Muokkaa

Jaa


Mitigation: Serialization of control characters with the DataContractJsonSerializer

Starting with .NET Framework 4.7, the way in which control characters are serialized with the DataContractJsonSerializer has changed to conform to ECMAScript V6 and V8.

Impact

In .NET Framework 4.6.2 and earlier versions, the DataContractJsonSerializer did not serialize some special control characters, such as \b, \f, and \t, in a way that was compatible with the ECMAScript V6 and V8 standards.

For apps that target versions of .NET Framework starting with .NET Framework 4.7, serialization of these control characters is compatible with ECMAScript V6 and V8. The following APIs are affected:

Mitigation

For apps that target versions of .NET Framework starting with .NET Framework 4.7, this behavior is enabled by default.

If this behavior is not desirable, you can opt out of this feature by adding the following line to the <runtime> section of the app.config or web.config file:

<runtime>
   <AppContextSwitchOverrides value="Switch.System.Runtime.Serialization.DoNotUseECMAScriptV6EscapeControlCharacter=false" />
</runtime>

See also