TwigSandboxPolicy
class TwigSandboxPolicy implements SecurityPolicyInterface (View source)
Default sandbox policy for Twig templates.
Twig's sandbox extension is usually used to evaluate untrusted code by limiting access to potentially unsafe properties or methods. Since we do not use ViewModels when passing objects to Twig templates, we limit what those objects can do by only loading certain classes, method names, and method names with an allowed prefix. All object properties may be accessed.
Properties
| protected array | $allowed_methods | An array of allowed methods in the form of methodName => TRUE. |
|
| protected array | $allowed_prefixes | An array of allowed method prefixes -- any method starting with one of these prefixes will be allowed. |
|
| protected array | $allowed_classes | An array of class names for which any method calls are allowed. |
Methods
Constructs a new TwigSandboxPolicy object.
{@inheritdoc}
{@inheritdoc}
{@inheritdoc}
Details
__construct()
Constructs a new TwigSandboxPolicy object.
void
checkSecurity($tags, $filters, $functions)
{@inheritdoc}
void
checkPropertyAllowed($obj, $property)
{@inheritdoc}
void
checkMethodAllowed($obj, $method)
{@inheritdoc}