From 84970a49974599d1d81852b04387d170e1255d9d Mon Sep 17 00:00:00 2001
From: Dawid Marcin Grzesiak <dawid@grzesiak.pro>
Date: Wed, 20 Oct 2021 12:52:24 +0200
Subject: [PATCH] hardening default option: only proc/lambda executes in the
 instance context

---
 lib/active_attr/attribute_defaults.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/active_attr/attribute_defaults.rb b/lib/active_attr/attribute_defaults.rb
index 44acbf6..755196c 100644
--- a/lib/active_attr/attribute_defaults.rb
+++ b/lib/active_attr/attribute_defaults.rb
@@ -111,7 +111,8 @@ def _attribute_default(attribute_name)
       default = self.class.attributes[attribute_name][:default]
 
       case
-      when default.respond_to?(:call) then instance_exec(&default)
+      when default.is_a?(Proc) then instance_exec(&default)
+      when default.respond_to?(:call) then default.call
       when default.duplicable? then default.dup
       else default
       end