1 diff --git a/markdown/__main__.py b/markdown/__main__.py
2 index 38d08fe0..43e486c9 100644
3 --- a/markdown/__main__.py
4 +++ b/markdown/__main__.py
10 + # We use `unsafe_load` because users may need to pass in actual Python
11 + # objects. As this is only available from the CLI, the user has much
12 + # worse problems if an attacker can use this as an attach vector.
13 + from yaml import unsafe_load as yaml_load
14 except ImportError: # pragma: no cover
17 + # Fall back to PyYAML <5.1
18 + from yaml import load as yaml_load
21 + from json import load as yaml_load
24 from logging import DEBUG, WARNING, CRITICAL
25 @@ -97,7 +105,7 @@ def parse_options(args=None, values=None):
26 options.configfile, mode="r", encoding=options.encoding
29 - extension_configs = yaml.load(fp)
30 + extension_configs = yaml_load(fp)
31 except Exception as e:
32 message = "Failed parsing extension config file: %s" % \
34 --- a/tests/__init__.py.orig 2018-01-05 01:41:13.000000000 +0100
35 +++ b/tests/__init__.py 2019-03-22 22:41:00.850729644 +0100
41 -except ImportError as e:
43 - msg = msg + ". A YAML library is required to run the Python-Markdown " \
44 - "tests. Run `pip install pyyaml` to install the latest version."
45 - e.args = (msg,) + e.args[1:]
47 + from yaml import unsafe_load as yaml_load
48 +except ImportError: # PyYAML < 5.1
50 + from yaml import load as yaml_load
51 + except ImportError as e:
53 + msg = msg + ". A YAML library is required to run the Python-Markdown " \
54 + "tests. Run `pip install pyyaml` to install the latest version."
55 + e.args = (msg,) + e.args[1:]
58 test_dir = os.path.abspath(os.path.dirname(__file__))
62 if os.path.exists(filename):
63 with codecs.open(filename, encoding="utf-8") as f:
64 - self._config = yaml.load(f)
65 + self._config = yaml_load(f)
67 def get(self, section, option):
68 """ Get config value for given section and option key. """