▲ | grey-area a day ago | |
Yes they are a horrible idea for many reasons, not just security. It’s like a hidden ill-defined poorly understood dsl in strings. You can just not use them though - you can unmarshal to a map instead and select the keys you want, perform validation etc and then set the values. Same when publishing - I prefer to have an explicit view which defines the keys exposed rather than than publishing all by default based on these poorly understood string keys attached to types. |