Using ERb with $SAFE=4


I’m trying to use ERb to evaluate a template written by end users in
a Rails application I’m writing. Here’s my code:

require ‘erb’
template = “<%= ‘Testing 1 2 3…’ %>”.taint #because it will be user
input in the final app
e =, 4)
m =
puts m

Here’s what I get:
/usr/local/lib/ruby/1.8/erb.rb:739:in eval': Insecure: can't modify trusted binding (SecurityError) from /usr/local/lib/ruby/1.8/erb.rb:741:invalue’
from /usr/local/lib/ruby/1.8/erb.rb:741:in result' from /usr/local/lib/ruby/1.8/erb.rb:724:inrun’
from tester.rb:4

What am I doing wrong?
Andy Morrow