From: Aaron Patterson Date: 2013-01-10T16:33:18+09:00 Subject: [ruby-core:51343] Re: [ruby-trunk - Feature #7677][Open] YAML load mode that does instantiate Ruby On Wed, Jan 09, 2013 at 11:40:04AM +0900, trans (Thomas Sawyer) wrote: > > Issue #7677 has been reported by trans (Thomas Sawyer). > > ---------------------------------------- > Feature #7677: YAML load mode that does instantiate Ruby > https://bugs.ruby-lang.org/issues/7677 > > Author: trans (Thomas Sawyer) > Status: Open > Priority: Normal > Assignee: > Category: lib > Target version: next minor > > > See https://makandracards.com/makandra/892-never-use-yaml-load-with-user-input > > I suggest that YAML.load and YAML.load_file have an optional mode that will allow the YAML to load but not instantiate `!ruby/object:` tags, nor any registered tags. To go with this there could be a way to see what the tag is after having been loaded. Use `Psych.parse`, then you can inspect the AST. -- Aaron Patterson http://tenderlovemaking.com/