You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that in one of the recent releases, the safe key no longer appears to be working inside of load. Looking at the source, the argument is only passed to legacy loaders. Was this intentional? If not, can this functionality be resurrected? One of the main draws to this great package is the fact that I can try to avoid arbitrary code executing if I so choose.
And maybe I should create a separate issue for this next question, but I was wondering if there is a way to support custom classes without adding them to this package specifically. It would be fantastic if I could do something like
The safe keyword was removed in hickle v4 as it no longer serves any purpose.
In v4, we started using the literal_eval function of the ast built-in library, which always avoids arbitrary code execution.
Therefore, the safe keyword was no longer needed.
Safe Loading
I noticed that in one of the recent releases, the
safe
key no longer appears to be working inside ofload
. Looking at the source, the argument is only passed to legacy loaders. Was this intentional? If not, can this functionality be resurrected? One of the main draws to this great package is the fact that I can try to avoid arbitrary code executing if I so choose.Here is an example:
Custom Object Support
And maybe I should create a separate issue for this next question, but I was wondering if there is a way to support custom classes without adding them to this package specifically. It would be fantastic if I could do something like
and have it just work. Does this functionality exist? If so, could I see an example? If not, how big of an ask is this to add?
The text was updated successfully, but these errors were encountered: