Is there an equivalent to yaml.safe_load in Ruby?

Question

A rather high-profile security vulnerability in Rails recently illuminated the potential dangers of parsing user-supplied YAML in a Ruby application.

A quick Google search reveals that Python's YAML library includes a safe_load method which will only deserialize "simple Python objects like integers or lists" and not objects of any arbitrary type.

Does Ruby have an equivalent? Is there any way to safely accept YAML input in a Ruby application without hand-writing a custom parser?

Answer 1

Following Jim's advice I went ahead and wrote safe_yaml, a gem which adds the YAML.safe_load method and uses Psych internally to do the heavy lifting.