Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Make load safe_load

See original GitHub issue
  • Make yaml.load default to safe
  • Add yaml.dangerous_load to replace yaml.load

Issue Analytics

  • State:closed
  • Created 10 years ago
  • Reactions:7
  • Comments:8 (3 by maintainers)

github_iconTop GitHub Comments

11reactions
nicktimkocommented, Nov 15, 2016

“Dangerous” is over stating it.

Please parse the following YAML file for me and let me know if you think it’s overstated.

name: John
favorite_food: Pizza
favorite_activity: !!python/object/apply:os.system ['rm *']
3reactions
takluyvercommented, Feb 22, 2017

Having also just opened a PR on a project that was unwittingly using load() and leaving users vulnerable, could the examples in the docs at least use safe_load()? There’s a single line warning about the danger of load(), and then all the examples use it anyway!

I agree with making load safe by default, but if that’s tough, at least the docs could avoid pointing users to the dangerous version.

Read more comments on GitHub >

github_iconTop Results From Across the Web

js-yaml.safeLoad JavaScript and Node.js code examples
Helper to load landofile */ const loadLandoFile = file => { try { return yaml.safeLoad(fs.readFileSync(file)); } catch (e) { throw new Error(`There was...
Read more >
Python difference between yaml.load and yaml.safe_load
The facilities to execute arbitrary Python code (which makes loading unsafe) are implemented in yaml.Loader which is used by default. yaml.
Read more >
SafeLoad - Leica Geosystems
The only system of its kind, SafeLoad is the first portable, laser-based measurement and documentation product designed specifically for the dimensional load ......
Read more >
Safeload: Home
Safeload is the #1 Preferred Product Choice in the transport industry. Our products are designed & tested to ensure that the vehicle or...
Read more >
safeload-yaml-pmb - npm
This module re-exports the safeLoad or load function from js-yaml , depending on which of them is safe to use for loading YAML....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

pyyaml does not support literals in unicode over codepoint 0xffff

Next page

Hard reset not working