What Changed
BinaryFormatter is no longer supported. Implement a converter to serialize and deserialize objects assigned to the following properties:
Reasons for Change
According to Microsoft, BinaryFormatter is unsafe and should not be used for data processing. For additional information, refer to Microsoft's BinaryFormatter security guide.
Impact on the Existing App
Custom types that use binary serialization will not be (de)serialized to XML.
How to Update the Existing App
You can (de)serialize custom types in one of the following ways:
Implement a Converter
Implement a converter (via the IOneTypeObjectConverter
interface) that converts a custom type to/from a string. This converter is invoked automatically whenever our (de)serialization mechanism encounters a registered custom type.
The following example illustrates how to create a simple converter and register it:
C#using DevExpress.Utils.Serializing.Helpers;
struct CustomType {
public readonly int Value;
public CustomType(int value) {
this.Value = value;
}
}
public class CustomTypeConverter : IOneTypeObjectConverter {
public Type Type {
get { return typeof(CustomType); }
}
public string ToString(object obj) {
return ((CustomType)obj).Value.ToString("D");
}
public object FromString(string str) {
return new CustomType(int.Parse(str));
}
}
// Register the converter at application startup.
ObjectConverter.Instance.RegisterConverter(new CustomTypeConverter());
Implement a Custom Serializer
The following code snippet illustrates how to create and register a custom serializer:
C#class CustomClassSerializer : IDataSerializer {
public static string SerializeObject(object data) {
return JsonConvert.SerializeObject(data);
}
bool IDataSerializer.CanDeserialize(string value, string typeName, object extensionProvider) {
return true;
}
bool IDataSerializer.CanSerialize(object data, object extensionProvider) {
return true;
}
object IDataSerializer.Deserialize(string value, string typeName, object extensionProvider) {
return JsonConvert.DeserializeObject<CustomClass>(value);
}
string IDataSerializer.Serialize(object data, object extensionProvider) {
return SerializeObject(data);
}
}
// Register the converter at application startup.
SerializationService.RegisterSerializer(DevExpress.DataAccess.Native.DataAccessXmlSerializerSettings.CustomSerializerName, new CustomClassSerializer());
How to Revert to Previous Behavior
The previous behavior is no longer available.