This forum has moved to a new location and is in read-only mode. Please visit talk.octobercms.com to access the new location.
I had the same issue of a lot of other people with twig strictness. I read this post https://octobercms.com/forum/post/twigsandboxsecuritynotallowedmethoderror and I have understood that there are new security policies with twig that doesn't allow to use object properties inside a view. In my case the problem was with this code:
` {% for line in lines %}
<a {% if current_line.line_slug == line.line_slug %}class="active"{% endif %} href="{{ 'products-line'|page({ line_slug: line.line_slug }) }}"><i class="icomoon icon-{{ line.slug }}"></i>{{ line.short_name }}</a> `
But how to achieve the same goal with these new policies? What is the correct way to manage objects passed by backend calls?
Last updated
Hey Bob.
The new Twig policy only restricts methods, not properties. It's also disabled if you don't use safe mode. It's also been bumped to v3. If you want to make sure your site will be compatible, and you use safe mode, set the env var:
CMS_SECURITY_POLICY_V2=true
Otherwise, if you don't think you'll ever use safe mode, its pretty safe to ignore this without any modifications.
1-2 of 2