[charliesome]

This doesn't stop instantiating with !ruby/object

[mattbee]

How doesn't it?

  irb(main):001:0> YAML::parse("!ruby/object:File 123").transform
  => #<File:0x7f2427848e68>
  irb(main):002:0>  module YAML; @@tagged_classes.delete('tag:ruby.yaml.org,2002:object'); end
  => Object
  irb(main):003:0> YAML::parse("!ruby/object:File 123").transform
  => #<YAML::DomainType:0x7f242783a840 @domain="ruby.yaml.org,2002", @type_id="object:File", @value="123">

That's neutered what it'll do without causing the parser to blow up.