Because it's just in general incredibly short sighted to think that your config ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		zmmmmm on June 20, 2018 \| parent \| context \| favorite \| on: YAML: probably not so great after all (2017) Because it's just in general incredibly short sighted to think that your config file is never going to be read by code written in another language. There's also an argument about whether making configuration files able to execute arbitrary code is a good idea. You get straight into the JavaScript 'eval' problems which we've spent a decade escaping.

dcbadacd on June 21, 2018 [–]

Arbitrary code execution in configuration files has caused a few vulnerabilities in Wordpress extensions already, so yes, it's a terrible idea.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact