On 20/01/12 08:47, Aymeric Augustin wrote: > 2012/1/20 Łukasz Rekucki <lreku...@gmail.com <mailto:lreku...@gmail.com>> > > We all know browsers won't crash and they will render the page exactly > the same. I volunteer to fix any issues in the test suite (considering > the hash changes also between 32-bit/64-bit Python, i'm not sure there > are even any or we would get a report on that, wouldn't we ?). > > I think it's important for the Django core team to voice their opinion > on this matter in python-dev. > > Hello Łukasz, > > I absolutely agree -- code that relies on a deterministic dictionary > order is broken and should be fixed.
I agree with this completely, and Carl's post: http://mail.python.org/pipermail/python-dev/2012-January/115700.html Whether this should be fixed in Python or not is a different question. Most of the web specific problems can be fixed relatively easily with HTTP specific solutions and limits. We can easily change how we handle POST and GET data to a protected solution (by length limitation or a custom datastructure), and we can protect cookie parsing using simple length limits (and continue using stdlib SimpleCookie). However, JSON parsing, which is a common task for web sites, is much harder to fix, because almost by definition you've got to return dictionaries with arbitrary keys and arbitrary size, and because as a framework we don't control how developers do JSON parsing. Luke -- "Cross country skiing is great if you live in a small country." (Steven Wright) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
