System.Text.Json.JsonSerializer does not support System.Data.DataTable

[chenyj796]

Description

I want to serialize a DataTable use JsonSerializer:

class Program
{
    class User
    {
        public string Name { get; set; }
    }

    static void Main(string[] args)
    {
        var user = new User { Name = "abc" };

        var table = new System.Data.DataTable();
        table.Columns.Add(new System.Data.DataColumn(nameof(User.Name)));

        var row = table.NewRow();
        row[nameof(User.Name)] = user.Name;
        table.Rows.Add(row);

        var json = System.Text.Json.JsonSerializer.Serialize(table);
    }
}

and it throws an exception:

System.NotSupportedException
  HResult=0x80131515
  Message=Serialization and deserialization of 'System.Type' instances are not supported and should be avoided since they can lead to security issues. Path: $.Columns.DataType.
  Source=System.Text.Json
  StackTrace:
   at System.Text.Json.ThrowHelper.ThrowNotSupportedException(WriteStack& state, NotSupportedException ex)
   at System.Text.Json.Serialization.JsonConverter`1.WriteCore(Utf8JsonWriter writer, T& value, JsonSerializerOptions options, WriteStack& state)
   at System.Text.Json.JsonSerializer.WriteCore[TValue](JsonConverter jsonConverter, Utf8JsonWriter writer, TValue& value, JsonSerializerOptions options, WriteStack& state)
   at System.Text.Json.JsonSerializer.WriteCore[TValue](Utf8JsonWriter writer, TValue& value, Type inputType, JsonSerializerOptions options)
   at System.Text.Json.JsonSerializer.Serialize[TValue](TValue& value, Type inputType, JsonSerializerOptions options)
   at System.Text.Json.JsonSerializer.Serialize[TValue](TValue value, JsonSerializerOptions options)
   at ConsoleApp3.Program.Main(String[] args) in C:\Users\Administrator\source\repos\ConsoleApp3\ConsoleApp3\Program.cs:line 24

  此异常最初是在此调用堆栈中引发的: 
    [外部代码]

内部异常 1:
NotSupportedException: Serialization and deserialization of 'System.Type' instances are not supported and should be avoided since they can lead to security issues.

When I serialize the DataTable use JsonConvert, it works fine.

var json = Newtonsoft.Json.JsonConvert.SerializeObject(table);

I will get the json as below:

[{"Name":"abc"}]

Other information

PS> dotnet --version
5.0.100-preview.8.20417.9

[ghost]

Tagging subscribers to this area: @roji, @ajcvickers
See info in area-owners.md if you want to be subscribed.

[ANahr]

I'd say that this is by design and the exception-message is pretty clear about it:
"Serialization and deserialization of 'System.Type' instances are not supported and should be avoided since they can lead to security issues. Path: $.Columns.DataType.

[am11]

Related issue #29959

[chenyj796]

@ANahr So I'm going to keep using the JsonConvert?

[reflectronic]

You may want to look at the recently published security guidance for DataTable serialization. The article even directly mentions how using Newtonsoft.Json's JsonConvert provides a way for attackers to execute a denial of service attack on your application.

[layomia]

Closing as dup of https://github.com/dotnet/runtime/issues/29959. Triage - https://github.com/dotnet/runtime/issues/29959#issuecomment-690595375.