Andy Morrow
4/2/2007 10:48:00 PM
I'm trying to use ERb to evaluate a template written by end users in
a Rails application I'm writing. Here's my code:
require 'erb'
template = "<%= 'Testing 1 2 3...' %>".taint #because it will be user
input in the final app
e = ERB.new(template, 4)
m = e.run
puts m
Here's what I get:
/usr/local/lib/ruby/1.8/erb.rb:739:in `eval': Insecure: can't modify
trusted binding (SecurityError)
from /usr/local/lib/ruby/1.8/erb.rb:741:in `value'
from /usr/local/lib/ruby/1.8/erb.rb:741:in `result'
from /usr/local/lib/ruby/1.8/erb.rb:724:in `run'
from tester.rb:4
What am I doing wrong?
Thanks,
Andy Morrow