From d34fb8ab51108495a9a651b841202d935f4e12f7 Mon Sep 17 00:00:00 2001 From: Luke Towers Date: Fri, 13 Nov 2020 03:48:27 -0600 Subject: [PATCH] Improve Twig security policy Follow up to https://github.com/octobercms/october/compare/106daa2930de4cebb18732732d47d4056f01dd5b...7cb148c1677373ac30ccfd3069d18098e403e1ca. Thanks to @ka1n4t for the additional review. --- modules/system/twig/SecurityPolicy.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/system/twig/SecurityPolicy.php b/modules/system/twig/SecurityPolicy.php index bcbc7a1501..aacd39ba63 100644 --- a/modules/system/twig/SecurityPolicy.php +++ b/modules/system/twig/SecurityPolicy.php @@ -20,6 +20,8 @@ final class SecurityPolicy implements SecurityPolicyInterface protected $blockedMethods = [ 'addDynamicMethod', 'addDynamicProperty', + 'bindEvent', + 'bindEventOnce', ]; /**