I have a form input that collects any arbitrary string. I'd like to pass that input directly to strftime such that users can specify their own formats. For example: "mytext%Y" might be input from a user which I would then pass to strftime.
# userinput = "mytext%Y"
mydate = DateTime.now.strftime(userinput)
# outputs "mytext2000"
Is this safe to do? If not, what would a developer need to consider or put in place?
It is safe.
The worst it can happen is when the user inputs an invalid format, it will simply print the string out.
Date.today.strftime('%A')
# => "Tuesday"
Date.today.strftime('#{1 + 1}')
# => "\#{1 + 1}"