Dl taint fixes in Ruby 1.8.7-p72 broke Ruby/Tidy

Greetings,

Since Ruby 1.8.7-p72, I get the following error when using Ruby/Tidy:

SecurityError: Insecure operation - call

Backtrace:
(eval):5:in call' (eval):5:in tidySetErrorBuffer’
/usr/lib/ruby/1.8/tidy/tidylib.rb:102:in set_error_buffer' /usr/lib/ruby/1.8/tidy/tidyobj.rb:31:in initialize’
/usr/lib/ruby/1.8/tidy.rb:36:in new' /usr/lib/ruby/1.8/tidy.rb:36:in new’
/usr/lib/ruby/1.8/tidy.rb:56:in open' /usr/lib/ruby/1.8/samizdat/sanitize.rb:106:in tidy’

The code that calls tidy is as follows:

def tidy(html)
xml = Tidy.open(:output_xhtml => true, :literal_attributes => true,
:tidy_mark => false, :wrap => 0, :char_encoding => ‘utf8’
) {|tidy| tidy.clean(html.to_s.untaint) }

xml.taint

end

Is it Ruby/Tidy that is doing something wrong, or is the security fix
in Ruby 1.8.7-p72 (SVN r17872 [0] would be prime suspect) getting
over-zealous?

[0] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17872

Here are the relevant (or so I think) bits of Ruby/Tidy code:

class Tidyobj

. . .

def initialize(options=nil)
@diagnostics = Array.new
@doc = Tidylib.create
@errors = Array.new
@errbuf = Tidybuf.new
@outbuf = Tidybuf.new
@options = Tidyopt.new(@doc)
rc = Tidylib.set_error_buffer(@doc, @errbuf.struct)
verify_severe(rc)
unless options.nil?
options.each { |name, value| Tidylib.opt_parse_value(@doc, name,
value) }
end
end

. . .

end

class Tidybuf
extend DL::Importable

attr_reader(:struct)

TidyBuffer = struct [
“TidyAllocator* allocator”,
“byte* bp”,
“uint size”,
“uint allocated”,
“uint next”
]

def initialize
@struct = TidyBuffer.malloc
end

. . .

end