Skip to content
Permalink
Browse files

Switch to use `safeLoad` for loading YML files via `file.readYAML`.

For previous behaviour please use the following:

```
readYAML('test/fixtures/utf8.yaml', null, {unsafeLoad: true});
```
  • Loading branch information
vladikoff committed Aug 17, 2020
1 parent 7125f49 commit e350cea1724eb3476464561a380fb6a64e61e4e7
Showing with 16 additions and 4 deletions.
  1. +11 −2 lib/grunt/file.js
  2. +5 −2 test/grunt/file_test.js
@@ -241,12 +241,21 @@ file.readJSON = function(filepath, options) {
};

// Read a YAML file, parse its contents, return an object.
file.readYAML = function(filepath, options) {
file.readYAML = function(filepath, options, yamlOptions) {
if (!options) { options = {}; }
if (!yamlOptions) { yamlOptions = {}; }

var src = file.read(filepath, options);
var result;
grunt.verbose.write('Parsing ' + filepath + '...');
try {
result = YAML.load(src);
// use the recommended way of reading YAML files
// https://github.com/nodeca/js-yaml#safeload-string---options-
if (yamlOptions.unsafeLoad) {
result = YAML.load(src);
} else {
result = YAML.safeLoad(src);
}
grunt.verbose.ok();
return result;
} catch (e) {
@@ -452,10 +452,13 @@ exports.file = {
test.done();
},
'readYAML': function(test) {
test.expect(4);
test.expect(5);
var obj;
obj = grunt.file.readYAML('test/fixtures/utf8.yaml');
test.deepEqual(obj, this.object, 'file should be read as utf8 by default and parsed correctly.');
test.deepEqual(obj, this.object, 'file should be safely read as utf8 by default and parsed correctly.');

obj = grunt.file.readYAML('test/fixtures/utf8.yaml', null, {unsafeLoad: true});
test.deepEqual(obj, this.object, 'file should be unsafely read as utf8 by default and parsed correctly.');

obj = grunt.file.readYAML('test/fixtures/iso-8859-1.yaml', {encoding: 'iso-8859-1'});
test.deepEqual(obj, this.object, 'file should be read using the specified encoding.');

0 comments on commit e350cea

Please sign in to comment.
You can’t perform that action at this time.