mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-16 23:05:42 +00:00
6e4366049c
yaml.load() is unsafe and can lead to arbitrary code execution via syntax like `!!python/object/apply:os.system`. yaml.safe_load() is more reasonable. Differential Revision: https://phabricator.services.mozilla.com/D1738 --HG-- extra : rebase_source : 597c07b3c1538dc27ad6f46e01cdb7f48755d0bc extra : histedit_source : 131d570f8ac1ee047487cba54822dbf20abf6681 |
||
---|---|---|
.. | ||
devtools/migrate-l10n | ||
docs | ||
l10n/fluent_migrations | ||
mach | ||
mozboot | ||
mozbuild | ||
mozlint | ||
mozrelease | ||
mozterm | ||
mozversioncontrol | ||
mach_commands.py | ||
moz.build | ||
README |
This directory contains common Python code. The basic rule is that if Python code is cross-module (that's "module" in the Mozilla meaning - as in "module ownership") and is MPL-compatible, it should go here. What should not go here: * Vendored python modules (use third_party/python instead) * Python that is not MPL-compatible (see other-licenses/) * Python that has good reason to remain close to its "owning" (Mozilla) module (e.g. it is only being consumed from there). Historical information can be found at https://bugzilla.mozilla.org/show_bug.cgi?id=775243 https://bugzilla.mozilla.org/show_bug.cgi?id=1346025