New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
yaml.safeLoad() #65
Comments
I don't know much about it but |
I tried to write a quick patch but I noticed that one of the examples uses un-"safe" YAML which would break if you use fm(payload, { yaml: 'unsafe' }) if you need to support unsafe Yaml parsing. |
I don't mind changing the example to make the code more secure. If you submit a PR I will publish it as a new major version to prevent breaking folks who relied on the old functionality. I like your idea of passing in an option to toggle safe/unsafe and defaulting to safe parsing. |
This is a widely used library. If it is not required, please switch to A PoC
|
@ajinabraham ACK, I think the PR from @peterbe will cover your asks. |
PR looks good to me 👍 |
yaml.load()
is insecure and dangerous. (first google result)We should be using
yaml.safeLoad()
.The text was updated successfully, but these errors were encountered: