Skip to content
Permalink
Browse files Browse the repository at this point in the history
Remove yaml due to possible security risk.
  • Loading branch information
jnunemaker committed Jan 10, 2013
1 parent a936eaa commit 53a8124
Show file tree
Hide file tree
Showing 6 changed files with 7 additions and 25 deletions.
4 changes: 4 additions & 0 deletions History
@@ -1,3 +1,7 @@
== 0.10.0 2013-01-10
* changes
* removed yaml support because of security risk (see rails yaml issues)

== 0.9.0 2012-09-07
* new
* [support for connection adapters](https://github.com/jnunemaker/httparty/pull/157)
Expand Down
2 changes: 1 addition & 1 deletion examples/custom_parsers.rb
@@ -1,7 +1,7 @@
class ParseAtom
include HTTParty

# Support Atom along with the default parsers: xml, json, yaml, etc.
# Support Atom along with the default parsers: xml, json, etc.
class Parser::Atom < HTTParty::Parser
SupportedFormats.merge!({"application/atom+xml" => :atom})

Expand Down
8 changes: 1 addition & 7 deletions lib/httparty/parser.rb
@@ -1,5 +1,5 @@
module HTTParty
# The default parser used by HTTParty, supports xml, json, html, yaml, and
# The default parser used by HTTParty, supports xml, json, html, and
# plain text.
#
# == Custom Parsers
Expand Down Expand Up @@ -45,8 +45,6 @@ class Parser
'application/javascript' => :json,
'text/javascript' => :json,
'text/html' => :html,
'application/x-yaml' => :yaml,
'text/yaml' => :yaml,
'text/plain' => :plain
}

Expand Down Expand Up @@ -120,10 +118,6 @@ def json
end
end

def yaml
YAML.load(body)
end

def html
body
end
Expand Down
5 changes: 0 additions & 5 deletions spec/httparty/parser_spec.rb
Expand Up @@ -155,11 +155,6 @@ def self.name; 'AtomParser'; end
subject.send(:json)
end

it "parses yaml" do
YAML.should_receive(:load).with('body')
subject.send(:yaml)
end

it "parses html by simply returning the body" do
subject.send(:html).should == 'body'
end
Expand Down
6 changes: 0 additions & 6 deletions spec/httparty/request_spec.rb
Expand Up @@ -225,12 +225,6 @@
@request.send(:parse_response, json).should == {'books' => {'book' => {'id' => '1234', 'name' => 'Foo Bar!'}}}
end

it 'should handle yaml automatically' do
yaml = "books: \n book: \n name: Foo Bar!\n id: \"1234\"\n"
@request.options[:format] = :yaml
@request.send(:parse_response, yaml).should == {'books' => {'book' => {'id' => '1234', 'name' => 'Foo Bar!'}}}
end

it "should include any HTTP headers in the returned response" do
@request.options[:format] = :html
response = stub_response "Content"
Expand Down
7 changes: 1 addition & 6 deletions spec/httparty_spec.rb
Expand Up @@ -384,11 +384,6 @@ class MyParser < HTTParty::Parser
@klass.default_options[:format].should == :json
end

it "should allow yaml" do
@klass.format :yaml
@klass.default_options[:format].should == :yaml
end

it "should allow plain" do
@klass.format :plain
@klass.default_options[:format].should == :plain
Expand All @@ -403,7 +398,7 @@ class MyParser < HTTParty::Parser
it 'should only print each format once with an exception' do
lambda do
@klass.format :foobar
end.should raise_error(HTTParty::UnsupportedFormat, "':foobar' Must be one of: html, json, plain, xml, yaml")
end.should raise_error(HTTParty::UnsupportedFormat, "':foobar' Must be one of: html, json, plain, xml")
end

it 'sets the default parser' do
Expand Down

0 comments on commit 53a8124

Please sign in to comment.