Skip to content

Commit

Permalink
Use safe_load and safe_load_file for .rdoc_options
Browse files Browse the repository at this point in the history
  • Loading branch information
hsbt committed Mar 19, 2024
1 parent 32ff6ba commit 60a6d74
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 5 deletions.
5 changes: 3 additions & 2 deletions lib/rdoc/rdoc.rb
Original file line number Diff line number Diff line change
Expand Up @@ -162,11 +162,12 @@ def load_options
RDoc.load_yaml

begin
options = YAML.load_file '.rdoc_options'
options = YAML.safe_load_file '.rdoc_options', permitted_classes: [RDoc::Options, Symbol]
rescue Psych::SyntaxError
raise RDoc::Error, "#{options_file} is not a valid rdoc options file"
end

return RDoc::Options.new if options == false # Allow empty file.
return RDoc::Options.new unless options # Allow empty file.

raise RDoc::Error, "#{options_file} is not a valid rdoc options file" unless
RDoc::Options === options or Hash === options
Expand Down
6 changes: 3 additions & 3 deletions test/rdoc/test_rdoc_options.rb
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ def test_init_with_encoding

@options.encoding = Encoding::IBM437

options = YAML.load YAML.dump @options
options = YAML.safe_load(YAML.dump(@options), permitted_classes: [RDoc::Options, Symbol])

assert_equal Encoding::IBM437, options.encoding
end
Expand All @@ -161,7 +161,7 @@ def test_init_with_trim_paths
- /etc
YAML

options = YAML.load yaml
options = YAML.safe_load(yaml, permitted_classes: [RDoc::Options, Symbol])

assert_empty options.rdoc_include
assert_empty options.static_path
Expand Down Expand Up @@ -749,7 +749,7 @@ def test_write_options

assert File.exist? '.rdoc_options'

assert_equal @options, YAML.load(File.read('.rdoc_options'))
assert_equal @options, YAML.safe_load(File.read('.rdoc_options'), permitted_classes: [RDoc::Options, Symbol])
end
end

Expand Down

0 comments on commit 60a6d74

Please sign in to comment.