Nothing too major about how it’s usually used, but the yaml spec does allow arbitrary code execution when parsing a file and relies on the parser to have that feature disabled: https://en.m.wikipedia.org/wiki/YAML#Security
That’s why for python, yaml.save_load() is a thing. That’s fine for your local config files and may even be a feature for you, but it shouldn’t be used to exchange information between services.
My general view is similar, yaml is better if it should be written by humans, json is better if it should be written and read only by a machine. but hyprspace uses json for configuration, so I don’t really understand cellardoor’s comment
what: is: your: - problem - with: YAML # At least you can have comments unlike in json. Who need comments in a config file anyway.
Nothing too major about how it’s usually used, but the yaml spec does allow arbitrary code execution when parsing a file and relies on the parser to have that feature disabled: https://en.m.wikipedia.org/wiki/YAML#Security
That’s why for python,
yaml.save_load()
is a thing. That’s fine for your local config files and may even be a feature for you, but it shouldn’t be used to exchange information between services.My general view is similar, yaml is better if it should be written by humans, json is better if it should be written and read only by a machine. but hyprspace uses json for configuration, so I don’t really understand cellardoor’s comment
Yeah I agree. Although recently I’ve become partial to toml… In the end I’ll use what’s common in the ecosystem I’m developing in
Xml has entered the chat
nit: you mean
yaml.safe_load()
.Oh yeah, of course.
Toml is superior to all.
Hey did you know that any JSON file is also a valid YAML file? I bet you’ll love YAML a lot more now that you have this information