Skip to content

Commit

Permalink
Merge pull request #34 from sparklemotion/safe_yaml
Browse files Browse the repository at this point in the history
Use safe_load when using Psych >=3.1
  • Loading branch information
knu committed Jun 7, 2021
2 parents 9eb68dc + 2c220f4 commit 11b9108
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions lib/http/cookie_jar/yaml_saver.rb
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ def save(io, jar)

def load(io, jar)
begin
data = YAML.load(io)
data = load_yaml(io)
rescue ArgumentError => e
case e.message
when %r{\Aundefined class/module Mechanize::}
Expand All @@ -31,7 +31,7 @@ def load(io, jar)
yaml = io.read
# a gross hack
yaml.gsub!(%r{^( [^ ].*:) !ruby/object:Mechanize::Cookie$}, "\\1")
data = YAML.load(yaml)
data = load_yaml(yaml)
rescue Errno::ESPIPE
@logger.warn "could not rewind the stream for conversion" if @logger
rescue ArgumentError
Expand Down Expand Up @@ -73,4 +73,14 @@ def load(io, jar)
def default_options
{}
end

if YAML.name == 'Psych' && Psych::VERSION >= '3.1'
def load_yaml(yaml)
YAML.safe_load(yaml, :permitted_classes => %w[Time HTTP::Cookie Mechanize::Cookie DomainName], :aliases => true)
end
else
def load_yaml(yaml)
YAML.load(yaml)
end
end
end

0 comments on commit 11b9108

Please sign in to comment.