Refs #36905 -- Moved JSONResponse safe param discussion to versionchanged box.

Follow-up to 6e15ac8066312328de279e3e072667416c205bfc.

1 files changed, 6 insertions, 17 deletions

diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt
index 1ca5cb0c78..9ab3127df0 100644
--- a/docs/ref/request-response.txt
+++ b/docs/ref/request-response.txt
@@ -1267,32 +1267,21 @@ Typical usage could look like:
 Serializing non-dictionary objects
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-In order to serialize objects other than ``dict`` you must set the ``safe``
-parameter to ``False``:
+Objects other than ``dict`` can be serialized:
 
 .. code-block:: pycon
 
-    >>> response = JsonResponse([1, 2, 3], safe=False)
-
-Without passing ``safe=False``, a :exc:`TypeError` will be raised.
+    >>> response = JsonResponse([1, 2, 3])
 
 Note that an API based on ``dict`` objects is more extensible, flexible, and
 makes it easier to maintain forwards compatibility. Therefore, you should avoid
-using non-dict objects in JSON-encoded response.
-
-.. warning::
-
-    Before the `5th edition of ECMAScript
-    <https://262.ecma-international.org/5.1/#sec-11.1.4>`_ it was possible to
-    poison the JavaScript ``Array`` constructor. For this reason, Django does
-    not allow passing non-dict objects to the
-    :class:`~django.http.JsonResponse` constructor by default. However, most
-    modern browsers implement ECMAScript 5 which removes this attack vector.
-    Therefore it is possible to disable this security precaution.
+using non-dict objects in JSON-encoded responses.
 
 .. versionchanged:: 6.2
 
-    In earlier versions, the ``safe`` parameter defaulted to ``True``.
+    In earlier versions, it was necessary to pass ``safe=False`` to serialize
+    other objects besides dictionaries, as the (now deprecated) ``safe``
+    parameter defaulted to ``True``, raising :exc:`TypeError`.
 
 .. deprecated:: 6.2