$safe erb


#1

Hi all,

I’ve got some ERB templates in the database which I want to run in a
$SAFE=2 binding. I’ve got it working in the tests, but as soon as I try
to view it through the full stack, I get an “Insecure operation -
class_eval” exception from
/usr/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/active_record/base.rb:1550:in
`class_eval’

Two things: first, why does it work when the templates are coming in
from fixtures but not from the database, and second, how might I fix
this? I’d rather not drop the $SAFE level if I can avoid it.

Anyone got any smart ideas?