Mail Security Policy

The use of merge fields in the operator panel is regulated by a strict policy for security reasons. This restricts what is possible for your help desk staff to do in terms of twig code and helps to keep the server secure.

Contents

For details on how to set the below configuration items, please read Environment Variables.

Components

The security policy is made up of the following components:

Component Documentation
Tags https://twig.symfony.com/doc/3.x/tags/index.html
Filters https://twig.symfony.com/doc/3.x/filters/index.html
Methods Methods that can be called on class objects.
Properties Properties that can be accessed on objects.

Extending the policy

Create a new file /config/production/mail.php:


    <?php return [ 'policy' => \App\Modules\Core\Controllers\Mailer\MailPolicy::policy()->toArray() ];

Adding new tags

To add new tags to the policy use the addTags(array $tags): self method:


    <?php return [ 'policy' => \App\Modules\Core\Controllers\Mailer\MailPolicy::policy()->addTags(['do'])->toArray() ];

Adding new filters

To add new filters to the policy use the addFilters(array $filters): self method:


    <?php return [ 'policy' => \App\Modules\Core\Controllers\Mailer\MailPolicy::policy()->addFilters(['abs'])->toArray() ];

Adding new methods

To allow calling a new method on a class use the addMethod(string $class, array $methods): self method:


    <?php return [ 'policy' => \App\Modules\Core\Controllers\Mailer\MailPolicy::policy()->addMethod(\Illuminate\Support\Collection::class, ['lazy'])->toArray() ];

Adding new properties

To allow accessing a new property on a class use the addProperty(string $class, array $properties): self method:


    <?php return [ 'policy' => \App\Modules\Core\Controllers\Mailer\MailPolicy::policy()->addProperty(\stdClass::class, ['foo'])->toArray() ];