Document theme template sandbox restrictions#504
Conversation
| </body> | ||
| </html> | ||
|
|
||
| Template sandbox restrictions |
There was a problem hiding this comment.
Added theme template sandbox documentation based on security fix GHSA-9fx4-7cmj-47vg. The blocked functions and filters are defined in ThemeSandboxPolicy.php which implements a denylist policy via DENIED_FUNCTIONS and DENIED_FILTERS constants.
Source: mautic/mautic#16173
adiati98
left a comment
adiati98
left a comment
There was a problem hiding this comment.
@promptless-for-oss please address the suggestions
|
Thanks for the feedback! I've addressed both items:
The fixes have been pushed to the branch. |
|
@promptless-for-oss please rebase to 5.x branch |
promptless-for-oss
force-pushed
the
promptless/theme-template-sandbox
branch
from
50f6ec0 to
71ead9a
Compare
|
Done! I've rebased the branch onto |
|
@promptless-for-oss please rebase this back to 7.0. |
Add documentation for the Twig sandbox environment that restricts dangerous functions and filters in user-uploaded theme templates. This security feature prevents remote code execution and data leakage.
- Change "sandboxed Twig environment" to "Twig sandbox environment" - Capitalize "user" to "User" per Mautic style guide
promptless-for-oss
force-pushed
the
promptless/theme-template-sandbox
branch
from
0cc6feb to
8816fdf
Compare
|
Done! I've rebased the branch to 7.0 and force-pushed. The PR's base branch will need to be changed from |
|
@promptless-for-oss we need to close and reopen this PR to trigger the GitHub action. So, don't delete the branch just yet. |
|
Got it! I'll keep the branch intact. |
|
@promptless-for-oss we need to reopen this PR. |
|
Reopen to trigger GitHub action. |
|
@patrykgruszka can you please review the content in this PR and confirm if it's align with your changes on Mautic repo? Please ignore the closed PR as we had a bit trouble with Promptless. I'll cherry pick this PR once you've reviewed it. Thanks! |
2 participants
Open this suggestion in Promptless to view citations and reasoning process
Documents the Twig sandbox environment that restricts dangerous functions and filters in user-uploaded theme templates. Lists all blocked functions (configGetParameter, getEntity, getEntities, source, etc.) and filters (map, reduce, filter) to help theme developers understand security constraints.
Trigger Events
Tip: Attach PDFs in Slack messages to Promptless—it can even extract images from them 📎