search

waiting-for-dev / front_matter_parser

Ruby library to parse files or strings with a front matter. It has automatic syntax detection.
MIT License
105 stars 12 forks source link

Allow whitelisting classes for `Loader::Yaml#call`. #6

Closed mrrusof closed 6 years ago

mrrusof commented 6 years ago

Parsing the following file example.md raises a Psych::DisallowedClass exception.

---
timestamp: 2017-10-17 00:00:00Z
---
# Title
This is a sentence.

The reason is that the default loader uses YAML.safe_load w/o passing a whitelist of classes for values. When YAML.safe_load tries to load the timestamp, it tries to create an instance of Time but Time is not whitelisted and thus it raises an exception.

This PR fixes the problem by allowing the user to create a loader with a given class whitelist.

loader = FrontMatterParser::Loader::Yaml.new(whitelist_classes: [Time])
parsed = FrontMatterParser::Parser.parse_file('example.md', loader: loader)
puts parsed['timestamp']
waiting-for-dev commented 6 years ago

Thanks, that's a good enhancement. Also, thanks for reviewing all those cops. I haven't had the need to push for some time and the configuration is so that it takes new versions of the analyzers to keep the project sync with newest accepted good practices.

Merged and released in version 0.2.0.

mrrusof commented 6 years ago

Thanks for the quick review.