diff options
| author | Eric Wong <e@80x24.org> | 2022-01-20 18:34:19 +0000 |
|---|---|---|
| committer | Eric Wong <e@80x24.org> | 2022-01-21 19:54:43 +0000 |
| commit | 88a8d4793473259b392241f1e2d20d39bd96b214 (patch) | |
| tree | 28e3fb5d17017038045de143bd2e6a7d95655d0d /lib/dtas.rb | |
| parent | 748c3633ce794685af343de0bcd24eca7440281b (diff) | |
| download | dtas-88a8d4793473259b392241f1e2d20d39bd96b214.tar.gz | |
Psych 4.x defaults to "nanny mode" to handle untrusted data. This causes breakage with since YAML references (aliases) emitted by dtas-player can't be handled by Psych clients under Ruby 3.1. Since dtas is single user and is a shell designed to run arbitrary code, favor the new YAML.unsafe_load API which behaves like the old YAML.load in Ruby <= 3.0.
Diffstat (limited to 'lib/dtas.rb')
| -rw-r--r-- | lib/dtas.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/dtas.rb b/lib/dtas.rb index 477a176..cb7c33d 100644 --- a/lib/dtas.rb +++ b/lib/dtas.rb @@ -25,6 +25,12 @@ module DTAS Fiddle.dlopen(nil) end end + + # prevent breakage in Psych 4.x; we're a shell and designed to execute code + def self.yaml_load(buf) + require 'yaml' + YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(buf) : YAML.load(buf) + end # :startdoc: end |