Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't use PyYAML's .load() for reading YAML, use .safe_load() to avoid security problems.

Browse Source
This commit is contained in:
Ned Batchelder
2013-02-01 10:50:01 -05:00
parent 14ca42a5dc
commit 6b6d8a94d0
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
common/lib/xmodule/xmodule/x_module.py
View File

@@ -406,7 +406,7 @@ class ResourceTemplates(object):
log.warning("Skipping unknown template file %s" % template_file)
continue
template_content = resource_string(__name__, os.path.join(dirname, template_file))
template = yaml.load(template_content)
template = yaml.safe_load(template_content)
templates.append(Template(**template))
return templates