How to manage twig strictness correctly

This forum has moved to a new location and is in read-only mode. Please visit talk.octobercms.com to access the new location.

BobCasarini

2 years ago

I had the same issue of a lot of other people with twig strictness. I read this post https://octobercms.com/forum/post/twigsandboxsecuritynotallowedmethoderror and I have understood that there are new security policies with twig that doesn't allow to use object properties inside a view. In my case the problem was with this code:

` {% for line in lines %}

<a {% if current_line.line_slug == line.line_slug %}class="active"{% endif %} href="{{ 'products-line'|page({ line_slug: line.line_slug }) }}"><i class="icomoon icon-{{ line.slug }}"></i>{{ line.short_name }}</a> `

But how to achieve the same goal with these new policies? What is the correct way to manage objects passed by backend calls?

Last updated 2 years ago

daftspunky

2 years ago

Moderator

Hey Bob.

The new Twig policy only restricts methods, not properties. It's also disabled if you don't use safe mode. It's also been bumped to v3. If you want to make sure your site will be compatible, and you use safe mode, set the env var:

CMS_SECURITY_POLICY_V2=true

Otherwise, if you don't think you'll ever use safe mode, its pretty safe to ignore this without any modifications.

1-2 of 2

You cannot edit posts or make replies: the forum has moved to talk.octobercms.com.

Latest from the blog

Spletna Postaja Shares Their October CMS Journey [Interview]

We're excited to share a partner spotlight interview with Spletna Postaja, a talented digital agency based in Slovenia. With over 20 years of experience, they've become experts in crafting custom digital solutions, and October CMS plays a central role in their success.

Continue reading →