You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using this library with a serializer, it's sometimes necessary to provide the serializer with additional kwargs. It works great within the dump_payload function. However, load_payload function doesn't supply any stored serializer_kwargs into the serializer. I'm not sure if it's done intentionally or just forgotten.
Here's the code to reproduce the problem:
import jsonpickle
from itsdangerous import Serializer
key = '123'
data = {0: 'foo', 1: "bar"}
s = Serializer(key, serializer=jsonpickle, serializer_kwargs={"keys": True})
signed = s.dumps(data)
unsigned = s.loads(signed)
print(unsigned)
# {'json://0': 'foo', 'json://1': 'bar'} - because the kwarg "keys": True was not overhanded to the loading function
The expected behavior would be to provide load_payload with **serializer_kwargs and return {0: 'foo', 1: 'bar'} in this example.
I personally opted to have separate Serializer instances for dumping and loading processes, but may it be smarter to implement a separate "deserializer_kwargs" parameter?
I see the problem that serializer_kwargs may require to be different for serializing and deserializing - that's why my suggested solution (straight-forward overhanding of serializer_kwargs into deserializer function) doesn't pass the existing tests.
Environment:
Python version: 3.12
ItsDangerous version: 2.2.0
The text was updated successfully, but these errors were encountered:
When using this library with a serializer, it's sometimes necessary to provide the serializer with additional kwargs. It works great within the
dump_payloadfunction. However,load_payloadfunction doesn't supply any storedserializer_kwargsinto the serializer. I'm not sure if it's done intentionally or just forgotten.Here's the code to reproduce the problem:
The expected behavior would be to provide
load_payloadwith**serializer_kwargsand return {0: 'foo', 1: 'bar'} in this example.I personally opted to have separate Serializer instances for dumping and loading processes, but may it be smarter to implement a separate "deserializer_kwargs" parameter?
I see the problem that serializer_kwargs may require to be different for serializing and deserializing - that's why my suggested solution (straight-forward overhanding of serializer_kwargs into deserializer function) doesn't pass the existing tests.
Environment:
The text was updated successfully, but these errors were encountered: