marcintustin
marcintustin
I don't see a use case for this. You shouldn't be unpickling from untrusted sources because pickling inherently opens up exploits.
Ah the listing is an example of what actually happens not what you want to happen. That is bad. If you're motivated to fix this or create a suite of...
The nested things part is not done. I've only done the easiest part of protocol 4.
Please submit a minimal example of this behavior. It would be helpful if you could run the test against master as well as whichever release you're using. That way we'll...
I can import jsonpickle just fine. Would you care to describe your environment where that fails. On Wed, Jun 28, 2017 at 14:56 Steven Imle wrote: > import jsonpickle >...
It's exactly the same as cpickle. It's inherent in the pickle protocol. On Thu, Nov 9, 2017 at 08:21 Patrick D Hayes wrote: > I notice that jsonpickle provides the...
While I see where you're coming from on this, it will only work where we have a handler which allows a primitive representation of the objects. Oh and on the...
This is because methods in general aren't picklable before python 3.3; they don't have an addressable name. Implementing this across 2 and 3 (we are committed to maintaining consistent behaviour)...
2 basic options: register a specific handler with jsonpickle, or use `__reduce__` or `__reduce_ex__` to manage the serialisation.
Also, as a third option, add version tags into the state returned from **getstate**, and use **setstate** to decode the version tags. Or really, do whatever you need to do...