I'm building a system that will allow users to modify layouts. Is there
a way to securely use ERB, or will I need to use a different template
engine such as Liquid?
I would prefer to use ERB, but haven't found a way to allow people to
modify the templates without having access to running malicious code.
Since ERB allows you to call any ruby code, including calls to the
database,
or even system calls, I think that wouldn't be a great idea for user
templates.