Skip to content

Commit

Permalink
Merge pull request #149 from tagliala/security/use-file-read
Browse files Browse the repository at this point in the history 
Use File.read instead of IO.read
  • Loading branch information
@grosser
grosser committed Apr 7, 2024
2 parents 098b79b + d96c4df commit 816c2e0
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Expand Up @@ -2,6 +2,8 @@

### Unreleased

* Improve security by using `File.read` instead of `IO.read` [#148](https://github.com/premailer/css_parser/pull/148)

### Version v1.17.0

* Added `user_agent` as an option to Parser [#146](https://github.com/premailer/css_parser/pull/146)
Expand Down
2 changes: 1 addition & 1 deletion lib/css_parser/parser.rb
View file
Expand Up @@ -486,7 +486,7 @@ def load_file!(file_name, options = {}, deprecated = nil)
return unless File.readable?(file_name)
return unless circular_reference_check(file_name)

src = IO.read(file_name)
src = File.read(file_name)

opts[:filename] = file_name if opts[:capture_offsets]
opts[:base_dir] = File.dirname(file_name)
Expand Down

0 comments on commit 816c2e0

Please sign in to comment.