From: merch-redmine@...
Date: 2021-03-10T19:25:42+00:00
Subject: [ruby-core:102812] [Ruby master Bug#14096] Psych allows invalid single quote escape character

Issue #14096 has been updated by jeremyevans0 (Jeremy Evans).

Status changed from Assigned to Closed

This has been fixed in libyaml 0.2.1 (released June 2018), and the YAML given by @headius will raise `Psych::SyntaxError` on Ruby versions 1.9-3.0 when used with libyaml 0.2.1+.

----------------------------------------
Bug #14096: Psych allows invalid single quote escape character
https://bugs.ruby-lang.org/issues/14096#change-90864

* Author: headius (Charles Nutter)
* Status: Closed
* Priority: Normal
* Assignee: hsbt (Hiroshi SHIBATA)
* ruby -v: 2.4.1
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN
----------------------------------------
In https://github.com/jruby/jruby/issues/4847 (and previously in https://github.com/jruby/jruby/issues/2199) we have had users report that escaped single quotes within a YAML string do not parse in JRuby, although they parse in MRI.

According to the YAML specs (both 1.1 and 1.2), `\\'` is *not* a valid escape character. The YAML library we use, SnakeYAML, has pushed back on adding it since it is not part of the spec.

Why does MRI parse this invalid YAML?

```yaml
---
  !!seq [
    !!str "https://www.youtube.com/watch?v=DzpKasJJtRs",
    !!str "2Pac - Dont Care What Ya\'ll Think Remix Music Video 2017",
  ]
```



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>