I'm just testing eruby (0.9.6, Ruby 1.6.4) with mod_ruby (0.9.3).
A index.rhtml requires the cgi library (2.1.4).

$SAFE is set to 1 as a default from eruby.


But when I check the parameters with the method "tainted?" they
are all untainted.

I don't know how this could happen. ENV['QUERY_STRING'] is
tainted.