New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add |e as an allowed filter in security sandbox #885

Closed
Hildy opened this Issue Jan 31, 2019 · 1 comment

Comments

Projects
2 participants
@Hildy
Copy link
Collaborator

Hildy commented Jan 31, 2019

The sandbox for twig filters doesn't allow |e, even though that's just an alias for |escape (which it does allow). We should add that alias to the allowed list.

@jstanden jstanden added this to In Development in 9.1.7 Jan 31, 2019

@jstanden jstanden added this to the 9.1.4 milestone Jan 31, 2019

@jstanden jstanden added the bug label Jan 31, 2019

@jstanden

This comment has been minimized.

Copy link
Owner

jstanden commented Jan 31, 2019

Fixed in 9.1.4

@jstanden jstanden closed this Jan 31, 2019

9.1.7 automation moved this from In Development to Completed! Jan 31, 2019

jstanden added a commit that referenced this issue Feb 5, 2019

* [Bots/Scripting] In bot scripting, fixed an issue where the `|e` sh…
…ortcut for `|escape` was being blocked by the "allowed filters" sandbox.

Fixes #885
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment