On my flask app I want to create a feature so a user can query the database, have the browser display the results in a table and then download it in a csv.
Is the plan I have below secure? Would end users be able to manipulate the JSON?
My overall design plan to accomplish this is as follows in pseudocode:
-
(Python) pulls Query from database and puts results in JSON using JSONIFY
-
(Python) returns JSON to Javascript file
-
(Javascript) Displays the JSON in an HTML table
-
(Javascript) User clicks button and Javascript sends JSON to flask endpoint
-
(Python) Flask endpoint converts JSON into CSV