You are here

public function TwigSandboxPolicy::__construct in Drupal 9

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Core/Template/TwigSandboxPolicy.php \Drupal\Core\Template\TwigSandboxPolicy::__construct()
  2. 10 core/lib/Drupal/Core/Template/TwigSandboxPolicy.php \Drupal\Core\Template\TwigSandboxPolicy::__construct()

Constructs a new TwigSandboxPolicy object.

File

core/lib/Drupal/Core/Template/TwigSandboxPolicy.php, line 45

Class

TwigSandboxPolicy
Default sandbox policy for Twig templates.

Namespace

Drupal\Core\Template

Code

public function __construct() {

  // Allow settings.php to override our default allowed classes, methods, and
  // prefixes.
  $allowed_classes = Settings::get('twig_sandbox_allowed_classes', [
    // Allow any operations on the Attribute object as it is intended to be
    // changed from a Twig template, for example calling addClass().
    'Drupal\\Core\\Template\\Attribute',
  ]);

  // Flip the array so we can check using isset().
  $this->allowed_classes = array_flip($allowed_classes);
  $allowed_methods = Settings::get('twig_sandbox_allowed_methods', [
    // Only allow idempotent methods.
    'id',
    'label',
    'bundle',
    'get',
    '__toString',
    'toString',
  ]);

  // Flip the array so we can check using isset().
  $this->allowed_methods = array_flip($allowed_methods);
  $this->allowed_prefixes = Settings::get('twig_sandbox_allowed_prefixes', [
    'get',
    'has',
    'is',
  ]);
}