Workaround potential JSON XSRF attacks in browsers

nyren · nyren · commit 98c81269493e · 2011-07-21T17:09:19.000+02:00
diff --git a/occi/http/content_json.py b/occi/http/content_json.py
@@ -84,7 +84,10 @@ def _render_obj_list(self, objects):
         json_data = []
         for obj in objects:
             json_data.append(self._json_obj(obj))
-        return json_data
+
+        # Workaround JSON array vulnerability in browser JavaScript
+        # implementations
+        return { 'collection': json_data }
 
     def _json_obj(self, obj):
         """Render `DataObject` into a JSON-friendly dictionary structure.
@@ -164,7 +167,6 @@ def _json_obj(self, obj):
 
         return json_obj
 
-
 def register():
     register_parser(CONTENT_TYPE, JSONParser)
     register_renderer(CONTENT_TYPE, JSONRenderer)
