[ruby/psych] Add a note about safe_load

https://github.com/ruby/psych/commit/0910ae5575
author: Aaron Patterson <aaron.patterson@gmail.com> 2019-10-17 13:48:24 -0700
committer: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2019-11-12 10:43:54 +0900
commit: db33ab470cb4765f1b54384b51850e0db80f5aad (patch)
tree: 20ae6b058dafd917a58cae86a6d7c1619276c961 /ext/psych
parent: 30fdee65d96924e0793ec702fcda909a2cac71ea (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/ext/psych/lib/psych.rb b/ext/psych/lib/psych.rb
index 9513f794b8..c719b036d0 100644
--- a/ext/psych/lib/psych.rb
+++ b/ext/psych/lib/psych.rb
@@ -264,6 +264,10 @@ module Psych
   #
   # Raises a TypeError when `yaml` parameter is NilClass
   #
+  # NOTE: This method *should not* be used to parse untrusted documents, such as
+  # YAML documents that are supplied via user input.  Instead, please use the
+  # safe_load method.
+  #
   def self.load yaml, legacy_filename = NOT_GIVEN, filename: nil, fallback: false, symbolize_names: false
     if legacy_filename != NOT_GIVEN
       warn_with_uplevel 'Passing filename with the 2nd argument of Psych.load is deprecated. Use keyword argument like Psych.load(yaml, filename: ...) instead.', uplevel: 1 if $VERBOSE
author	Aaron Patterson <aaron.patterson@gmail.com>	2019-10-17 13:48:24 -0700
committer	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2019-11-12 10:43:54 +0900
commit	db33ab470cb4765f1b54384b51850e0db80f5aad (patch)
tree	20ae6b058dafd917a58cae86a6d7c1619276c961 /ext/psych
parent	30fdee65d96924e0793ec702fcda909a2cac71ea (diff)