With:
ReActionView.configure do |config|
config.intercept_erb = true
config.debug_mode = false
endWhen eager loading a Rails app running Lookbook (latest version) and running RSpec (CI=true bin/rspec), I get this error:
Herb::Engine::SecurityError:
./vendor/bundle/ruby/3.4.0/gems/lookbook-2.3.2/app/components/lookbook/viewport/component.html.erb:28:22 - ERB output in attribute names is not allowed for security reasons. - Suggestion: Use static attribute names with dynamic values instead.
# ./vendor/bundle/ruby/3.4.0/gems/herb-0.9.5-arm64-darwin/lib/herb/engine.rb:396:in 'Herb::Engine#handle_validation_errors'
# ./vendor/bundle/ruby/3.4.0/gems/herb-0.9.5-arm64-darwin/lib/herb/engine.rb:131:in 'Herb::Engine#initialize'
# ./vendor/bundle/ruby/3.4.0/gems/reactionview-0.3.0/lib/reactionview/template/handlers/herb/herb.rb:29:in 'ReActionView::Template::Handlers::Herb::Herb#initialize'
# ./vendor/bundle/ruby/3.4.0/gems/reactionview-0.3.0/lib/reactionview/template/handlers/herb.rb:29:in 'Class#new'
# ./vendor/bundle/ruby/3.4.0/gems/reactionview-0.3.0/lib/reactionview/template/handlers/herb.rb:29:in 'ReActionView::Template::Handlers::Herb#call'
# ./vendor/bundle/ruby/3.4.0/gems/actionview-8.0.4.1/lib/action_view/template/handlers/erb.rb:30:in 'ActionView::Template::Handlers::ERB.call'
# ./vendor/bundle/ruby/3.4.0/gems/reactionview-0.3.0/lib/reactionview/template/handlers/erb.rb:11:in 'ReActionView::Template::Handlers::ERB#call'
# ./vendor/bundle/ruby/3.4.0/gems/actionview-8.0.4.1/lib/action_view/template/handlers/erb.rb:30:in 'ActionView::Template::Handlers::ERB.call'
# ./vendor/bundle/ruby/3.4.0/gems/view_component-3.24.0/lib/view_component/template.rb:122:in 'ViewComponent::Template#compiled_source'
# ./vendor/bundle/ruby/3.4.0/gems/view_component-3.24.0/lib/view_component/template.rb:53:in 'ViewComponent::Template#compile_to_component'
# ./vendor/bundle/ruby/3.4.0/gems/view_component-3.24.0/lib/view_component/compiler.rb:64:in 'block in ViewComponent::Compiler#define_render_template_for'
# ./vendor/bundle/ruby/3.4.0/gems/view_component-3.24.0/lib/view_component/compiler.rb:63:in 'Array#each'
# ./vendor/bundle/ruby/3.4.0/gems/view_component-3.24.0/lib/view_component/compiler.rb:63:in 'ViewComponent::Compiler#define_render_template_for'
# ./vendor/bundle/ruby/3.4.0/gems/view_component-3.24.0/lib/view_component/compiler.rb:49:in 'block in ViewComponent::Compiler#compile'
# ./vendor/bundle/ruby/3.4.0/gems/view_component-3.24.0/lib/view_component/compiler.rb:26:in 'Thread::Mutex#synchronize'
# ./vendor/bundle/ruby/3.4.0/gems/view_component-3.24.0/lib/view_component/compiler.rb:26:in 'ViewComponent::Compiler#compile'
# ./vendor/bundle/ruby/3.4.0/gems/view_component-3.24.0/lib/view_component/base.rb:589:in 'ViewComponent::Base.compile'
# ./vendor/bundle/ruby/3.4.0/gems/view_component-3.24.0/lib/view_component/engine.rb:90:in 'Array#each'
# ./vendor/bundle/ruby/3.4.0/gems/view_component-3.24.0/lib/view_component/engine.rb:90:in 'block (2 levels) in <class:Engine>'
# ./vendor/bundle/ruby/3.4.0/gems/activesupport-8.0.4.1/lib/active_support/lazy_load_hooks.rb:99:in 'BasicObject#instance_eval'
# ./vendor/bundle/ruby/3.4.0/gems/activesupport-8.0.4.1/lib/active_support/lazy_load_hooks.rb:99:in 'block in ActiveSupport::LazyLoadHooks#execute_hook'
# ./vendor/bundle/ruby/3.4.0/gems/activesupport-8.0.4.1/lib/active_support/lazy_load_hooks.rb:87:in 'ActiveSupport::LazyLoadHooks#with_execution_control'
# ./vendor/bundle/ruby/3.4.0/gems/activesupport-8.0.4.1/lib/active_support/lazy_load_hooks.rb:92:in 'ActiveSupport::LazyLoadHooks#execute_hook'
# ./vendor/bundle/ruby/3.4.0/gems/activesupport-8.0.4.1/lib/active_support/lazy_load_hooks.rb:78:in 'block in ActiveSupport::LazyLoadHooks#run_load_hooks'
# ./vendor/bundle/ruby/3.4.0/gems/activesupport-8.0.4.1/lib/active_support/lazy_load_hooks.rb:77:in 'Array#each'
# ./vendor/bundle/ruby/3.4.0/gems/activesupport-8.0.4.1/lib/active_support/lazy_load_hooks.rb:77:in 'ActiveSupport::LazyLoadHooks#run_load_hooks'
# ./vendor/bundle/ruby/3.4.0/gems/railties-8.0.4.1/lib/rails/application/finisher.rb:93:in 'block in <module:Finisher>'
# ./vendor/bundle/ruby/3.4.0/gems/railties-8.0.4.1/lib/rails/initializable.rb:32:in 'BasicObject#instance_exec'
# ./vendor/bundle/ruby/3.4.0/gems/railties-8.0.4.1/lib/rails/initializable.rb:32:in 'Rails::Initializable::Initializer#run'
# ./vendor/bundle/ruby/3.4.0/gems/railties-8.0.4.1/lib/rails/initializable.rb:61:in 'block in Rails::Initializable#run_initializers'
# ./vendor/bundle/ruby/3.4.0/gems/tsort-0.2.0/lib/tsort.rb:231:in 'block in TSort.tsort_each'
# ./vendor/bundle/ruby/3.4.0/gems/tsort-0.2.0/lib/tsort.rb:353:in 'block (2 levels) in TSort.each_strongly_connected_component'
# ./vendor/bundle/ruby/3.4.0/gems/tsort-0.2.0/lib/tsort.rb:434:in 'TSort.each_strongly_connected_component_from'
# ./vendor/bundle/ruby/3.4.0/gems/tsort-0.2.0/lib/tsort.rb:352:in 'block in TSort.each_strongly_connected_component'
# ./vendor/bundle/ruby/3.4.0/gems/tsort-0.2.0/lib/tsort.rb:350:in 'Rails::Initializable::Collection#each'
# ./vendor/bundle/ruby/3.4.0/gems/tsort-0.2.0/lib/tsort.rb:350:in 'Method#call'
# ./vendor/bundle/ruby/3.4.0/gems/tsort-0.2.0/lib/tsort.rb:350:in 'TSort.each_strongly_connected_component'
# ./vendor/bundle/ruby/3.4.0/gems/tsort-0.2.0/lib/tsort.rb:229:in 'TSort.tsort_each'
# ./vendor/bundle/ruby/3.4.0/gems/tsort-0.2.0/lib/tsort.rb:208:in 'TSort#tsort_each'
# ./vendor/bundle/ruby/3.4.0/gems/railties-8.0.4.1/lib/rails/initializable.rb:60:in 'Rails::Initializable#run_initializers'
# ./vendor/bundle/ruby/3.4.0/gems/railties-8.0.4.1/lib/rails/application.rb:444:in 'Rails::Application#initialize!'
# ./config/environment.rb:7:in '<top (required)>'
# ./spec/rails_helper.rb:9:in '<top (required)>'
# ./spec/acceptance/acceptance_helper.rb:3:in 'Kernel#require_relative'
# ./spec/acceptance/acceptance_helper.rb:3:in '<top (required)>'
# ./spec/acceptance/api/v1/api_spec.rb:3:in 'Kernel#require_relative'
# ./spec/acceptance/api/v1/api_spec.rb:3:in '<top (required)>'
Turning off intercept_erb in the test environment works around the issue, but I'm not sure why this is happening in the first place. I guess Herb is being applied to all of my gems and not just application code. I guess maybe this is expected if we're simply overwriting the default ERB renderer. Though that's unfortunate because I don't control that code. It makes me wish I could use Herb for app/views and Erubi for any gems that have views.
With:
When eager loading a Rails app running Lookbook (latest version) and running RSpec (
CI=true bin/rspec), I get this error:Turning off
intercept_erbin the test environment works around the issue, but I'm not sure why this is happening in the first place. I guess Herb is being applied to all of my gems and not just application code. I guess maybe this is expected if we're simply overwriting the default ERB renderer. Though that's unfortunate because I don't control that code. It makes me wish I could use Herb for app/views and Erubi for any gems that have views.