diff --git a/jekyll.gemspec b/jekyll.gemspec index b5918bfb..17fb421b 100644 --- a/jekyll.gemspec +++ b/jekyll.gemspec @@ -30,7 +30,7 @@ Gem::Specification.new do |s| s.add_runtime_dependency('kramdown', "~> 0.14") s.add_runtime_dependency('pygments.rb', "~> 0.3.2") s.add_runtime_dependency('commander', "~> 4.1.3") - s.add_runtime_dependency('safe_yaml', "~> 0.4") + s.add_runtime_dependency('safe_yaml', "~> 0.7") s.add_development_dependency('rake', "~> 10.0.3") s.add_development_dependency('rdoc', "~> 3.11") diff --git a/lib/jekyll.rb b/lib/jekyll.rb index 2c1ab0e6..f58f3beb 100644 --- a/lib/jekyll.rb +++ b/lib/jekyll.rb @@ -48,6 +48,8 @@ require_all 'jekyll/converters' require_all 'jekyll/generators' require_all 'jekyll/tags' +SafeYAML::OPTIONS[:suppress_warnings] = true + module Jekyll VERSION = '0.12.0' @@ -130,7 +132,7 @@ module Jekyll # Get configuration from /_config.yml config_file = File.join(source, '_config.yml') begin - config = YAML.load_file(config_file) + config = YAML.safe_load_file(config_file) raise "Invalid configuration - #{config_file}" if !config.is_a?(Hash) $stdout.puts "Configuration from #{config_file}" rescue => err diff --git a/lib/jekyll/convertible.rb b/lib/jekyll/convertible.rb index e71fe1bf..952fd670 100644 --- a/lib/jekyll/convertible.rb +++ b/lib/jekyll/convertible.rb @@ -30,7 +30,7 @@ module Jekyll if self.content =~ /\A(---\s*\n.*?\n?)^(---\s*$\n?)/m self.content = $POSTMATCH - self.data = YAML.load($1) + self.data = YAML.safe_load($1) end rescue => e puts "Error reading file #{File.join(base, name)}: #{e.message}" diff --git a/test/test_configuration.rb b/test/test_configuration.rb index 76e8a812..49415de8 100644 --- a/test/test_configuration.rb +++ b/test/test_configuration.rb @@ -7,20 +7,20 @@ class TestConfiguration < Test::Unit::TestCase end should "fire warning with no _config.yml" do - mock(YAML).load_file(@path) { raise "No such file or directory - #{@path}" } + mock(YAML).safe_load_file(@path) { raise "No such file or directory - #{@path}" } mock($stderr).puts("WARNING: Could not read configuration. Using defaults (and options).") mock($stderr).puts("\tNo such file or directory - #{@path}") assert_equal Jekyll::DEFAULTS, Jekyll.configuration({}) end should "load configuration as hash" do - mock(YAML).load_file(@path) { Hash.new } + mock(YAML).safe_load_file(@path) { Hash.new } mock($stdout).puts("Configuration from #{@path}") assert_equal Jekyll::DEFAULTS, Jekyll.configuration({}) end should "fire warning with bad config" do - mock(YAML).load_file(@path) { Array.new } + mock(YAML).safe_load_file(@path) { Array.new } mock($stderr).puts("WARNING: Could not read configuration. Using defaults (and options).") mock($stderr).puts("\tInvalid configuration - #{@path}") assert_equal Jekyll::DEFAULTS, Jekyll.configuration({})