Add IsSandboxed to ITemplateRenderingEngine#25399
Merged
EngincanV merged 2 commits intoMay 12, 2026
Merged
Conversation
ITemplateRenderingEngine exposes a new IsSandboxed property so callers can decide whether editing a template requires elevated trust. - TemplateRenderingEngineBase provides a virtual default of false (secure-by-default) - RazorTemplateRenderingEngine declares IsSandboxed=false (compiles to .NET assembly via Roslyn) - ScribanTemplateRenderingEngine declares IsSandboxed=true (DSL without .NET interop) - Razor integration docs and TextTemplateManagement docs document the implications - Migration guide for ABP 10.4 documents the new abstraction member
Contributor
There was a problem hiding this comment.
Pull request overview
Adds an IsSandboxed capability marker to the text templating rendering engine abstraction so callers (notably template-management UIs) can distinguish sandboxed DSL-based engines from fully-trusted, code-compiling engines.
Changes:
- Extends
ITemplateRenderingEnginewith a new requiredIsSandboxedproperty, with aTemplateRenderingEngineBasedefault offalse. - Explicitly declares
IsSandboxedfor the built-in engines:Scriban(true) andRazor(false). - Adds engine-specific tests plus documentation/migration-guide updates describing the security implications and upgrade steps.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| framework/src/Volo.Abp.TextTemplating.Core/Volo/Abp/TextTemplating/ITemplateRenderingEngine.cs | Adds IsSandboxed to the public rendering-engine abstraction and documents intended meaning/usage. |
| framework/src/Volo.Abp.TextTemplating.Core/Volo/Abp/TextTemplating/TemplateRenderingEngineBase.cs | Provides a virtual default for IsSandboxed (false) to minimize breakage for derived engines. |
| framework/src/Volo.Abp.TextTemplating.Razor/Volo/Abp/TextTemplating/Razor/RazorTemplateRenderingEngine.cs | Marks Razor as non-sandboxed (IsSandboxed => false) with explanatory remarks. |
| framework/src/Volo.Abp.TextTemplating.Scriban/Volo/Abp/TextTemplating/Scriban/ScribanTemplateRenderingEngine.cs | Marks Scriban as sandboxed (IsSandboxed => true) with explanatory remarks. |
| framework/test/Volo.Abp.TextTemplating.Razor.Tests/Volo/Abp/TextTemplating/Razor/RazorTemplateRenderingEngine_IsSandboxed_Tests.cs | Adds tests asserting Razor’s IsSandboxed behavior and interface exposure. |
| framework/test/Volo.Abp.TextTemplating.Scriban.Tests/Volo/Abp/TextTemplating/Scriban/ScribanTemplateRenderingEngine_IsSandboxed_Tests.cs | Adds tests asserting Scriban’s IsSandboxed behavior and interface exposure. |
| docs/en/framework/infrastructure/text-templating/razor.md | Adds a security notice explaining the risks of runtime Razor template editing and how it relates to IsSandboxed. |
| docs/en/modules/text-template-management.md | Documents permission/risk model for editing sandboxed vs non-sandboxed templates based on IsSandboxed. |
| docs/en/release-info/migration-guides/abp-10-4.md | Adds migration guidance for the new interface member and related template-management security behavior. |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## rel-10.4 #25399 +/- ##
============================================
- Coverage 49.30% 49.30% -0.01%
============================================
Files 3667 3667
Lines 123171 123186 +15
Branches 9407 9409 +2
============================================
Hits 60731 60731
- Misses 60631 60647 +16
+ Partials 1809 1808 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
- Soften IsSandboxed XML doc as a best-effort marker - Replace #XXXXX placeholders with #25399 - Set Scriban MemberFilter to allowlist public properties only, blocking method/field access and reflection escape paths - Update Razor and Scriban safe-runtime docs to match - Add reflection-escape, method-invocation and nested-property tests for Scriban
ebicoglu
approved these changes
May 11, 2026
EngincanV
approved these changes
May 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ITemplateRenderingEngineexposes a newIsSandboxedproperty so callers can decide whether editing a template requires elevated trust.TemplateRenderingEngineBasedefaults tofalse(secure-by-default).RazorTemplateRenderingEnginedeclaresIsSandboxed=false(compiles to a fully-trusted .NET assembly via Roslyn).ScribanTemplateRenderingEnginedeclaresIsSandboxed=trueand setsTemplateContext.MemberFilterto expose only public properties on imported objects, blocking method/field access and reflection escape paths.The companion PR in https://github.com/volosoft/volo/pull/22286 wires this into the Text Template Management module.