method

safe_load

v2_2_9 - Show latest stable - 0 notes - Class: Psych

1_8_6_287
1_8_7_72
1_8_7_330
1_9_1_378
1_9_2_180
1_9_3_125
1_9_3_392
2_1_10 (0)
2_2_9 (0)
2_4_6 (0)
2_5_5 (38)
2_6_3 (7)
What's this?

safe_load(yaml, whitelist_classes = [], whitelist_symbols = [], aliases = false, filename = nil) public

Safely load the yaml string in yaml. By default, only the following classes are allowed to be deserialized:

Recursive data structures are not allowed by default. Arbitrary classes can be allowed by adding those classes to the whitelist. They are additive. For example, to allow Date deserialization:

Psych.safe_load(yaml, [Date])

Now the Date class can be loaded in addition to the classes listed above.

Aliases can be explicitly allowed by changing the aliases parameter. For example:

x = []
x << x
yaml = Psych.dump x
Psych.safe_load yaml               # => raises an exception
Psych.safe_load yaml, [], [], true # => loads the aliases

A Psych::DisallowedClass exception will be raised if the yaml contains a class that isn’t in the whitelist.

A Psych::BadAlias exception will be raised if the yaml contains aliases but the aliases parameter is set to false.

Show source

# File ext/psych/lib/psych.rb, line 283
  def self.safe_load yaml, whitelist_classes = [], whitelist_symbols = [], aliases = false, filename = nil
    result = parse(yaml, filename)
    return unless result

    class_loader = ClassLoader::Restricted.new(whitelist_classes.map(&:to_s),
                                               whitelist_symbols.map(&:to_s))
    scanner      = ScalarScanner.new class_loader
    if aliases
      visitor = Visitors::ToRuby.new scanner, class_loader
    else
      visitor = Visitors::NoAliasRuby.new scanner, class_loader
    end
    visitor.accept result
  end

safe_load

Related methods