Twig
Twig copied to clipboard
twigphp
Exception Only "include" tags are allowed within a "sandbox" section when using the include function
When trying to render the following template, we get an exception:
{% sandbox %}{{ include('foo.twig') }}{% endsandbox %}
Twig\Error\SyntaxError: Only "include" tags are allowed within a "sandbox" section in "index" at line 1
Now, it would make sense if the include function was not recommended over the include tag:
As of Twig 1.12, it is recommended to use the include function instead as it provides the same features with a bit more flexibility:
https://twig.symfony.com/doc/2.x/tags/include.html
In the current state, it's not possible to follow the official recommendation and use the sandbox tag of TwigPHP.
Does it also not work if you whitelist the include() function in the SecurityPolicy?
It doesn't work either when whitelisting include function.
It is expected since the error is thrown by the parser.
I can confirm. I have same error: Only "include" tags are allowed within a "sandbox" section.
This is the code:
{% sandbox %}
{{ include(template_from_string(email_template.template)) }}
{% endsandbox %}
Whitelisting include in functions does not help.
Refactoring code to:
{% include template_from_string(email_template.template) %} fixes the error.
Actually the correct way for this is {{ include('template.html.twig', sandboxed = true) }}
I think it can be closed.
@Warxcell well, considering that the usage of the include tag is not recommended, where does it put the sandbox tag? If the include tag is not recommended, then the sandbox tag is not recommended either since it only applies to the include tag?
https://twig.symfony.com/doc/3.x/tags/include.html