Safety of passing python list to javascript through jinja template

Question

Just like the question posed here, I have a list in one of my Flask app's routes:

my_list = ['a', 'b', 'c']

The number of elements in the list depends on user input, but the elements themselves are strings from elsewhere in the program that the user doesn't have control over. I'm wondering whether it's safe to use this list in a <script></script> tag in my template. I'm using the python list as a javascript array using the tojson filter. This works in my development server just fine, but my code editor is pointing out 6 problems.

    $(document).ready(function() {
        var my_array = {{ my_list|tojson }};
        for (let index = 0; index < my_array.length; index++) {
            console.log(my_array[index]);
        }
    });

Property assignment expected. [line 2] 
',' expected. [line 2]
',' expected. [line 2]
')' expected. [line 2]
Declaration or statement expected. [line 6]
Declaration or statement expected. [line 6]

Is this just erroneous flagging from my linter or do I need another way to use the python list in my javascript? Wondering whether this will cause any security issues when I deploy the app.

Is this a jinja template? What extensions does this file have? Probably editor thinks that it's a js file, maybe cause it has `.js` extansion. Try to change extension to `.jinja` (or something like this) — ujlbu4, Sep 13 '20 at 21:50
This is all in a `.html` file, with the scripting inside a `` tag. — Rob, Sep 15 '20 at 05:10

Safety of passing python list to javascript through jinja template

0 Answers0