Route !ruby/encoding through the class loader

safe_load resolved !ruby/encoding directly via ::Encoding.find,
bypassing the permitted_classes check that !ruby/object:Encoding
already honors. Load it through the class loader so Encoding is only
deserialized when permitted.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: hsbt

lib/psych/class_loader.rb

@@ -9,6 +9,7 @@ class ClassLoader # :nodoc:
     DATA        = 'Data' unless RUBY_VERSION < "3.2"
     DATE        = 'Date'
     DATE_TIME   = 'DateTime'
+    ENCODING    = 'Encoding'
     EXCEPTION   = 'Exception'
     OBJECT      = 'Object'
     PSYCH_OMAP  = 'Psych::Omap'

lib/psych/visitors/to_ruby.rb

@@ -87,6 +87,7 @@ def deserialize o
           DateTime.civil(*t.to_a[0, 6].reverse, Rational(t.utc_offset, 86400)) +
             (t.subsec/86400)
         when '!ruby/encoding'
+          class_loader.encoding
           ::Encoding.find o.value
         when "!ruby/object:Complex"
           class_loader.complex

test/psych/test_safe_load.rb

@@ -74,6 +74,19 @@ def test_symbol
       assert_equal :foo, Psych.safe_load('--- !ruby/symbol foo', permitted_classes: [Symbol])
     end
 
+    def test_encoding
+      yaml = "--- !ruby/encoding UTF-8\n"
+      assert_raise(Psych::DisallowedClass) do
+        Psych.safe_load yaml
+      end
+      assert_raise(Psych::DisallowedClass) do
+        Psych.safe_load yaml, permitted_classes: []
+      end
+
+      assert_equal Encoding::UTF_8, Psych.safe_load(yaml, permitted_classes: [Encoding])
+      assert_equal Encoding::UTF_8, Psych.safe_load(yaml, permitted_classes: %w{ Encoding })
+    end
+
     def test_foo
       assert_raise(Psych::DisallowedClass) do
         Psych.safe_load '--- !ruby/object:Foo {}', permitted_classes: [Foo]