Level 102
Use twig instead of blade
1 like
Dec 14, 2019
8
Level 1
Laravel theme development option by 3rd party
Hi,
Imagine I want to create a webstie for e-commerce where users can develop theme for their own store. Now I have few concerns.
- How to prevent execute php commands through the theme?
- How to allow theme developers to use only variables provided to them?
I am blur with this concept. Any kinds of support will be highly appreciated.
Thanks is advance.
Level 1
Thank you for your reply.
How about implementing in blade with Laravel. Does it has any difficulties to implement?
Level 102
Yes you would have to find a way to blacklist unwanted code like @php. Twig is built for this out of the box
Level 102
Another solution I have seen in action is to simply have a ckeditor page for each part of the page. I worked for a company that did this. Then in each editor you would insert a variable which embedded that part into the page (a product card on a products page etc)
1 like
Level 1
It's interesting. @sinnbeck
I am not sure, but I feel Twig might not able to prevent all kinds of command execution in the template. So to make it more secure, is there any other attempt, that we should take?
Level 102
You can use the sandbox for this I believe
1 like
Level 1
@sinnbeck Thank you. I have a good knowledge of it now.
Level 70
@theonlinethomas Please mark as solved if you feel that @sinnbeck provides you the right info.
1 like
Please or to participate in this conversation.