|
|
|
|
|
|
by xml
166 days ago
|
|
|
Were there any particular challenges when implementing your library? I have implemented my own serialization library [1] (with a focus on not allowing arbitrary code execution), but had skipped dataclasses for now, since they seemed difficult to get right. What was your experience? [1] https://github.com/99991/safeserialize Side note: I think that a warning in the README about arbitrary code execution for deserialization of untrusted inputs would be nice. |
|
|
The tricky parts were:
- Type hints - Mapping __init__ params to attributes, especially with complex types - Preserving types - Keeping tuples as tuples and sets as sets (not just lists) - Error messages - Tracking paths like obj.address.street through the whole pipeline
I checked out safeserialize, by the way—the focus on preventing arbitrary code execution is a really smart niche.