Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding FrameWork Django Passing objects from Django to Javascript DOM

Thread Rating:
  • 287 Vote(s) - 3.49 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
Passing objects from Django to Javascript DOM

Offline Ame393736


Member
*
Member
Posts: 0
Threads: 0
Joined: Oct 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#11
08-02-2023, 04:48 PM
Since Django 2.1 there is the [json-script template tag][1]. From the docs:

> **json_script**
>
> Safely outputs a Python object as JSON, wrapped in a <script> tag,
> ready for use with JavaScript.
>
> Argument: HTML “id” of the <script> tag.
>
> For example:
>
> {{ value|json_script:"hello-data" }}
> If value is the dictionary `{'hello': 'world'}`, the output will be:
>
> <script id="hello-data" type="application/json">
> {"hello": "world"}
> </script>
> The resulting data can be accessed in JavaScript
> like this:
>
> var value = JSON.parse(document.getElementById('hello-data').textContent);
>
> XSS attacks are mitigated by escaping the characters “<”, “>” and “&”. For
> example if value is `{'hello': 'world</script>&'}`, the output is:
>
> <script id="hello-data" type="application/json">
> {"hello": "world\\u003C/script\\u003E\\u0026amp;"}
> </script>

> This is compatible
> with a strict Content Security Policy that prohibits in-page script
> execution. It also maintains a clean separation between passive data
> and executable code.

[1]:

[To see links please register here]

Reply

Offline dorrimegapccvp


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Oct 2016
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#12
08-02-2023, 04:48 PM
For me to send the whole QuerySet (while preserving the fields names; sending `object` not `list`). I used the following

# views.py
units = Unit.objects.all()
units_serialized = serializers.serialize('json', units)
context['units'] = units_serialized

and just use `safe` tag in the template

# template.html
<script>
console.log({{units|safe}});
</script>
Reply

Offline tantrisms789985


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Apr 2023
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#13
08-02-2023, 04:48 PM
**NOTE for django 2.1**

i found this a little confusing on django documentation so simply explaining a little bit easy way.

we would normally use this like

{{ my_info }}

or loop over it depending on what we needed. But if we use the following filter,

json_script
we can safely output this value as JSON

{{ my_info|json_script:"my-info" }}
Our data has been added as JSON, wrapped in a script tag, and we can see the data. We can now use this value by looking it up in JavaScript like so:

info = JSON.parse(document.getElementById('my-info').textContent);
Reply

Offline Aartjan882091


Member
*
Member
Posts: 0
Threads: 0
Joined: Mar 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#14
08-02-2023, 04:48 PM
either;

read object using `{{ django_list }}` and then remove unwanted characters

or do;
```
{{ django_list | safe}}
```
Reply

Offline korimako961737


Member
*
Member
Posts: 0
Threads: 0
Joined: Oct 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#15
08-02-2023, 04:48 PM
Be careful on also making sure that you output JSON data correctly from Django, otherwise all trials on the frontend side will be a waste of time. In my case I could not use JsonResponse as part of the render function so I did the following:

```
def view(self, request):

data = []
machine_data = list(Machine.objects.filter(location__isnull=False).values_list('serial', 'location', 'customer__name'))
data.append({
"locations": machine_data,
})

return render(request, 'admin/company/device/map.html', {
"machines": data
})
```

And on the frontend:
```
{% block content %}

{{ machines_with_location|json_script:"machineLocationData" }}

<div id="content-main">

<h1>Title</h1>

<script type="text/javascript">

const locationDataFromJson = JSON.parse(document.getElementById('machineLocationData').textContent);

</script>

</div>

{% endblock %}
```
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through