Created: 2008-04-29 13:36
Updated: 2019-02-21 12:46



A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.

Build Status

Word of warning

This library is still highly experimental. Only use it at your own risk for anything beyond experiments and playing.

That said, please do play with it, read and run the unit tests and provide feedback to help make it waterproof and finally suitable for serious purposes.


safemode is available as gem, therefore you can use bundler or gem install to the tool. The above warning still applies.


For manual evaluation of Ruby code and ERB templates see demo.rb

You can use the ActionView template handlers by registering them, e.g., in a config/initializer file like this:

# in config/intializer/safemode_tempate_handlers.rb
ActionView::Template.register_template_handler :serb, ActionView::TemplateHandlers::SafeErb
ActionView::Template.register_template_handler :haml, ActionView::TemplateHandlers::SafeHaml

If you register the ERB template handler for the file extension :erb be aware that this most probably will break when your application tries to render an error message in development mode (because Rails will try to use the handler to render the error message itself).

You will then have to "whitelist" all method calls to the objects that are registered as template variables by explicitely allowing access to them. You can do that by defining a Safemode::Jail class for your classes, like so:

class User
  class Jail < Safemode::Jail
    allow :name

This will allow your template users to access the name method on your User objects.

Class methods can be whitelisted by calling allow_class_method :foo from within the Jail. Note that access to raw constants is not permitted, so the class is only accessible when returned by a method or passed into a template.

For more details about the concepts behind Safemode please refer to the following blog posts until a more comprehensive writeup is available:


Requires the gems:

  • RubyParser
  • Ruby2Ruby

As of writing RubyParser alters StringIO and thus breaks usage with Rails. See

A patch is included that fixes this issue and can be applied to RubyParser. See lib/ruby_parser_string_io_patch.diff


  • Sven Fuchs - Maintainer
  • Peter Cooper
  • Matthias Viehweger
  • Ohad Levy
  • Kingsley Hendrickse
  • Dmitri Dolguikh

This code and all of the Safemode library's code was initially written by Sven Fuchs to allow Haml to have a safe mode. It was then modified and re-structured by Peter Cooper and Sven Fuchs to extend the idea to generic Ruby eval situations.

Thanks to Ohad Levy for gemifying the project and Kingsley Hendrickse for securing the right gem name on

Cookies help us deliver our services. By using our services, you agree to our use of cookies Learn more