Since we only unpickle data that was pickled by ourselves, I think we are safe from inlining. User-provided strings that get pickled+unpickled remain strings.
That said, I'd love to hear from Swift devs what type of complex data is actually stored pickled: depending on the answer we could use something a bit less powerful (like JSON), reducing the attack surface.
Since we only unpickle data that was pickled by ourselves, I think we are safe from inlining. User-provided strings that get pickled+unpickled remain strings.
That said, I'd love to hear from Swift devs what type of complex data is actually stored pickled: depending on the answer we could use something a bit less powerful (like JSON), reducing the attack surface.