You are here

public function TwigSandboxPolicy::__construct in Drupal 8

Same name and namespace in other branches
  1. 9 core/lib/Drupal/Core/Template/TwigSandboxPolicy.php \Drupal\Core\Template\TwigSandboxPolicy::__construct()
  2. 10 core/lib/Drupal/Core/Template/TwigSandboxPolicy.php \Drupal\Core\Template\TwigSandboxPolicy::__construct()

Constructs a new TwigSandboxPolicy object.

File

core/lib/Drupal/Core/Template/TwigSandboxPolicy.php, line 43

Class

TwigSandboxPolicy
Default sandbox policy for Twig templates.

Namespace

Drupal\Core\Template

Code

public function __construct() {

  // Allow settings.php to override our default whitelisted classes, methods,
  // and prefixes.
  $whitelisted_classes = Settings::get('twig_sandbox_whitelisted_classes', [
    // Allow any operations on the Attribute object as it is intended to be
    // changed from a Twig template, for example calling addClass().
    'Drupal\\Core\\Template\\Attribute',
  ]);

  // Flip the arrays so we can check using isset().
  $this->whitelisted_classes = array_flip($whitelisted_classes);
  $whitelisted_methods = Settings::get('twig_sandbox_whitelisted_methods', [
    // Only allow idempotent methods.
    'id',
    'label',
    'bundle',
    'get',
    '__toString',
    'toString',
  ]);
  $this->whitelisted_methods = array_flip($whitelisted_methods);
  $this->whitelisted_prefixes = Settings::get('twig_sandbox_whitelisted_prefixes', [
    'get',
    'has',
    'is',
  ]);
}