Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean up usage of BinaryFormatter throughout codebase #1251

Closed
Tracked by #6267
GrabYourPitchforks opened this issue Jul 1, 2019 · 3 comments · Fixed by #1425
Closed
Tracked by #6267

Clean up usage of BinaryFormatter throughout codebase #1251

GrabYourPitchforks opened this issue Jul 1, 2019 · 3 comments · Fixed by #1425
Labels
area-Serialization-BinaryFormatter code cleanup cleanup code for unused apis/properties/comments - no functional changes.
Milestone
.NET 8.0

Comments

@GrabYourPitchforks
Copy link
Member

See https://github.com/dotnet/corefx/issues/38760 for more information.

There is a possibility that the BinaryFormatter type might be moved out of the shared framework in a future release. Since WinForms is part of the shared framework, the code base should begin preparing for this transition. The following steps will help ensure that if a "safe" BinaryFormatter-compatible serializer is introduced in place of the original BinaryFormatter type, WinForms will be able to drop its dependency on the legacy type and move on to the new type with minimal friction.

  1. Consider all usages of BinaryFormatter already in the code. Is it absolutely mandatory that each of these usages be present? Is there a critical business or customer scenario that this fulfills that cannot be addressed by some other technology? Consider that some types (like Delegate) which are serializable in Full Framework are not serializable in Core, so this might affect some call sites which were kept for "back compat" reasons but which were not fully tested. If a call site does not need to exist, remove it.

  2. Of the remaining usages, ensure that a type-limiting SerializationBinder is always present. Do not allow any code path which might bypass setting the SerializationBinder on the serializer instance. (This guidance only applies to call sites where Deserialize is called.)

If there are any places where these requirements cannot be met then we can work through them on a case-by-case basis. Thanks!
@merriemcgaw merriemcgaw added this to the 3.0.0-GA milestone Jul 1, 2019
@merriemcgaw
Copy link
Member

Let's look through the codebase for all usage of BinaryFormatter. I'm thinking clipboard scenarios (@Tanya-Solyanik others?) We can get back to @GrabYourPitchforks with everything we know.

@weltkante
Copy link
Contributor

weltkante commented Jul 1, 2019
edited

Clipboard and drag'n'drop of nontrivial content relies on BinaryFormatter. If you want clipboard/drag'n'drop between older Desktop Framework applications and newer .NET Core 5 applications the replacement needs to be able to produce/consume the same binary data.

@dreddy-work dreddy-work added the code cleanup cleanup code for unused apis/properties/comments - no functional changes. label Jul 10, 2019
@Tanya-Solyanik Tanya-Solyanik mentioned this issue Sep 4, 2019
Merged
@RussKie RussKie closed this as completed Sep 4, 2019
@RussKie RussKie removed this from the 3.0-GA milestone Sep 4, 2019
@Tanya-Solyanik Tanya-Solyanik mentioned this issue Sep 16, 2019
Merged
@RussKie RussKie reopened this May 25, 2021
@RussKie RussKie added this to the Future milestone May 25, 2021
RussKie added a commit to RussKie/winforms that referenced this issue May 25, 2021
@RussKie
Allow bypass BinaryFormatter in ImageListStreamer
e2edea4 
Contributes to dotnet#1251
@RussKie RussKie mentioned this issue May 25, 2021
Merged
@jeffhandley jeffhandley modified the milestones: Future, .NET 7.0 Dec 3, 2021
@merriemcgaw merriemcgaw mentioned this issue Dec 4, 2021
Open
10 tasks
@kant2002 kant2002 mentioned this issue May 2, 2022
Closed
@dreddy-work dreddy-work modified the milestones: .NET 7.0, .NET 8.0 Aug 15, 2022
@merriemcgaw
Copy link
Member

Closing this issue as dupe of #6267

@ghost ghost locked as resolved and limited conversation to collaborators Mar 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-Serialization-BinaryFormatter code cleanup cleanup code for unused apis/properties/comments - no functional changes.
Projects
None yet
Milestone
.NET 8.0
Development

Successfully merging a pull request may close this issue.

Removing or annotating Serializable attribute on winforms classes dotnet/winforms
8 participants
@jeffhandley @GrabYourPitchforks @RussKie @weltkante @JeremyKuhne @zsd4yr @merriemcgaw @dreddy-work