Bug#862373: Unconditionally instantiates objects from yaml data
Dominique Dumont
dod at debian.org
Sat Nov 11 17:41:41 UTC 2017
On Saturday, 11 November 2017 17:17:28 CET Dominique Dumont wrote:
> This is not an ideal solution, but is better than nothing...
Got good reasons [1], upstream is not thrilled about the idea of adding
SafeLoad to YAML::XS API. So I've disabled the patch.
TINITA suggests [2] to use unbless from Data::Structure::Util to sanitize a data
structure coming from untrusted source.
This solution is probably easier than replacing YAML::XS with YAML::TIny (which is
not always possible and behave differently with utf8)
All the best
[1] https://github.com/ingydotnet/yaml-libyaml-pm/issues/45#issuecomment-343678829
[2] https://github.com/ingydotnet/yaml-libyaml-pm/issues/45#issuecomment-343679429
--
https://github.com/dod38fr/ -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/ -o- irc: dod at irc.debian.org
More information about the pkg-perl-maintainers
mailing list