diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2019-10-17 13:48:24 -0700 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2019-10-17 13:48:24 -0700 |
| commit | 0910ae5575786d57783eafd4d03ebc0d077cd2ed (patch) | |
| tree | a4000978d8084b8bd0348b609fc0c8db29a0dcab /lib | |
| parent | c46aacd2161289b3cea1b3bc0230162b0b133de0 (diff) | |
| download | psych-0910ae5575786d57783eafd4d03ebc0d077cd2ed.zip | |
Add a note about safe_load
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/psych.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/psych.rb b/lib/psych.rb index 9513f79..c719b03 100644 --- a/lib/psych.rb +++ b/lib/psych.rb @@ -264,6 +264,10 @@ module Psych # # Raises a TypeError when `yaml` parameter is NilClass # + # NOTE: This method *should not* be used to parse untrusted documents, such as + # YAML documents that are supplied via user input. Instead, please use the + # safe_load method. + # def self.load yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: false, symbolize_names: false if legacy_filename != NOT_GIVEN warn_with_uplevel 'Passing filename with the 2nd argument of Psych.load is deprecated. Use keyword argument like Psych.load(yaml, filename: ...) instead.', uplevel: 1 if $VERBOSE |