Project

General

Profile

Actions

Bug #14096

closed

Psych allows invalid single quote escape character

Added by headius (Charles Nutter) over 6 years ago. Updated about 3 years ago.

Status:
Closed
Target version:
-
ruby -v:
2.4.1
[ruby-core:83716]
Tags:

Description

In https://github.com/jruby/jruby/issues/4847 (and previously in https://github.com/jruby/jruby/issues/2199) we have had users report that escaped single quotes within a YAML string do not parse in JRuby, although they parse in MRI.

According to the YAML specs (both 1.1 and 1.2), \\' is not a valid escape character. The YAML library we use, SnakeYAML, has pushed back on adding it since it is not part of the spec.

Why does MRI parse this invalid YAML?

---
  !!seq [
    !!str "https://www.youtube.com/watch?v=DzpKasJJtRs",
    !!str "2Pac - Dont Care What Ya\'ll Think Remix Music Video 2017",
  ]

Updated by headius (Charles Nutter) over 6 years ago

Pull request https://github.com/yaml/libyaml/pull/74 has been created for libyaml, which means this is likely to percolate up to MRI over the coming years.

It might be good to get ahead of it and patch Psych to forbid the single quote escape, but I'm not sure how easy that would be to do.

We are closing related bugs in JRuby as "Won't Fix" given that this character is not spec and will soon be forbidden by libyaml.

Updated by hsbt (Hiroshi SHIBATA) over 5 years ago

  • Status changed from Open to Assigned
  • Assignee set to hsbt (Hiroshi SHIBATA)

Updated by jeremyevans0 (Jeremy Evans) about 3 years ago

  • Status changed from Assigned to Closed

This has been fixed in libyaml 0.2.1 (released June 2018), and the YAML given by @headius (Charles Nutter) will raise Psych::SyntaxError on Ruby versions 1.9-3.0 when used with libyaml 0.2.1+.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0