Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

system.text.json support for polymorphic serialization. #40370

Closed
qsdfplkj opened this issue Aug 5, 2020 · 2 comments
Closed

system.text.json support for polymorphic serialization. #40370

qsdfplkj opened this issue Aug 5, 2020 · 2 comments
Labels
area-System.Text.Json
Milestone
5.0.0

Comments

@qsdfplkj
Copy link
Contributor

qsdfplkj commented Aug 5, 2020
edited
Loading

There has been questions before about polymorphic (de)serialization of json. There is an argument to not support this because it opens a security vulnerability where completely unrelated classes could be instantiated and allow execute of arbitrary code. But why not allow for custom interfaces or types to be used. Just Deserialize<IMyInterface> shouldn't be causing problems?
@Dotnet-GitSync-Bot Dotnet-GitSync-Bot added area-System.Text.Json untriaged New issue has not been triaged by the area owner labels Aug 5, 2020
@Symbai
Copy link

Symbai commented Aug 5, 2020

Dupe of #29937 and #30083, please vote on both and comment on them if you support the same request.

@layomia
Copy link
Contributor

layomia commented Aug 6, 2020

Closing as dup of issues @Symbai linked above.

@layomia layomia closed this as completed Aug 6, 2020
@layomia layomia removed the untriaged New issue has not been triaged by the area owner label Aug 6, 2020
@layomia layomia added this to the 5.0.0 milestone Aug 6, 2020
@ghost ghost locked as resolved and limited conversation to collaborators Dec 7, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Text.Json
Projects
None yet
Milestone
5.0.0
Development

No branches or pull requests
4 participants
@layomia @Symbai @qsdfplkj @Dotnet-GitSync-Bot