Test YamlCodec to ensure no CVE issue

[oxsean]

Currently using loadAs to parse http message, need to add unit test ensure no CVE issue.
as with JSON, not to enable any object deserialization.