Skip to content

Deprecate the "Twig\Sandbox\SourcePolicyInterface" interface#4803

Merged
fabpot merged 1 commit into
twigphp:3.xfrom
fabpot:SourcePolicyInterface-deprecation
May 23, 2026
Merged

Deprecate the "Twig\Sandbox\SourcePolicyInterface" interface#4803
fabpot merged 1 commit into
twigphp:3.xfrom
fabpot:SourcePolicyInterface-deprecation

Conversation

@fabpot

@fabpot fabpot commented May 21, 2026

Copy link
Copy Markdown
Contributor

I'm deprecating this feature for the following main reasons:

  • AFAICS, no open-source projects is using this feature and the only repository using it has 0 stars and 0 downloads on Packagist - if nobody find value in this feature, it's better to remove it
  • As much as possible, a better strategy is to render templates written by untrusted users via a specific loader that restrict what the sandbox environment can "see".

@fabpot fabpot force-pushed the SourcePolicyInterface-deprecation branch from cd1326b to bd924d5 Compare May 23, 2026 06:30
@fabpot fabpot merged commit 3ef56b7 into twigphp:3.x May 23, 2026
@fabpot fabpot deleted the SourcePolicyInterface-deprecation branch May 23, 2026 06:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant