colander
colander copied to clipboard
Pylons
A serialization/deserialization/validation library for strings, mappings and lists.
i discovered a specific vulnerability in a handful of python form validation and sanitization libraries yesterday. colander is affected. the behavior is desired in some contexts, but dangerous in most...
It would be great if colander models would be able to generate json schema. This way it would be possible to use any kind of form library that supports json...
Hello! This PR is WIP, I wanted some feedback on whether it would be useful before proceeding / fleshing it out. I wrote up a simple object serializer for colander...
I keep seeing this exception: ``` python File "/.../lib/python3.4/site-packages/colander/__init__.py", line 2174, in _unflatten_mapping subnode, subpaths, subfstruct) TypeError: unflatten() missing 1 required positional argument: 'fstruct' ``` This is with colander 1.0.
We have a scenario, say you have a message schema ``` python class MessageSchema(colander.MappingSchema): header = EventHeader() payload = Payload() ``` For the payload, you can define it like this...
I think it would help to clarify [in the documentation](https://docs.pylonsproject.org/projects/colander/en/latest/api.html#colander.DateTime) that a deserialized `datetime` object is by default _aware_ (i.e. its `tzinfo` attribute is set to a timezone object provided...
In the case where a field is a empty MappingSchema, `require=False` doesn't works. Example: - Doesn't works: https://gist.github.com/btall/e07bc025021981779d3fe3909466006f **Workaround** ``` --- schema.py 2017-05-26 16:59:00.979227881 +0200 +++ schema_workaround.py 2017-05-26 16:58:43.656278244 +0200...
Suppose I have a subclass of `list` or another class with the same "interface" (say, `PersistentList` from ZODB). There doesn't seem to be simple way to have a `SequenceSchema` deserialize...
When the parameters `true_values` and `false_values` are set for a boolean, inputs to fields of that type are checked against the values in those lists, however those input values are...
My question seems somewhat similar to other `None` related problems, e.g. https://github.com/Pylons/colander/issues/140, https://github.com/Pylons/colander/issues/186, https://github.com/Pylons/colander/issues/204. It seems to me that deserializing a `None` string should yield the same, instead of `colander.Invalid:...