Permalink
Browse files

Remove yaml due to possible security risk.

  • Loading branch information...
jnunemaker committed Jan 10, 2013
1 parent a936eaa commit 53a812426dd32108d6cba4272b493aa03bc8c031
Showing with 7 additions and 25 deletions.
  1. +4 −0 History
  2. +1 −1 examples/custom_parsers.rb
  3. +1 −7 lib/httparty/parser.rb
  4. +0 −5 spec/httparty/parser_spec.rb
  5. +0 −6 spec/httparty/request_spec.rb
  6. +1 −6 spec/httparty_spec.rb
View
@@ -1,3 +1,7 @@
== 0.10.0 2013-01-10
* changes
* removed yaml support because of security risk (see rails yaml issues)
== 0.9.0 2012-09-07
* new
* [support for connection adapters](https://github.com/jnunemaker/httparty/pull/157)
@@ -1,7 +1,7 @@
class ParseAtom
include HTTParty
# Support Atom along with the default parsers: xml, json, yaml, etc.
# Support Atom along with the default parsers: xml, json, etc.
class Parser::Atom < HTTParty::Parser
SupportedFormats.merge!({"application/atom+xml" => :atom})
View
@@ -1,5 +1,5 @@
module HTTParty
# The default parser used by HTTParty, supports xml, json, html, yaml, and
# The default parser used by HTTParty, supports xml, json, html, and
# plain text.
#
# == Custom Parsers
@@ -45,8 +45,6 @@ class Parser
'application/javascript' => :json,
'text/javascript' => :json,
'text/html' => :html,
'application/x-yaml' => :yaml,
'text/yaml' => :yaml,
'text/plain' => :plain
}
@@ -120,10 +118,6 @@ def json
end
end
def yaml
YAML.load(body)
end
def html
body
end
@@ -155,11 +155,6 @@ def self.name; 'AtomParser'; end
subject.send(:json)
end
it "parses yaml" do
YAML.should_receive(:load).with('body')
subject.send(:yaml)
end
it "parses html by simply returning the body" do
subject.send(:html).should == 'body'
end
@@ -225,12 +225,6 @@
@request.send(:parse_response, json).should == {'books' => {'book' => {'id' => '1234', 'name' => 'Foo Bar!'}}}
end
it 'should handle yaml automatically' do
yaml = "books: \n book: \n name: Foo Bar!\n id: \"1234\"\n"
@request.options[:format] = :yaml
@request.send(:parse_response, yaml).should == {'books' => {'book' => {'id' => '1234', 'name' => 'Foo Bar!'}}}
end
it "should include any HTTP headers in the returned response" do
@request.options[:format] = :html
response = stub_response "Content"
View
@@ -384,11 +384,6 @@ class MyParser < HTTParty::Parser
@klass.default_options[:format].should == :json
end
it "should allow yaml" do
@klass.format :yaml
@klass.default_options[:format].should == :yaml
end
it "should allow plain" do
@klass.format :plain
@klass.default_options[:format].should == :plain
@@ -403,7 +398,7 @@ class MyParser < HTTParty::Parser
it 'should only print each format once with an exception' do
lambda do
@klass.format :foobar
end.should raise_error(HTTParty::UnsupportedFormat, "':foobar' Must be one of: html, json, plain, xml, yaml")
end.should raise_error(HTTParty::UnsupportedFormat, "':foobar' Must be one of: html, json, plain, xml")
end
it 'sets the default parser' do

0 comments on commit 53a8124

Please sign in to comment.