TypeNameHandling caution in Newtonsoft Json

asked9 years ago
last updated6 years ago
viewed21.5k times
Up Vote30Down Vote

On this link, in remarks section it's mentioned that:

TypeNameHandling should be used with caution when your application deserializes JSON from an external source. Incoming types should be validated with a custom SerializationBinder when deserializing with a value other than TypeNameHandling.None.

In what cases JSON from external source would be harmful if serialized/deserialized with TypeNameHandling.All? A working example would be appreciated.

c#serializationjson.net
edited
from the blog
Generating the PvQ Leaderboard
Getting Help in the Age of LLMs