barryvdh
commented
4 years ago Yeah you can just not echo that?
Open bilogic opened 4 years ago
barryvdh
commented
4 years ago Yeah you can just not echo that?
bilogic
commented
4 years ago Hi,
I'm coming along the lines that a template system is supposed to limit itself to only "safe" code so that it is end user editable (think shopify's liquid).
While I could disable config() entirely, APIs such as recaptcha still needs to expose their public key in templates.
I was wondering if you would consider adding something similiar to Laravel's debug_blacklist for config? Thank you.
barryvdh
commented
4 years ago In that case you can use the sandbox, but by default Twig has access to al lot of functions and the global app variable.
onemoreahmad
commented
4 years ago @barryvdh Can't we just disable / blacklist config() and then if I need some config info I'll create a custom function for that specific data and make it available for twig ? I think config(), app() and other sensitive data must not be available for the front end developer .. any idea ?
Thanks.
onemoreahmad
commented
4 years ago Cool, I was able to disable config() from twigbridge.php conifg file, totally missed that!
Hi,
Is there a way to make
{{ config("database.connections.mysql.password") }}not expose.env'sDB_PASSWORDand other sensitive infomation? Thank you.