Comment by ak217
3 years ago
Thanks for the clarification. Let's fix it in PyYAML then :)
Speaking of PyYAML, I recently ran into an issue where I had to heavily patch PyYAML to prevent its parse result from being susceptible to entity expansion attacks. It would be nice to at least have a PyYAML mode to completely ignore anchors and aliases (as well as tags) using simple keyword arguments. Protection against entity expansion abuse would be nice too.
No comments yet
Contribute on Hacker News ↗