Tested on python what? I was curious to see what error that produced, figuring it would be some whitespace due to the difference between the list items, but using the yamlized python that I had lying around, it did the sane thing:
PATH=$HOMEBREW_PREFIX/opt/ansible/libexec/bin:$PATH
pip list | grep -i yaml
python -V
python <<'DOIT'
from io import StringIO
import yaml
print(yaml.safe_load(StringIO(
'''
{
"list": [
{},
{}
]
}
''')))
DOIT
$ sed 's/\t/--->/g' break-yaml.json
--->{
--->--->"list": [
--->--->--->{},
--->--->--->{}
--->--->]
--->}
$ jq -c . break-yaml.json
{"list":[{},{}]}
$ yaml-to-json.py break-yaml.json
ERROR: break-yaml.json could not be parsed
while scanning for the next token
found character '\t' that cannot start any token
in "break-yaml.json", line 1, column 1
$ sed 's/\t/ /g' break-yaml.json | yaml-to-json.py
{"list": [{}, {}]}
It would be great if instead of the histrionic message on CPAN (which amusingly accuses others of "mass hysteria"), the author would just say "YAML documents can't start with a tab while JSON documents can, making JSON not a strict subset of YAML".
The YAML spec should be updated to reflect this, but I wonder if a simple practical workaround in YAML parsers (like replacing each tab at the beginning of the document with two spaces before feeding it to the tokenizer) would be sufficient in the short term.
> "YAML documents can't start with a tab while JSON documents can, making JSON not a strict subset of YAML"
But YAML can start with tabs. Tabs are allowed as separating whitespace in most of the spec productions but are not allowed as indentation. Even though those tabs look like indentation, the spec productions don't interpret them as such.
Note: the YAML spec maintainers (I am one) have identified many issues with YAML which we are actively working on, but (somewhat surprisingly) we have yet to find a case where valid JSON is invalid YAML 1.2.
Thanks for the clarification. Let's fix it in PyYAML then :)
Speaking of PyYAML, I recently ran into an issue where I had to heavily patch PyYAML to prevent its parse result from being susceptible to entity expansion attacks. It would be nice to at least have a PyYAML mode to completely ignore anchors and aliases (as well as tags) using simple keyword arguments. Protection against entity expansion abuse would be nice too.