I’m using Foreman 1.23 and I’m trying to write my own template. Unfortunately, I have a few similar issues where Safemode doesn’t allow to access some variables or resources.
Error example: There was an error rendering the kickstart_centos7 template: Safemode doesn't allow to access 'section_end' on #<Safemode::ScopeObject>
I had a similar issue with img_name
What is the reason of these errors? Thank you for help.
the reason for these errors is, that safemode rendering for ERB templates is enabled by default in Foreman.
This is done to protect certain parts of potentially sensitive data to leak via templates and to prevent arbitrary code execution on the Foreman.
Depending on who uses the Foreman on your site and how you use it, this may or may not be useful to you.
Some information on this topic can be found on the wikipage on template writing. There is also information on how to turn safemode off if it is not relevant to you.
I’d just add that adding more methods to the safemode whitelist is usually easy. However the img_name and section_end are a local variable used in Kickstart Default template, perhaps you’re trying to access it before it’s defined or outside of it’s scope. It would probably help if you upload the template you’re trying to write. Here’s how these variables gets defined in Kickstart Default