summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorzzak <zzak@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2013-02-05 01:14:52 +0000
committerzzak <zzak@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2013-02-05 01:14:52 +0000
commit47da37b0a0e57bbf3574f2dc8e27c435437b6e4e (patch)
treea9bcca16f0ab9ffbd802c09a5eb1a0e653a91861
parentacd3f3e7335db7a5ca6d1977f2ab6240afd4998b (diff)
* doc/security.rdoc: Grammatical error on security guide
Patch by Josh Bassett [Github fixes #245] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39053 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog5
-rw-r--r--doc/security.rdoc2
2 files changed, 6 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 3643193..84b2ac7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Tue Feb 5 10:15:00 2013 Zachary Scott <zachary@zacharyscott.net>
+
+ * doc/security.rdoc: Grammatical error on security guide
+ Patch by Josh Bassett [Github fixes #245]
+
Tue Feb 5 10:00:00 2013 Zachary Scott <zachary@zacharyscott.net>
* lib/racc/parser.rb: Update #do_parse and #yyparse from upstream
diff --git a/doc/security.rdoc b/doc/security.rdoc
index 32273c8..9f0ec5c 100644
--- a/doc/security.rdoc
+++ b/doc/security.rdoc
@@ -18,7 +18,7 @@ Ruby's +Marshal+ module provides methods for serializing and deserializing Ruby
Never use +Marshal.load+ to deserialize untrusted or user supplied data. Because +Marshal+ can deserialize to almost any Ruby object and has full control over instance variables, it is possible to craft a malicious payload that executes code shortly after deserialization.
-If you need to deserialize untrusted data, you should use JSON as it is only capable of returning 'primitive' types such as strings, arrays, hashes, numbers and nil. If you need to deserialize other classes, you should do handle this manually. Never deserialize to a user specified class.
+If you need to deserialize untrusted data, you should use JSON as it is only capable of returning 'primitive' types such as strings, arrays, hashes, numbers and nil. If you need to deserialize other classes, you should handle this manually. Never deserialize to a user specified class.
== +YAML+