In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method. In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE). People that need to load *trusted* documents can use the
`unsafe_load` method.
This commit introduces the `unsafe_load` method so that people can
incrementally upgrade. For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.
https://github.com/ruby/psych/commit/cb50aa8d3f
The only remaining use of this function was to get the internal
message object from an exception's hidden `mesg` instance
variable to allow it to be dumped wiithout converting to a string.
As discussed in #103, this exposes internal implementation details
of CRuby, and ultimately does not provide any real utility to the
user since they can't directly inspect this hidden variable. The
test change here is to reflect CRuby behavior that denies equality
if the internal message objects do not match, as is the case after
the exception has been loaded and now has a simple String value.
The impact to users is that exceptions with special hidden message
objects will convert those objects to String during marshaling
through YAML. I believe this only affects NameError and its
descendants, since users can't set this field directly on their
own exception types.
Fixes#103.
* Added deprecated warnings for the new interface of keyword argument.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65193 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Rely on encoding tags to determine if string should be dumped as binary.
8949a47b8c
* Specify "frozen_string_literal: true".
* Support to binary release for mingw32 platform.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59327 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
loading. Fixes GH #85. Thanks @brentdax for the patch!
* test/psych/test_exception.rb: test for fix
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47319 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/psych/lib/psych/syntax_error.rb: Psych::SyntaxError now inherits
from StandardError rather than SyntaxError. Thanks Eric Hodel!
* test/psych/test_exception.rb: tests for change.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37292 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
an optional file name that is used when raising Psych::SyntaxError
exceptions
* ext/psych/lib/psych/syntax_error.rb (module Psych): allow nil file
names and handle nil file names in the exception message
* test/psych/test_exception.rb (module Psych): Tests for changes.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33965 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Aaron Patterson
Hiroshi SHIBATA
Charles Oliver Nutter
Aaron Patterson
hsbt
naruse
tenderlove
akr
xibbar