Question about deserialization security:

[YotamEN]

Hi! Firstly, great job on this NuGet :) I'm serializing a Expression<Func<MyClass, bool>> type and my question is about deserialization: Is there a way to determine the _known_types list? Or another way to make sure deserialization will only allow the types I am using? For example, in .Nets BinaryFormatter you have SerializationBinder to control the types used during deserialization, which is helpful in preventing unwanted code execution.

[esskar]

Nope. I have not.