|
|
|
|
|
|
by meowface
4532 days ago
|
|
|
Agreeing with the other statement: a JSON deserializer should never be executing arbitrary code as part of a feature of the deserializer. YAML, Python pickle, PHP serialization, etc. all allow serialization of arbitrary class instances by default, but JSON only allows simple data types. So, no clue where you're getting that from. |
|
|