There is an unsaved comment in progress. You will lose your changes if you continue. Are you sure you want to reopen the work item?
JsonTypeReflector.DynamicCodeGeneration Security Issue
I think there is an issue with the way JsonTypeReflector.DynamicCodeGeneration is set. It is a lazy static getter that is never updated. The value of JsonTypeReflector.DynamicCodeGeneration depends on security level access:
If a unrestricted AppDomain first deserialized an object, JsonTypeReflector.DynamicCodeGeneration will be set to True. Then if we deserialize an object through another AppDomain that is restricted, DynamicCodeGeneration is not updated, so the DynamicReflectionDelegateFactory.CreateDynamicMethod
will throw an exception.
My fix is to re initialize JsonTypeReflector.DynamicCodeGeneration before each deserialization, because you can never know what permission you have statically and for all the life of the app domain.