function TwigSandboxPolicy::__construct
Constructs a new TwigSandboxPolicy object.
File
-
core/
lib/ Drupal/ Core/ Template/ TwigSandboxPolicy.php, line 43
Class
- TwigSandboxPolicy
- Default sandbox policy for Twig templates.
Namespace
Drupal\Core\TemplateCode
public function __construct() {
// Allow settings.php to override our default whitelisted classes, methods,
// and prefixes.
$whitelisted_classes = Settings::get('twig_sandbox_whitelisted_classes', [
// Allow any operations on the Attribute object as it is intended to be
// changed from a Twig template, for example calling addClass().
'Drupal\\Core\\Template\\Attribute',
]);
// Flip the arrays so we can check using isset().
$this->whitelisted_classes = array_flip($whitelisted_classes);
$whitelisted_methods = Settings::get('twig_sandbox_whitelisted_methods', [
// Only allow idempotent methods.
'id',
'label',
'bundle',
'get',
'__toString',
'toString',
]);
$this->whitelisted_methods = array_flip($whitelisted_methods);
$this->whitelisted_prefixes = Settings::get('twig_sandbox_whitelisted_prefixes', [
'get',
'has',
'is',
]);
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.