Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The Globally Sandbox option in TwigEnvironment is allways TRUE, and should be optional.
Change this:
$policy = new TwigSandboxPolicy();
$sandbox = new \Twig_Extension_Sandbox($policy, TRUE);
$this->addExtension($sandbox);
To this:
$policy = new TwigSandboxPolicy();
$sandbox = new \Twig_Extension_Sandbox($policy, $options['global_sandbox']);
$this->addExtension($sandbox);
Comment | File | Size | Author |
---|---|---|---|
#5 | drupal-global-sandbox-policy-should-be-optional-in-twig-2600632-5.patch | 1.3 KB | mayeco |
#2 | drupal-twig_globally_sandbox_optional-2600632.patch | 1.2 KB | mayeco |
Comments
Comment #2
mayeco CreditAttribution: mayeco as a volunteer commentedComment #3
star-szrThanks for the report. Why should we do this? It seems like global_sandbox would be a non-standard Twig option which would be really nice to avoid.
Note that you can override some things in your settings file, see https://www.drupal.org/node/2595803.
Comment #4
mayeco CreditAttribution: mayeco as a volunteer commentedTotally agree this is not a Twig option, is a Twig Extension option, what do you think of do it like this:
Comment #5
mayeco CreditAttribution: mayeco as a volunteer commentedComment #6
star-szrI would still like to know why you need/want this :) do you have a use case or example of why you want to turn this off?
Comment #7
mayeco CreditAttribution: mayeco as a volunteer commentedCottser, sure yes, the reason is this: https://www.drupal.org/node/2600378
Comment #8
star-szrI would rather do #2595805: [Followup] Implement the Twig Sandbox Policy as a service collection instead, allowing to disable the sandbox policy altogether can be dangerous. That's why we did #2513266: Twig templates can call delete() on entities and other objects.
Comment #9
mayeco CreditAttribution: mayeco as a volunteer commentedI added the methods needed for webprofiler to work in
twig_sandbox_whitelisted_prefixes
andtwig_sandbox_whitelisted_methods
and now is working, we can close this now thank you, https://www.drupal.org/node/2600378#comment-10489768Comment #10
mayeco CreditAttribution: mayeco as a volunteer commented