SandboxExtension example


        $state->set(static::CACHE_PREFIX_METADATA_KEY, $current);
      }
      $this->twigCachePrefix = $current['twig_cache_prefix'];

      $options['cache'] = new TwigPhpStorageCache($cache$this->twigCachePrefix);
    }

    $this->setLoader($loader);
    parent::__construct($this->getLoader()$options);
    $policy = new TwigSandboxPolicy();
    $sandbox = new SandboxExtension($policy, TRUE);
    $this->addExtension($sandbox);
  }

  /** * {@inheritdoc} */
  public function compileSource(Source $source): string {
    // Note: always use \Drupal\Core\Serialization\Yaml here instead of the     // "serializer.yaml" service. This allows the core serializer to utilize     // core related functionality which isn't available as the standalone     // component based serializer.
protected $twig;

  /** * {@inheritdoc} */
  protected function setUp(): void {
    parent::setUp();

    $loader = new StringLoader();
    $this->twig = new Environment($loader);
    $policy = new TwigSandboxPolicy();
    $sandbox = new SandboxExtension($policy, TRUE);
    $this->twig->addExtension($sandbox);
  }

  /** * Tests that dangerous methods cannot be called in entity objects. * * @dataProvider getTwigEntityDangerousMethods */
  public function testEntityDangerousMethods($template) {
    $entity = $this->createMock('Drupal\Core\Entity\EntityInterface');
    $this->expectException(SecurityError::class);
    
Home | Imprint | This part of the site doesn't use cookies.