Possibly activesupport could monkey-patch unsafe Ruby methods like YAML.loadto be safe by default. The old version could be exposed with a prefix of unsafe_ (like YAML.unsafe_load).
Like this gem: https://github.com/dtao/safe_yaml. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/rubyonrails-core?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
