From: takashikkbn@... Date: 2017-12-28T05:53:47+00:00 Subject: [ruby-dev:50404] [Ruby trunk Feature#14255][Closed] Deprecate $SAFE support in ERB Issue #14255 has been updated by k0kubun (Takashi Kokubun). Status changed from Open to Closed Changed from ruby-dev to ruby-core https://bugs.ruby-lang.org/issues/14256 ---------------------------------------- Feature #14255: Deprecate $SAFE support in ERB https://bugs.ruby-lang.org/issues/14255#change-69076 * Author: k0kubun (Takashi Kokubun) * Status: Closed * Priority: Normal * Assignee: k0kubun (Takashi Kokubun) * Target version: 2.6 ---------------------------------------- See https://bugs.ruby-lang.org/issues/14250. Proc-level $SAFE change does no longer make sense. This should be deprecated and then removed. But the problem is that the position of safe_level argument is in the middle of argument list of ERB#initialize. So to remove it safely, we should make them keyword arguments and deprecate the current non-keyword-argument interface. Having both interfaces would be backward-compatible because all of arguments don't take {}. ## before ``` ERB.new("<%= 'foo' %>", 1, '%', '_erbout') ``` ## after ``` ERB.new("<%= 'foo' %>", 1, '%', '_erbout') # print deprecation in 2.6, and removed in 2.7 ERB.new("<%= 'foo' %>", trim_mode: '%', eoutvar: '_erbout') # no safe_level support from first ``` -- https://bugs.ruby-lang.org/