For untrusted sources need to be able to specify a specific set of attributes that should be Deserialized. Currently the attributes to deserialize come from the input (trusted sources) or from the current object attributes (non-trusted sources).

This will add extra level of protection from injection attacks.