From 91330b41db522657e88c373128d0ef971ee45272 Mon Sep 17 00:00:00 2001
From: Reed Law <reed@lawlap.top>
Date: Thu, 9 Mar 2023 17:02:49 -0500
Subject: [PATCH] add option to disable erb parsing

---
 README.md                     |  6 ++++++
 lib/active_yaml/base.rb       | 12 ++++++++++--
 spec/active_yaml/base_spec.rb | 19 ++++++++++++++++---
 3 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index c9711872..7cba567d 100644
--- a/README.md
+++ b/README.md
@@ -459,6 +459,12 @@ Embedded ruby can be used in ActiveYaml using erb brackets `<% %>` and `<%= %>`
   password: <%= ENV['USER_PASSWORD'] %>
 ```
 
+This can be disabled in an initializer:
+```ruby
+# config/initializers/active_yaml.rb
+ActiveYaml::Base.process_erb = false
+```
+
 ## ActiveJSON
 
 If you want to store your data in JSON files, just inherit from ActiveJSON and specify your path information:
diff --git a/lib/active_yaml/base.rb b/lib/active_yaml/base.rb
index 16b3eb2b..98f997f2 100644
--- a/lib/active_yaml/base.rb
+++ b/lib/active_yaml/base.rb
@@ -4,6 +4,10 @@ module ActiveYaml
 
   class Base < ActiveFile::Base
     extend ActiveFile::HashAndArrayFiles
+
+    cattr_accessor :process_erb, instance_accessor: false
+    @@process_erb = true
+
     class << self
       def load_file
         if (data = raw_data).is_a?(Array)
@@ -20,11 +24,15 @@ def extension
       private
 if Psych::VERSION >= "4.0.0"
       def load_path(path)
-        YAML.unsafe_load(ERB.new(File.read(path)).result)
+        result = File.read(path)
+        result = ERB.new(result).result if process_erb
+        YAML.unsafe_load(result)
       end
 else
       def load_path(path)
-        YAML.load(ERB.new(File.read(path)).result)
+        result = File.read(path)
+        result = ERB.new(result).result if process_erb
+        YAML.load(result)
       end
 end
     end
diff --git a/spec/active_yaml/base_spec.rb b/spec/active_yaml/base_spec.rb
index 7d365935..281b6fd8 100644
--- a/spec/active_yaml/base_spec.rb
+++ b/spec/active_yaml/base_spec.rb
@@ -20,13 +20,26 @@ class Empty        < ActiveYaml::Base ; end # Empty YAML
     Object.send :remove_const, :ArrayRow
     Object.send :remove_const, :City
     Object.send :remove_const, :State
+    Object.send :remove_const, :User
     Object.send :remove_const, :Empty
   end
 
   describe ".load_path" do
-    it 'can execute embedded ruby' do
-       expect(User.first.email).to match(/^user[0-9]*@email.com$/)
-       expect(User.first.password).to eq('secret')
+    context 'default' do
+      it 'can execute embedded ruby' do
+        expect(User.first.email).to match /^user[0-9]*@email.com$/
+        expect(User.first.password).to eq 'secret'
+      end
+    end
+
+    context 'erb disabled' do
+      before { ActiveYaml::Base.process_erb = false }
+      after  { ActiveYaml::Base.process_erb = true }
+
+      it 'can execute embedded ruby' do
+        expect(User.first.email).to eq '<%= "user#{rand(100)}@email.com" %>'
+        expect(User.first.password).to eq "<%= ENV['USER_PASSWORD'] %>"
+      end
     end
 
     it 'can load empty yaml' do