diff options
| author | Jean Boussier <[email protected]> | 2024-10-24 16:51:25 +0200 |
|---|---|---|
| committer | Hiroshi SHIBATA <[email protected]> | 2024-11-01 13:04:24 +0900 |
| commit | f2b8829df0092409c944aafeac03f72ab2a6e7ac (patch) | |
| tree | 69914ee130dcb936246fcf7d48fe1711d954561c /ext/json/parser/parser.h | |
| parent | cc2e67a138d258290f727f5797bdc14fbc5a6e52 (diff) | |
Deprecate unsafe default options of `JSON.load`
[Feature #19528]
Ref: https://bugs.ruby-lang.org/issues/19528
`load` is understood as the default method for serializer kind of libraries, and
the default options of `JSON.load` has caused many security vulnerabilities over the
years.
The plan is to do like YAML/Psych, deprecate these default options and direct
users toward using `JSON.unsafe_load` so at least it's obvious it should be
used against untrusted data.
Diffstat (limited to 'ext/json/parser/parser.h')
| -rw-r--r-- | ext/json/parser/parser.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ext/json/parser/parser.h b/ext/json/parser/parser.h index 2a5b13856a..6bf21aab52 100644 --- a/ext/json/parser/parser.h +++ b/ext/json/parser/parser.h @@ -26,6 +26,7 @@ typedef struct JSON_ParserStruct { char symbolize_names; char freeze; char create_additions; + char deprecated_create_additions; } JSON_Parser; #define GET_PARSER \ |