Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Document the fact that ParseYaml middleware is unsafe
We can't just switch to `YAML.safe_load()` ourselves since that would break backwards compatibility. For instance, `safe_load` returns nil for empty yaml documents where `load` returns `false`. Also, `safe_load` will refuse to parse Symbol keys since DoS attacks targeting symbols are a real thread. Finally, not every Ruby version has a Psych that supports `safe_laod`. ruby/psych#119 (comment) Fixes #92
- Loading branch information