From da071d78cd3722aff928e358d8c14cd2fdb40af2 Mon Sep 17 00:00:00 2001 From: Adam Daley Date: Thu, 4 Jun 2026 07:19:19 +0100 Subject: [PATCH 1/4] Add email template sandbox and defaults docs --- .../docs/maintenance/Updating/0-7-to-0-8.mdoc | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc index 1006fc1..bb77ccc 100644 --- a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc +++ b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc @@ -397,7 +397,24 @@ Widgets are registered by modules and can be created by implementing the `Widget ## Email Templates -File-backed email templates are now supported in addition to the database-stored templates. The email Twig environment is now sandboxed for security, restricting available filters and globals. +{% aside type="caution" %} +**Custom email templates must be updated.** The email Twig environment now runs inside a sandbox that restricts allowed tags, filters, functions, and globals. Any template that used removed or renamed filters, the `{% set %}` tag, the `api_admin` / `api_client` globals, or `{{ guest.method() }}` calls will fail to render and block email delivery. +{% /aside %} + +### File-backed Defaults + +In the email template editor, three states are now shown: customized, file-backed default, and no file-backed default. Admins can reset a customized template back to its file-backed default. + +### Sandbox Policy + +The set of allowed tags, filters, functions, and globals is summarised below: + +| Category | Allowed | +|----------|---------| +| **Tags** | `if`, `for`, `block`, `apply` | +| **Filters** | `escape`/`e`, `default`, `title`, `length`, `date`, `format_currency`, `format_date`, `format_datetime`, `format_number`, `format_time`, `currency_name`, `currency_symbol`, `country_name`, `url`, `daysleft`, `trans`, `period_title`, `markdown_to_html` | +| **Functions** | `country_names` | +| **Globals** | `guest` *(only `guest.system_company` is exposed)*, `default_currency`, `FOSSBillingVersion` | ## Deprecations & Removals (Summary) From 369ccab727db0bb3fac9dbc7493f27375ea0dfc4 Mon Sep 17 00:00:00 2001 From: Adam Daley Date: Thu, 4 Jun 2026 07:24:30 +0100 Subject: [PATCH 2/4] Fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc index bb77ccc..84e2917 100644 --- a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc +++ b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc @@ -398,7 +398,7 @@ Widgets are registered by modules and can be created by implementing the `Widget ## Email Templates {% aside type="caution" %} -**Custom email templates must be updated.** The email Twig environment now runs inside a sandbox that restricts allowed tags, filters, functions, and globals. Any template that used removed or renamed filters, the `{% set %}` tag, the `api_admin` / `api_client` globals, or `{{ guest.method() }}` calls will fail to render and block email delivery. +**Custom email templates must be updated.** The email Twig environment now runs inside a sandbox that restricts allowed tags, filters, functions, and globals. Any template that used filters that were removed or renamed, the `{% set %}` tag, the `api_admin` / `api_client` globals, or `{{ guest.method() }}` calls will fail to render and block email delivery. {% /aside %} ### File-backed Defaults From f35682c1fa678d9937d4c03b8bac220488849d0a Mon Sep 17 00:00:00 2001 From: Adam Daley Date: Thu, 4 Jun 2026 07:25:03 +0100 Subject: [PATCH 3/4] Fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc index 84e2917..92799ef 100644 --- a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc +++ b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc @@ -407,7 +407,7 @@ In the email template editor, three states are now shown: customized, file-backe ### Sandbox Policy -The set of allowed tags, filters, functions, and globals is summarised below: +The set of allowed tags, filters, functions, and globals is summarized below: | Category | Allowed | |----------|---------| From 50094a81dbf8b3f48e5fde4f8438100062067e82 Mon Sep 17 00:00:00 2001 From: Adam Daley Date: Thu, 4 Jun 2026 07:26:21 +0100 Subject: [PATCH 4/4] Clarify sandbox policy wording in update guide --- src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc index 92799ef..0c6ab21 100644 --- a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc +++ b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc @@ -407,7 +407,7 @@ In the email template editor, three states are now shown: customized, file-backe ### Sandbox Policy -The set of allowed tags, filters, functions, and globals is summarized below: +The set of tags, filters, functions, and globals allowed in email templates is summarized below: | Category | Allowed | |----------|---------|