I've been working with ERB and trying to run it in a secure  
environment. (My goal is to allow end users to render templates in my  
Rails app.) There is what appears to me to be a bug in ERB when you  
try to run an object that was created with $SAFE >= 4. Here's the  
relevant code:
(from erb.rb in class ERB starting on line #735)
   def result(b=TOPLEVEL_BINDING)
     if @safe_level
       th = Thread.start {
	$SAFE = @safe_level
	eval(@src, b, (@filename || '(erb)'), 1) #problem
       }
       return th.value
     else
       return eval(@src, b, (@filename || '(erb)'), 1)
     end
   end
The problem lies in passing TOPLEVEL_BINDING to eval. Once $SAFE>=4  
is set, a new binding is created and you're no longer allowed to  
modify the original binding. There's no option to pass eval the  
binding created after $SAFE is set inside the new thread. My modified  
version of the code reads like this:
(from erb.rb in class ERB, line # 739)
	eval(@src, (@safe_level==4? binding : b), (@filename || '(erb)'), 1)  
#no problem any more
I've tested this a million times, and you can't pass ERB a valid  
binding unless you set $SAFE>=4 in your main app (and I can't do  
that.) Am I just crazy? Did I miss something?
Thanks,
Andy Morrow