Chris Riccomini

86 days ago

YAML: probably not so great after all

arp242.net

I previously wrote why using JSON for human-editable configuration files is a bad idea. Today we’re going to look at some general problems with the YAML format. YAML is insecure by default. Loading a user-provided (untrusted) YAML string needs careful consideration.