Merge pull request #34 from sparklemotion/safe_yaml

Use safe_load when using Psych >=3.1

lib/http/cookie_jar/yaml_saver.rb

@@ -21,7 +21,7 @@ def save(io, jar)
 
   def load(io, jar)
     begin
-      data = YAML.load(io)
+      data = load_yaml(io)
     rescue ArgumentError => e
       case e.message
       when %r{\Aundefined class/module Mechanize::}
@@ -31,7 +31,7 @@ def load(io, jar)
           yaml = io.read
           # a gross hack
           yaml.gsub!(%r{^(    [^ ].*:) !ruby/object:Mechanize::Cookie$}, "\\1")
-          data = YAML.load(yaml)
+          data = load_yaml(yaml)
         rescue Errno::ESPIPE
           @logger.warn "could not rewind the stream for conversion" if @logger
         rescue ArgumentError
@@ -73,4 +73,14 @@ def load(io, jar)
   def default_options
     {}
   end
+
+  if YAML.name == 'Psych' && Psych::VERSION >= '3.1'
+    def load_yaml(yaml)
+      YAML.safe_load(yaml, :permitted_classes => %w[Time HTTP::Cookie Mechanize::Cookie DomainName], :aliases => true)
+    end
+  else
+    def load_yaml(yaml)
+      YAML.load(yaml)
+    end
+  end
 end