TIL https://en.wikipedia.org/wiki/Billion_laughs_attack
Looks like Nokogiri is too simplistic (by default) to be affected, but the Psych parser in Ruby isn’t so lucky (if you expand to ruby objects, of course… it parses to a Psych object just fine.)
TIL https://en.wikipedia.org/wiki/Billion_laughs_attack
Looks like Nokogiri is too simplistic (by default) to be affected, but the Psych parser in Ruby isn’t so lucky (if you expand to ruby objects, of course… it parses to a Psych object just fine.)