equal
deleted
inserted
replaced
25 |
25 |
26 package java.io; |
26 package java.io; |
27 |
27 |
28 /** |
28 /** |
29 * Serializability of a class is enabled by the class implementing the |
29 * Serializability of a class is enabled by the class implementing the |
30 * java.io.Serializable interface. Classes that do not implement this |
30 * java.io.Serializable interface. |
|
31 * |
|
32 * <p><strong>Warning: Deserialization of untrusted data is inherently dangerous |
|
33 * and should be avoided. Untrusted data should be carefully validated according to the |
|
34 * "Serialization and Deserialization" section of the |
|
35 * {@extLink secure_coding_guidelines_javase Secure Coding Guidelines for Java SE}. |
|
36 * {@extLink serialization_filter_guide Serialization Filtering} describes best |
|
37 * practices for defensive use of serial filters. |
|
38 * </strong></p> |
|
39 * |
|
40 * Classes that do not implement this |
31 * interface will not have any of their state serialized or |
41 * interface will not have any of their state serialized or |
32 * deserialized. All subtypes of a serializable class are themselves |
42 * deserialized. All subtypes of a serializable class are themselves |
33 * serializable. The serialization interface has no methods or fields |
43 * serializable. The serialization interface has no methods or fields |
34 * and serves only to identify the semantics of being serializable. <p> |
44 * and serves only to identify the semantics of being serializable. <p> |
35 * |
45 * |