can I use ERB templates securely

Hello,

I'm building a system that will allow users to modify layouts. Is there
a way to securely use ERB, or will I need to use a different template
engine such as Liquid?

I would prefer to use ERB, but haven't found a way to allow people to
modify the templates without having access to running malicious code.

Any input would be helpful.

Thanks!

Since ERB allows you to call any ruby code, including calls to the
database,
or even system calls, I think that wouldn't be a great idea for user
templates.

You will need to use a different templating language such as Liquid.

Ryan Bigg wrote:

You will need to use a different templating language such as Liquid.

--
Appreciated my help?
Recommend me on Working With Rails
http://workingwithrails.com/person/11030-ryan-bigg

Yep. This was the need liquid was made for. Every shopify store uses
liquid, and most of them look fantastic.