Using ERb with $SAFE=4


#1

I’m trying to use ERb to evaluate a template written by end users in
a Rails application I’m writing. Here’s my code:

require ‘erb’
template = “<%= ‘Testing 1 2 3…’ %>”.taint #because it will be user
input in the final app
e = ERB.new(template, 4)
m = e.run
puts m

Here’s what I get:
/usr/local/lib/ruby/1.8/erb.rb:739:in eval': Insecure: can't modify trusted binding (SecurityError) from /usr/local/lib/ruby/1.8/erb.rb:741:invalue’
from /usr/local/lib/ruby/1.8/erb.rb:741:in result' from /usr/local/lib/ruby/1.8/erb.rb:724:inrun’
from tester.rb:4

What am I doing wrong?
Thanks,
Andy Morrow