Universal RCE with Ruby YAML.load

YAML is a superset of JSON; you can consume JSON with a YAML parser. It’s easier to generate JSON than it is to template any data serialization format. If you’re doing a lot of templating for automation purposes, being able to write in JSON instead of YAML can sometimes be a godsend.

As JSON is a widely supported format, YAML only stands to benefit from it. TOML doesn’t share that benefit.

Also, some of the more advanced features like anchors are incredibly useful for DRY-ing up config files. Also, little things like | vs > for multiline strings are handy too.

For me, YAML fills the same space as TOML so unfortunately I don’t have any love to spare.

Leave a Reply