Does anyone know the actual use case for having Rails automatically parse YAML inside of XML? The whole idea just seems ludicrous
-
-
Replying to @tenderlove
@tenderlove@bascule the use case alone seems pretty exploitable, wondering why it took so long1 reply 0 retweets 1 like -
Replying to @tenderlove
@tenderlove@13k_ YAML participates in a deserialization protocol with other objects that will execute arbitrary code for you though :(1 reply 0 retweets 0 likes -
Replying to @tenderlove
@tenderlove@bascule exactly. I meant exploitable as in raising an eyebrow to the deserialization, which I always tend to assume unsafe1 reply 0 retweets 0 likes
Replying to @tenderlove
@tenderlove @13k_ probably just went unnoticed until people started poking into how to create various params from various requests
11:26 AM - 10 Jan 2013
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.