Comments (6)
maxkylu
commented on June 29, 2024
This script reproduces the error independent from django
import jsonpickle
########################################
### Verbatim copy from django 4.2.11 ###
########################################
class SafeData:
__slots__ = ()
def __html__(self):
"""
Return the html representation of a string for interoperability.
This allows other template engines to understand Django's SafeData.
"""
return self
class SafeString(str, SafeData):
"""
A str subclass that has been specifically marked as "safe" for HTML output
purposes.
"""
__slots__ = ()
def __add__(self, rhs):
"""
Concatenating a safe string with another safe bytestring or
safe string is safe. Otherwise, the result is no longer safe.
"""
t = super().__add__(rhs)
if isinstance(rhs, SafeData):
return SafeString(t)
return t
def __str__(self):
return self
def __str__(self):
return self
### End copy from django 4.2.11 ###
s = SafeString("hi")
pickled = jsonpickle.encode(s)
print(pickled)
jsonpickle.decode(pickled)
from jsonpickle.
maxkylu
commented on June 29, 2024
This is an minimal reproducing example:
import jsonpickle
class SafeData:
__slots__ = ()
class SafeString(str, SafeData):
__slots__ = ()
s = SafeString("hi")
pickled = jsonpickle.encode(s)
print(pickled)
jsonpickle.decode(pickled)
from jsonpickle.
Theelx
commented on June 29, 2024
Hey, thanks for reporting this! Sorry for the late response, I've been busy with schoolwork. I'll take a look at this shortly.
from jsonpickle.
Theelx
commented on June 29, 2024
This looks to be very similar to #422 (comment). In that case, the issue is because the attribute is being inherited from a class implemented in C, which can make read-only attributes. The fix I implemented in that case was to skip it for subclasses of int, but since this is happening for subclasses of str too, I'll add str to the list of parent classes that can be skipped. Eventually, I'll make a more flexible check that doesn't require us to whitelist types, but that's going to have to be on the TODO list for now.
from jsonpickle.
maxkylu
commented on June 29, 2024
Thank you for this speedy fix.
Question: Wouldn't it be better to fix the pickler to not pickle the read only attributes? The pickled string methods actually only spam the serialized data.
from jsonpickle.
Theelx
commented on June 29, 2024
I thought about that, but I didn't bother trying because I didn't think it would be serializable if it didn't include that data. However, you make a good point that read-only attributes won't change and so they spam the serialized data. I'll look into working around that that, hopefully I can get a change landed soon to reduce the spammed read-only attributes while still preserving unpickleability.
from jsonpickle.
Related Issues (20)
- datetime.timedelta not picklable if unpicklable == False HOT 8
- Decoding datetime with tzinfo raises TypeError HOT 6
- Memory use on Linux vs Mac HOT 2
- Error with strides deserializing complex NumPy array HOT 4
- dictionary arguments are turned into strings HOT 2
- cyfunction support HOT 3
- [Wishlist] A way to pass down custom data/context recursively to custom handlers. HOT 4
- Dictionary subclasses with referencing are encoded/decoded incorrectly HOT 1
- encode ignores __getstate__ returning empty dict HOT 2
- Pandas series with object type get converted to strings
- tests/pandas_test.py::test_timedelta_index_roundtrip fails when pandas are built with Cython-3 HOT 7
- .asc missing on pypi for 3.0.2 HOT 2
- Complete compliance steps in Tidelift HOT 4
- RFE: is it possible to start making github releases?🤔 HOT 4
- Project's URL is not up-to-date HOT 3
- wrong encoding for decorator objects HOT 1
- Converts objects of a subclass to a superclass HOT 1
- Register handlers for dicts HOT 6
- Add a "Usage" section to the README HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jsonpickle.