Issue #14256 has been reported by k0kubun (Takashi Kokubun).

----------------------------------------
Feature #14256: Deprecate $SAFE support in ERB
https://bugs.ruby-lang.org/issues/14256

* Author: k0kubun (Takashi Kokubun)
* Status: Open
* Priority: Normal
* Assignee: k0kubun (Takashi Kokubun)
* Target version: 2.6
----------------------------------------
See https://bugs.ruby-lang.org/issues/14250.

Proc-level $SAFE change does no longer make sense. This should be deprecated and then removed. But the problem is that the position of safe_level argument is in the middle of argument list of ERB#initialize.
 
So to remove it safely, we should make them keyword arguments and deprecate the current non-keyword-argument interface. Having both interfaces would be backward-compatible because all of arguments don't take {}.
 
## before
```
ERB.new("<%= 'foo' %>", 1, '%', '_erbout')
```
 
## after
```
ERB.new("<%= 'foo' %>", 1, '%', '_erbout') # print deprecation in 2.6 if argc >= 2, and removed in later version
ERB.new("<%= 'foo' %>", trim_mode: '%', eoutvar: '_erbout') # no safe_level support from first
```



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>