Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

yaml.safeLoad()

See original GitHub issue

yaml.load() is insecure and dangerous. (first google result) We should be using yaml.safeLoad().

Issue Analytics

State:
Created 3 years ago
Comments:6 (4 by maintainers)

Top GitHub Comments

1reaction

peterbecommented, May 13, 2020

I tried to write a quick patch but I noticed that one of the examples uses un-“safe” YAML which would break if you use yaml.safeLoad(). So I guess it would need to be something like this:

fm(payload, { yaml: 'unsafe' })

if you need to support unsafe Yaml parsing.

0reactions

ajinabrahamcommented, May 18, 2020

PR looks good to me 👍

Top Results From Across the Web

PyYAML Documentation

safe_load(stream) parses the given stream and returns a Python object constructed from for the first document in the stream. If there are no...

YAML Safe_Load() - Linux Hint

Practical guide that demonstrates the multiple methods for reading the YAML content from the files and Python objects by utilizing the safe_load() method....

js-yaml.safeLoad JavaScript and Node.js code examples

Best JavaScript code snippets using js-yaml.safeLoad(Showing top 15 results out of 432) · lib/bootstrap.js/loadLandoFile · lib/config.js/_. · integrations/lando- ...

js-yaml

safeLoad (string [ , options ]). Recommended loading way. Parses string as single YAML document. Returns a JavaScript object or throws YAMLException on...

How can I parse a YAML file in Python - Stack Overflow

Use safe_load() unless you really have full control over the input, need it (seldom the case) and know what you are doing. If...