1<?php 2 3/* 4 * This file is part of Twig. 5 * 6 * (c) Fabien Potencier 7 * 8 * For the full copyright and license information, please view the LICENSE 9 * file that was distributed with this source code. 10 */ 11 12namespace Twig\TokenParser; 13 14use Twig\Error\SyntaxError; 15use Twig\Node\IncludeNode; 16use Twig\Node\SandboxNode; 17use Twig\Node\TextNode; 18use Twig\Token; 19 20/** 21 * Marks a section of a template as untrusted code that must be evaluated in the sandbox mode. 22 * 23 * {% sandbox %} 24 * {% include 'user.html' %} 25 * {% endsandbox %} 26 * 27 * @see https://twig.symfony.com/doc/api.html#sandbox-extension for details 28 * 29 * @final 30 */ 31class SandboxTokenParser extends AbstractTokenParser 32{ 33 public function parse(Token $token) 34 { 35 $stream = $this->parser->getStream(); 36 $stream->expect(Token::BLOCK_END_TYPE); 37 $body = $this->parser->subparse([$this, 'decideBlockEnd'], true); 38 $stream->expect(Token::BLOCK_END_TYPE); 39 40 // in a sandbox tag, only include tags are allowed 41 if (!$body instanceof IncludeNode) { 42 foreach ($body as $node) { 43 if ($node instanceof TextNode && ctype_space($node->getAttribute('data'))) { 44 continue; 45 } 46 47 if (!$node instanceof IncludeNode) { 48 throw new SyntaxError('Only "include" tags are allowed within a "sandbox" section.', $node->getTemplateLine(), $stream->getSourceContext()); 49 } 50 } 51 } 52 53 return new SandboxNode($body, $token->getLine(), $this->getTag()); 54 } 55 56 public function decideBlockEnd(Token $token) 57 { 58 return $token->test('endsandbox'); 59 } 60 61 public function getTag() 62 { 63 return 'sandbox'; 64 } 65} 66 67class_alias('Twig\TokenParser\SandboxTokenParser', 'Twig_TokenParser_Sandbox'); 68