Project

General

Profile

Feature #14256

Deprecate $SAFE support in ERB and let ERB.new take keyword arguments for it

Added by k0kubun (Takashi Kokubun) 22 days ago. Updated 22 days ago.

Status:
Open
Priority:
Normal
Target version:
[ruby-core:84546]

Description

See https://bugs.ruby-lang.org/issues/14250.

Proc-level $SAFE change does no longer make sense. This should be deprecated and then removed. But the problem is that the position of safe_level argument is in the middle of argument list of ERB#initialize.

So to remove it safely, we should make them keyword arguments and deprecate the current non-keyword-argument interface. Having both interfaces would be backward-compatible because all of arguments don't take {}.

before

ERB.new("<%= 'foo' %>", 1, '%', '_erbout')

after

ERB.new("<%= 'foo' %>", 1, '%', '_erbout') # print deprecation in 2.6 if argc >= 2, and removed in later version
ERB.new("<%= 'foo' %>", trim_mode: '%', eoutvar: '_erbout') # no safe_level support from first

Related issues

Related to Ruby trunk - Feature #14250: Make `$SAFE` process global state and allow to set 0 againClosed

History

#1 Updated by k0kubun (Takashi Kokubun) 22 days ago

  • Subject changed from Deprecate $SAFE support in ERB to Deprecate $SAFE support in ERB and let ERB.new take keyword arguments for it

#2 Updated by k0kubun (Takashi Kokubun) 22 days ago

  • Related to Feature #14250: Make `$SAFE` process global state and allow to set 0 again added

Also available in: Atom PDF