Forum: Ruby on Rails $SAFE ERB

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ad7805c9fcc1f13efc6ed11251a6c4d2?d=identicon&s=25 Alex Young (Guest)
on 2006-04-06 21:16
(Received via mailing list)
Hi all,

I've got some ERB templates in the database which I want to run in a
$SAFE=2 binding.  I've got it working in the tests, but as soon as I try
to view it through the full stack, I get an "Insecure operation -
class_eval" exception from
/usr/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/active_record/base.rb:1550:in
`class_eval'

Two things:  first, why does it work when the templates are coming in
from fixtures but not from the database, and second, how might I fix
this?  I'd rather not drop the $SAFE level if I can avoid it.

Anyone got any smart ideas?
This topic is locked and can not be replied to.