Comments (4)
wenheqi
commented on September 22, 2024
1
I just checked the homepage of js-yaml. Here is what I got:
js-yaml 3.x.x
Both safeLoad and load will parse string as single YAML document. Under the load function, the author of js-yaml says
Use with care with untrusted sources. The same as safeLoad() but uses DEFAULT_FULL_SCHEMA by default - adds some JavaScript-specific types: !!js/function, !!js/regexp and !!js/undefined. For untrusted sources, you must additionally validate object structure to avoid injections
js-yaml 4.x.x
safeLoad is removeda as load is safe by default.
Speaking of trusted sources, if my understanding is correct, minos uses yaml.safeLoad only to parse the _config.lang.yml under minos folder and those .yml files are supplied by the blog developer (minos provided an example _config.yml file to make it easier to start).
I can also help to test some basics like generating static files and serve the files on a server on Hexo 5.3.x and some early versions like 3.6.0 to see if it works with yaml.load and let you know the results on my side. Btw, do we currently have any automated test scripts available? I checked the package.json file in minos root folder but no luck.
from hexo-theme-minos.
ppoffice
commented on September 22, 2024
Sounds good to me. Look forward to your PR.
from hexo-theme-minos.
wenheqi
commented on September 22, 2024
from hexo-theme-minos.
ppoffice
commented on September 22, 2024
by the way, does this change have any impact on hexo 5.3.x and before?
from hexo-theme-minos.
Related Issues (20)
- Change the font? HOT 2
- '<' and '>' in code blocks will occur an error
- Using Netlify to deploy, Insight Search Chinese garbled. HOT 3
- How to change default renderer HOT 2
- 设置toc为true后,文章导航栏中文显示乱码 HOT 8
- a problem with the table presentation in markdown document HOT 2
- I Can't use Tag Plugin HOT 5
- show info. on every page with google-analytics data HOT 8
- [Feature Request] Make a table sortable HOT 1
- 本地启动后样式失效了 HOT 5
- Comment GitTalk Support
- gallery relate HOT 1
- [Configuration] Multi Language Suppport HOT 8
- [Feature Request] Add visit number
- render errors HOT 1
- [feature request] dark mode
- 搜索按钮出现在导航栏,但搜索页面出现在底部 HOT 10
- Is there full source code regarding to the theme example? 有没有主题文档那个例子的源码? HOT 4
- gallery插件问题 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hexo-theme-minos.