1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOC] security.rdoc: fix YAML security documentation

Browse Source 
Since fbb4e3f96c
`YAML` does not unmarshal arbitrary ruby objects.
This commit is contained in:
Andrea Brancaleoni 2024-03-11 08:26:14 +01:00 committed by GitHub
parent 5c32b31aee
commit 7a398adc2f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/security.rdoc
View File

@ -37,7 +37,7 @@ programs for configuration and database persistence of Ruby object trees.
Similar to +Marshal+, it is able to deserialize into arbitrary Ruby classes. Similar to +Marshal+, it is able to deserialize into arbitrary Ruby classes.
For example, the following YAML data will create an +ERB+ object when For example, the following YAML data will create an +ERB+ object when
deserialized: deserialized, using the `unsafe_load` method:
!ruby/object:ERB !ruby/object:ERB
src: puts `uname` src: puts `uname`