diff options
author | charliesome <charliesome@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-04-27 14:54:37 +0000 |
---|---|---|
committer | charliesome <charliesome@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-04-27 14:54:37 +0000 |
commit | b5e8e33ddc880c98c30a1abe644c6af2e57b5496 (patch) | |
tree | 2cf9866447ed264f732da6b791cba4e4c78738c1 /lib/yaml.rb | |
parent | 3e1fad843e29d8004aabf2f30a9bb031b02ca209 (diff) | |
download | ruby-b5e8e33ddc880c98c30a1abe644c6af2e57b5496.tar.gz |
* lib/yaml.rb: add security warning to YAML documentation
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40500 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/yaml.rb')
-rw-r--r-- | lib/yaml.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/yaml.rb b/lib/yaml.rb index 76657cdd0b..f2177accbd 100644 --- a/lib/yaml.rb +++ b/lib/yaml.rb @@ -73,6 +73,10 @@ end # YAML.dump("foo") # => "--- foo\n...\n" # { :a => 'b'}.to_yaml # => "---\n:a: b\n" # +# Do not use YAML to load untrusted data. Doing so is unsafe and could allow +# malicious input to execute arbitrary code inside your application. Please see +# doc/security.rdoc for more information. +# # For more advanced details on the implementation see Psych, and also check out # yaml.org for spec details and other helpful information. module YAML; end |