Skip to content
Browse files

Remove yaml due to possible security risk.

1 parent a936eaa commit 53a812426dd32108d6cba4272b493aa03bc8c031 @jnunemaker committed Jan 10, 2013
Showing with 7 additions and 25 deletions.
  1. +4 −0 History
  2. +1 −1 examples/custom_parsers.rb
  3. +1 −7 lib/httparty/parser.rb
  4. +0 −5 spec/httparty/parser_spec.rb
  5. +0 −6 spec/httparty/request_spec.rb
  6. +1 −6 spec/httparty_spec.rb
View
4 History
@@ -1,3 +1,7 @@
+== 0.10.0 2013-01-10
+* changes
+ * removed yaml support because of security risk (see rails yaml issues)
+
== 0.9.0 2012-09-07
* new
* [support for connection adapters](https://github.com/jnunemaker/httparty/pull/157)
View
2 examples/custom_parsers.rb
@@ -1,7 +1,7 @@
class ParseAtom
include HTTParty
- # Support Atom along with the default parsers: xml, json, yaml, etc.
+ # Support Atom along with the default parsers: xml, json, etc.
class Parser::Atom < HTTParty::Parser
SupportedFormats.merge!({"application/atom+xml" => :atom})
View
8 lib/httparty/parser.rb
@@ -1,5 +1,5 @@
module HTTParty
- # The default parser used by HTTParty, supports xml, json, html, yaml, and
+ # The default parser used by HTTParty, supports xml, json, html, and
# plain text.
#
# == Custom Parsers
@@ -45,8 +45,6 @@ class Parser
'application/javascript' => :json,
'text/javascript' => :json,
'text/html' => :html,
- 'application/x-yaml' => :yaml,
- 'text/yaml' => :yaml,
'text/plain' => :plain
}
@@ -120,10 +118,6 @@ def json
end
end
- def yaml
- YAML.load(body)
- end
-
def html
body
end
View
5 spec/httparty/parser_spec.rb
@@ -155,11 +155,6 @@ def self.name; 'AtomParser'; end
subject.send(:json)
end
- it "parses yaml" do
- YAML.should_receive(:load).with('body')
- subject.send(:yaml)
- end
-
it "parses html by simply returning the body" do
subject.send(:html).should == 'body'
end
View
6 spec/httparty/request_spec.rb
@@ -225,12 +225,6 @@
@request.send(:parse_response, json).should == {'books' => {'book' => {'id' => '1234', 'name' => 'Foo Bar!'}}}
end
- it 'should handle yaml automatically' do
- yaml = "books: \n book: \n name: Foo Bar!\n id: \"1234\"\n"
- @request.options[:format] = :yaml
- @request.send(:parse_response, yaml).should == {'books' => {'book' => {'id' => '1234', 'name' => 'Foo Bar!'}}}
- end
-
it "should include any HTTP headers in the returned response" do
@request.options[:format] = :html
response = stub_response "Content"
View
7 spec/httparty_spec.rb
@@ -384,11 +384,6 @@ class MyParser < HTTParty::Parser
@klass.default_options[:format].should == :json
end
- it "should allow yaml" do
- @klass.format :yaml
- @klass.default_options[:format].should == :yaml
- end
-
it "should allow plain" do
@klass.format :plain
@klass.default_options[:format].should == :plain
@@ -403,7 +398,7 @@ class MyParser < HTTParty::Parser
it 'should only print each format once with an exception' do
lambda do
@klass.format :foobar
- end.should raise_error(HTTParty::UnsupportedFormat, "':foobar' Must be one of: html, json, plain, xml, yaml")
+ end.should raise_error(HTTParty::UnsupportedFormat, "':foobar' Must be one of: html, json, plain, xml")
end
it 'sets the default parser' do

0 comments on commit 53a8124

Please sign in to comment.
Something went wrong with that request. Please try again.