Raise exception if invalid JSON numbers are encountered.

2025-03-31 11:37:06 +00:00 · 2023-12-05 20:02:56 +00:00 · 2023-12-05 20:02:56 +00:00 · e9a18b4a2a
commit e9a18b4a2a
parent 8eb9dab0ca
2 changed files with 16 additions and 1 deletions
--- a/django/http/parsers.py
+++ b/django/http/parsers.py
@ -70,6 +70,11 @@ class JSONParser(BaseParser):
    def parse(self, request):
        from django.http import HttpRequest

+        def strict_constant(o):
+            raise ValueError(
+                "Out of range float values are not JSON compliant: " + repr(o)
+            )
+
        if isinstance(request, HttpRequest):
            request = request.body
-        return json.loads(request), MultiValueDict()
+        return json.loads(request, parse_constant=strict_constant), MultiValueDict()
--- a/tests/requests_tests/test_parsers.py
+++ b/tests/requests_tests/test_parsers.py
@ -60,3 +60,13 @@ class TestParsers(SimpleTestCase):
        msg = "You cannot change parsers after processing the request's content."
        with self.assertRaisesMessage(AttributeError, msg):
            request.parsers = []
+
+    def test_json_strict(self):
+        parser = JSONParser()
+
+        msg_base = "Out of range float values are not JSON compliant: '%s'"
+        for value in ["Infinity", "-Infinity", "NaN"]:
+            with self.subTest(value=value):
+                msg = msg_base % value
+                with self.assertRaisesMessage(ValueError, msg):
+                    parser.parse(bytes(value.encode()))