Comments (4)
rowstop
commented on June 12, 2024
这是个不安全的特性,现在使用 AutoTypeBeforeHandler 、JSONReader.autoTypeFilter()实现
from fastjson2.
qingcaoDE
commented on June 12, 2024
您看这样对吗 意思是 我不需要写这个枚举了直接带进来一个 指定类名前缀的autoTypeFilter就可以实现了吗
//当打开AutoTypeSupport,
// 虽然内置了一个比较广泛的黑名单,但仍然是不够安全的。
// 下面有一种办法是控制当前调用的AutoType支持范围,避免全局打开,这个更安全。
static final Filter autoTypeFilter = JSONReader.autoTypeFilter(
// 按需加上需要支持自动类型的类名前缀,范围越小越安全
"com.xxx"
);
@Override
public T deserialize(byte[] bytes) throws SerializationException {
if (bytes == null || bytes.length <= 0) {
return null;
}
String str = new String(bytes, DEFAULT_CHARSET);
return JSON.parseObject(str, clazz, autoTypeFilter,
JSONReader.Feature.FieldBased
);
}
from fastjson2.
rowstop
commented on June 12, 2024
看起来是可以的,
com.alibaba.fastjson2.filter.ContextAutoTypeBeforeHandler#ContextAutoTypeBeforeHandler(boolean, java.lang.String...)
这里已经内置了一些类型的支持,额外的需要自己补充
from fastjson2.
qingcaoDE
commented on June 12, 2024
好的 谢谢您
from fastjson2.
Related Issues (20)
- [QUESTION]如何在自定义序列化时实现某条件满足时忽略该字段的序列化 HOT 3
- [BUG] Parcelable 序列化以后的类,转换成json格式,多了一个{"stability":0}}字段 HOT 2
- [FEATURE] 请问是否有考虑支持JSONQuery? HOT 1
- [FEATURE] 兼容jackson的序列化/反序列化注解 HOT 1
- [FEATURE] 不同类集合间的复制实现 HOT 1
- 后台返回出现JSON前边乱码请问怎么解决 HOT 5
- [BUG] 将localdatetime put到jsonobject,再次输出时候T不见了 HOT 2
- [BUG]JSON.isValid()方法抛出了异常 HOT 2
- [FEATURE] 自定义反序列化/序列化的时候, 可以通过@JSONField传递参数到ObjectReader的readObject方法?
- [BUG]反序列化报错 JSONException HOT 1
- [QUESTION] 从1.x升级后JSON.toJSON() 方法遇到的问题 HOT 1
- [BUG]JSONPath不支持中划线 HOT 7
- [BUG]枚举类型反序列化问题 HOT 1
- [BUG] 反序列化时JSONObject字段出现{"h":{***}}结构 HOT 6
- [BUG]Dubbo Tri协议调用序列化报错 HOT 7
- [BUG] wiki描述有误
- [BUG] 反序列化null的list报错 HOT 7
- [BUG] 版本2.0.46 引用类型、Boolean、Short 不支持JSONWriter.Feature.WriteNulls HOT 6
- [BUG]2.0.45 JSONObject 反系列化字段结果为null HOT 4
- 支持jsonschema数据的fake
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fastjson2.