Name
Level 1
Synopsis
In this level, potentially dangerous operations using tainted data are forbidden. This is a suitable level for programs that handle untrusted input, such as CGI.
Environment variables
RUBYLIB
andRUBYOPT
are ignored at startup.Current directory (.) isn’t included in
$LOAD_PATH
.The command-line options
-e
,-i
,-I
,-r
,-s
,-S
, and-X
are prohibited.Process termination if the environment variable
PATH
is tainted.Invoking methods and class methods of
Dir
,IO
,File
, andFileTest
for tainted arguments is prohibited.Invoking
test
,eval
,require
,load
, andtrap
methods for tainted argument is prohibited.
Get Ruby in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.