Results 1 to 2 of 2

Thread: Twig disable certain functions / whitelist certain functions?

  1. #1
    Administrator Kavoir's Avatar
    Join Date
    Dec 2009
    Posts
    183

    Twig disable certain functions / whitelist certain functions?

    We are building a system where non-developers (cheaper human resources) can easily tweak by modifying configuration files such as XML or YAML, and it would come handy to use a template system where a static XML or YAML file can be used in multiple situations with different values in it so we are resorting to Twig for this.


    However as these files are fed to thus fully trusted and consumed by our system, it would also be vital to limit the ways Twig can be used. For now, we only need these:


    {{ var|default('xxxx') }}
    {% if var %} ... {% endif %}


    What are my options to limit Twig to parse only these functions (by function I don't mean just the functions)? Or at least exclude unneeded functions as much as possible.


    We don't want our configuration managers to use advanced techniques such as include etc. that can include and view system files, for example.


    I tried go search around on Google but nothing relevant come up.
    The road goes ever on and on.

  2. #2
    Administrator Kavoir's Avatar
    Join Date
    Dec 2009
    Posts
    183
    Seems I should look into the sandbox mode of Twig: http://twig.sensiolabs.org/doc/api.h...dbox-extension
    The road goes ever on and on.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •