Skip to content

What YAML features does StrictYAML remove?

StrictYAML restricts you from parsing a number of things which the YAML specification says should be parsed. An issue has been raised by David Seaward about this critique on the official YAML repository.

This document lists those of those features:

Implicit Typing (Why?)

x: yes
y: null

Example pyyaml/ruamel/poyo:

load(yaml) == {"x": True, "y": None}

Example StrictYAML without schema:

load(yaml) == {"x": "yes", "y": "null"}

Example StrictYAML with schema:

load(yaml, Map({"x": Bool(), "y": Str()})) == {"x": True, "y": "null"}

Direct representations of objects (Why?)

--- !python/hash:UnsafeUserObject
email: evilhacker@hacker.com
password: passwordtoset
type: admin

Example pyyaml/ruamel:

load(yaml) == {'evil': b'z\xf8\xa5u\xabZ'}

Example StrictYAML

raises TagTokenDisallowed

Duplicate Keys Disallowed (Why?)

x: 1
x: 2

Example pyyaml/poyo:

load(yaml) == {'x': 2}

Example StrictYAML

raises DuplicateKeysDisallowed

Explicit tags (Why?)

x: !!int 5

Example pyyaml/ruamel/poyo:

load(yaml) == load(yaml) == {"x": 5}

Example StrictYAML

raises TagTokenDisallowed

Node anchors and refs (Why?)

x: &id001
  a: 1
y: *id001

Example pyyaml/ruamel/poyo:

load(yaml) == {'x': {'a': 1}, 'y': {'a': 1}}

Example StrictYAML

raises NodeAnchorDisallowed

To parse the above YAML literally in StrictYAML do:

x: '&id001'
  a: 1
y: '*id001'

Flow style (Why?)

x: 1
b: {c: 3, d: 4}

Example pyyaml/ruamel/poyo:

load(yaml) == {'x': 1, 'b': {'c': 3, 'd': 4}}

Example StrictYAML

raises FlowStyleDisallowed