[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unconditionally instantiates objects from yaml data

On Saturday, 11 November 2017 17:17:28 CET Dominique Dumont wrote:
> This is not an ideal solution, but is better than nothing...

Got good reasons [1], upstream is not thrilled about the idea of adding
SafeLoad to YAML::XS API. So I've disabled the patch.

TINITA suggests [2] to use unbless from Data::Structure::Util to sanitize a data 
structure coming from untrusted source. 

This solution is probably easier than replacing YAML::XS with YAML::TIny (which is 
not always possible and behave differently with utf8)

All the best

[1] https://github.com/ingydotnet/yaml-libyaml-pm/issues/45#issuecomment-343678829
[2] https://github.com/ingydotnet/yaml-libyaml-pm/issues/45#issuecomment-343679429
 https://github.com/dod38fr/   -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/  -o-   irc: dod at irc.debian.org

Reply to: