Issue #3 new

Rename load to dangerous_load

Devin Jeanpierre
created an issue

As per Ned Batchelder's proposal, why not rename load to dangerous_load, and alias safe_load to load? (Or perhaps, leave load undefined, so that secure code doesn't become insecure when run on an earlier version of PyYAML)

If this is done, code can no longer be accidentally insecure through forgetfulness or lack of care. Instead, people will only have the ability to run arbitrary code if they specifically intend for that and all its consequences.

The downside is losing backwards compatibility. Maybe the move could be done in a two-step process that deprecates load first?

Comments (1)

  1. TomRitchford

    It's a security vulnerability - old code should break if there isn't an automatic way to fix it.

    I would, however, suggest keeping load_safe/dump_safe etc for at least a couple of releases, as that costs you nothing.

  2. Log in to comment