Closed yeahframeoff closed 5 years ago
Thank you for this PR. That said, I don't think we can accept it in its current state.
To quote the Python docs:
Warning: The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
Given that users will be sending in the cursor value, we cannot treat it as a trusted source, and therefore using pickle
is out of the question.
Could you simply paginate on a different value, such as an id
, a date value, or similar? If not, we'll have to look at a safe way to encode these field values, or allow the use of unicode strings rather than requiring ASCII encoding.
In fact, I've just created PR #22 which I believe will solve your issue – could you try that out and report back please, @yeahframeoff?
@Drarok looks like #22 solves the issue in a much simpler way, so I am closing this one in favour of #22
Currently working solution does not take care of non-ascii contents of model fields. I am suggesting to have a support for those as well.