Commits

Joshua Ginsberg  committed 91bdaec

Fixed security bug in YAML emitter; H/T db@d1b.org

  • Participants
  • Parent commits 932e0ea
  • Branches 0.2.2-maint

Comments (0)

Files changed (1)

File piston/emitters.py

 
 if yaml:  # Only register yaml if it was import successfully.
     Emitter.register('yaml', YAMLEmitter, 'application/x-yaml; charset=utf-8')
-    Mimer.register(yaml.load, ('application/x-yaml',))
+    Mimer.register(yaml.safe_load, ('application/x-yaml',))
 
 class PickleEmitter(Emitter):
     """