype=mimetype,
status=status,
content_type=content_type,
)
and this should replace the first import of JsonResponse
in smart_selects/views.py
Closing old issue, no activity. Please reopen if necessary.
All versions of django-smart-selects prior to version 1.2.8 are vulnerable to an XSS attack as detailed in issue 171. As a result, all previous versions have been removed from PyPI to prevent users from installing insecure versions. All users are urged to upgrade as soon as possible.
I have to support an older project installed using Django 1.6 (until its ready to be upgraded). Because of the above security issue, I am no longer able to install the previously used version of django-smart-selects and instead had to use 1.2.9 (the oldest earliest). I found I needed to make a small patch for the use of JsonResponse in Django 1.6; my sense is this would not affect anything else -- can I make a pull request to include this patch in version 1.2.9?