Leading Through Change with Data
COVID-19 Data Hub
COVID-19 Global Daily Tracker
Global Economy Data Track
Government Data Track
Healthcare Data Track
Leading Through Change
Leading Through Change Blog
< Back to List
Private class variables should not be included by Json.Serialize
Data Import & Integration
An Apex class' private variables should not be visible in json strings either as returns from java script remote calls or as the result of Json.Serialize(). This should be considered a security hole and if not fixed then an option provided to disable private data visibility when serialized to JSON.
- 3 years ago
- 4 years ago
- 5 years ago
Yep. That's the route we took. Biggest annoyance is the classes generated by WSDL-to-Apex have tons of private fields. However, a simple search "private" and replace with "private transient" did the trick.
Oh, and making them @isTest removed those huge classes from code coverage, too. That was important.
- 5 years ago
The Landmark © One Market St.,
San Francisco, CA 94105
If you can't find what you're looking for,
contact Salesforce Customer Support.
Powered by Community Cloud.
Learn More >
Help us to keep IdeaExchange clean by pointing out overlapping ideas. We'll investigate your suggestion and merge the ideas if it makes sense.
Thanks for your merge suggestion. We will review it shortly and merge the ideas if applicable.
Salesforce takes abuse situations very seriously. Examples of abuse include but are not limited to posting of offensive language or fraudulent statements. To help us process your request as quickly as possible, please fill out the form below describing the situation. For privacy and security reasons, the final outcome of an abuse case may not be revealed to the person who reported it.
Thank you for your feedback. We take abuse seriously and will investigate this issue and take appropriate action.