Breaking change - System.Text.Json (#44946)

Cam Soper · gewarren · web-flow · commit d864442a4126 · 2025-02-21T00:01:05.000Z
* Fixes 44172

* build fix

* 44172

* lint

* Build

* whoops

* titles

* whoops

* Feedback

* wip

* formatting

* lint

* toc and misc

* path

* review feedback

* Apply suggestions from code review

Co-authored-by: Genevieve Warren &lt;24882762+gewarren@users.noreply.github.com&gt;

---------

Co-authored-by: Genevieve Warren &lt;24882762+gewarren@users.noreply.github.com&gt;
diff --git a/docs/core/compatibility/9.0.md b/docs/core/compatibility/9.0.md
@@ -112,10 +112,11 @@ If you're migrating an app to .NET 9, the breaking changes listed here might aff
 
 ## Serialization
 
-| Title                                                                         | Type of change    | Introduced version |
-|-------------------------------------------------------------------------------|-------------------|--------------------|
-| [BinaryFormatter always throws](serialization/9.0/binaryformatter-removal.md) | Behavioral change | Preview 6          |
-| [Nullable JsonDocument properties deserialize to JsonValueKind.Null](serialization/9.0/jsondocument-props.md) | Behavioral change | Preview 1          |
+| Title                                                                                                               | Type of change    | Introduced version |
+|---------------------------------------------------------------------------------------------------------------------|-------------------|--------------------|
+| [BinaryFormatter always throws](serialization/9.0/binaryformatter-removal.md)                                       | Behavioral change | Preview 6          |
+| [Nullable JsonDocument properties deserialize to JsonValueKind.Null](serialization/9.0/jsondocument-props.md)       | Behavioral change | Preview 1          |
+| [System.Text.Json metadata reader now unescapes metadata property names](serialization/9.0/json-metadata-reader.md) | Behavioral change | GA                 |
 
 ## Windows Forms
 
diff --git a/docs/core/compatibility/serialization/9.0/json-metadata-reader.md b/docs/core/compatibility/serialization/9.0/json-metadata-reader.md
@@ -0,0 +1,67 @@
+---
+title: "Breaking change: System.Text.Json metadata reader now unescapes metadata property names"
+description: System.Text.Json now unescapes metadata property names, affecting reference preservation and metadata property validation.
+ms.date: 2/13/2025
+ai-usage: ai-assisted
+ms.custom: https://github.com/dotnet/docs/issues/44748
+---
+
+# System.Text.Json metadata reader now unescapes metadata property names
+
+The <xref:System.Text.Json?displayProperty=fullName> library has been updated to unescape metadata property names. This change affects how JSON documents are interpreted in the context of reference preservation, polymorphism, and metadata property validation.
+
+## Version introduced
+
+.NET 9
+
+## Previous behavior
+
+Previously, <xref:System.Text.Json?displayProperty=fullName> didn't unescape metadata property names. This would lead to invalid property names being accepted, which could bypass metadata property validation.
+
+For example, the following code would succeed in the first call but throw an exception in the second call:
+
+```csharp
+JsonSerializerOptions options = new() { ReferenceHandler = ReferenceHandler.Preserve };
+JsonSerializer.Deserialize<MyPoco>("""{"\u0024invalid" : 42 }""", options);
+JsonSerializer.Deserialize<MyPoco>("""{"$invalid" : 42 }""", options);
+
+record MyPoco;
+```
+
+The unescaping behavior could also cause polymorphism issues when roundtripping metadata properties whose names require escaping, as seen here:
+
+```csharp
+string json = JsonSerializer.Serialize<Base>(new Derived());
+Console.WriteLine(json); // {"categor\u00EDa":"derived"}
+Console.WriteLine(JsonSerializer.Deserialize<Base>(json) is Derived); // False
+
+[JsonPolymorphic(TypeDiscriminatorPropertyName = "categoría")]
+[JsonDerivedType(typeof(Derived), "derived")]
+public record Base;
+public record Derived : Base;
+```
+
+## New behavior
+
+<xref:System.Text.Json?displayProperty=fullName> now unescapes metadata property names. This new behavior means that the line `Console.WriteLine(JsonSerializer.Deserialize<Base>(json) is Derived);` from the polymorphic deserialization example now returns `true`, and that invalid property names correctly fail to deserialize with the following exception:
+
+```output
+Unhandled exception. System.Text.Json.JsonException: Properties that start with '$' are not allowed in types that support metadata.
+```
+
+## Type of breaking change
+
+This change is a [behavioral change](../../categories.md#behavioral-change).
+
+## Reason for change
+
+The change improves correctness and reliability by ensuring that metadata property names are properly unescaped, preventing the bypass of metadata property validation. For more details, see the [reported issue](https://github.com/dotnet/runtime/issues/112288).
+
+## Recommended action
+
+Avoid using escaping to bypass metadata property validation. Instead, pick property names that don't conflict with metadata properties.
+
+## Affected APIs
+
+* <xref:System.Text.Json?displayProperty=fullName>
+* <xref:System.Text.Json.JsonSerializer.Deserialize*?displayProperty=fullName>
diff --git a/docs/core/compatibility/serialization/9.0/jsondocument-props.md b/docs/core/compatibility/serialization/9.0/jsondocument-props.md
@@ -1,5 +1,5 @@
 ---
-title: "Nullable JsonDocument properties deserialize to JsonValueKind.Null"
+title: "Breaking change: Nullable JsonDocument properties deserialize to JsonValueKind.Null"
 description: Learn about the breaking change in serialization in .NET 9 where nullable JsonDocument values deserialize to JsonValueKind.Null instead of null.
 ms.date: 12/5/2024
 ai-usage: ai-assisted
diff --git a/docs/core/compatibility/toc.yml b/docs/core/compatibility/toc.yml
@@ -166,6 +166,8 @@ items:
                 href: serialization/9.0/binaryformatter-removal.md
               - name: Nullable JsonDocument properties deserialize to JsonValueKind.Null
                 href: serialization/9.0/jsondocument-props.md
+              - name: System.Text.Json metadata reader now unescapes metadata property names
+                href: serialization/9.0/json-metadata-reader.md         
           - name: Windows Forms
             items:
               - name: BindingSource.SortDescriptions doesn't return null
@@ -2022,6 +2024,8 @@ items:
                 href: serialization/9.0/binaryformatter-removal.md
               - name: Nullable JsonDocument properties deserialize to JsonValueKind.Null
                 href: serialization/9.0/jsondocument-props.md
+              - name: System.Text.Json metadata reader now unescapes metadata property names
+                href: serialization/9.0/json-metadata-reader.md    
           - name: .NET 8
             items:
               - name: BinaryFormatter disabled for most projects
diff --git a/docs/core/compatibility/windows-forms/9.0/statusstrip-renderer.md b/docs/core/compatibility/windows-forms/9.0/statusstrip-renderer.md
@@ -32,7 +32,7 @@ The previous default behavior didn't meet accessibility standards. The focus ind
 The new behavior is recommended for accessibility reasons. If you want to revert to the previous behavior, set the `RenderMode` property to <xref:System.Windows.Forms.ToolStripRenderMode.System?displayProperty=nameWithType>.
 
 > [!NOTE]
-> The new behavior was reverted to the previous behavior in .NET 10 Preview 1.
+> The new behavior was reverted to the previous behavior in a .NET 9 servicing release and [.NET 10 Preview 1](../10.0/statusstrip-renderer.md).
 
 ## Affected APIs
 
