Does anyone know the actual use case for having Rails automatically parse YAML inside of XML? The whole idea just seems ludicrous
@tenderlove @13k_ YAML participates in a deserialization protocol with other objects that will execute arbitrary code for you though :(
-
-
-
@tenderlove@bascule exactly. I meant exploitable as in raising an eyebrow to the deserialization, which I always tend to assume unsafe -
-
@tenderlove@13k_ probably just went unnoticed until people started poking into how to create various params from various requests
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.