You can get YAML.load to instantiate any Ruby object by embedding the desired class name into the YAML code. E.g. the following will create a new User object and set @email and @password to the given values:
--- !ruby/object:User
email: me@somewhere.com
password: secret
Considering the security implications, you should never trust YAML from untrusted sources. If you are looking for a simple, secure and readable data transfer format, use Object#to_json and JSON.parse.
Another way around YAML.load is
YAML.safe_load
Show archive.org snapshot
if you're on Ruby >= 1.9.2.
Posted by Henning Koch to makandra dev (2010-12-02 20:13)