archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-15 13:39:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

[DOC] security.rdoc: fix YAML security documentation

Browse source 
Since fbb4e3f96c
`YAML` does not unmarshal arbitrary ruby objects.
This commit is contained in:
Andrea Brancaleoni 2024-03-11 08:26:14 +01:00 committed by GitHub
parent 5c32b31aee
commit 7a398adc2f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
doc/security.rdoc
View file

@ -37,7 +37,7 @@ programs for configuration and database persistence of Ruby object trees.
Similar to +Marshal+, it is able to deserialize into arbitrary Ruby classes.
For example, the following YAML data will create an +ERB+ object when
deserialized:
deserialized, using the `unsafe_load` method:
!ruby/object:ERB
src: puts `uname`