Twig Renderer

Qore system registers Qore\Next\System\Twig\TwigRenderer for rendering strings that contain Twig syntax.

use Qore\Next\System\Twig\TwigRenderer;

$html = app(TwigRenderer::class)->render(
    'Hello {{ user_name }}',
    ['user_name' => $user->name],
);

The renderer accepts Twig environment options as the third argument.

$html = app(TwigRenderer::class)->render(
    '{{ missing_value }}',
    options: ['strict_variables' => true],
);

Sandbox

Rendering always uses Twig's sandbox extension. By default Qore allows common text-template tags such as if, for, set, apply, filter and with, common formatting filters, and the cycle and range functions.

Object methods and properties are not allowed by default. The raw filter is also not allowed by default, so rendered values stay covered by Twig's normal HTML escaping.

Custom policy

Qore registers Qore\Next\System\Twig\TwigSandboxConfiguration as a singleton. Override or extend that singleton before the first render when an application needs a wider policy.

use App\Models\Customer;
use Qore\Next\System\Twig\TwigSandboxConfiguration;

$this->app->extend(TwigSandboxConfiguration::class, function (TwigSandboxConfiguration $configuration) {
    return $configuration
        ->allowProperties(Customer::class, 'name')
        ->allowFilters('raw');
});

Sandbox​

Custom policy​

Sandbox

Custom policy