2đź‘Ť
why can’t you jsonify your object? in the case you send the object (which I doubt you can unless there is some middleware handling the conversion) it will pickle it and sent it as a string, so you can always jsonify any object no matter what.
for example, if I want to sent all the info from an object named “Company”:
comp = Company.objects.all()[0]
info = {"name": comp.name, "url": comp.url, "created_on": datetime.strftime(comp.created_on, "%d-%m-%Y")}
return HttpResponse(json.dumps(info))
take into account that everything you are sending should be a string (or integer which will be automatically converted to string).
After you sent the json in your javascript you just need to get the object and parse it:
obj = JSON.parse(response)
And that’s it! Now about the security problem the only issue that comes to my mind is that you are sending information that you will probably not use like the object id, besides that there is no real security risk.
Now if what you want is to sent a rendered view so you can use the power of templates you could do this:
from django.template import Context, loader
context = Context({'user': UserObject, 'company': CompanyObject})
html_t = loader.get_template(HTML_TEMPLATE_PATH)
html = html_t.render(context)
return HttpResponse(html)
now in your ajax you will receive the rendered template which you can use right away without any need for json.