PHP Library for Safe & Sandboxed PHP

Potreban mi je sandboxed env.

Sandboxed Templating Engines

Jedna mogućnost je bio Templating engines in PHP: Blade (Laravel), Twig (Sandboxed), Latte (Sandboxed), Plates, Volt, to name a few. I kako je Latte najsigurniji: Quiz: Can you defend against XSS vulnerability? – Nette Blog

Analiza iz 2009 Fabien Potencier i neophodnost Sandbox moda, Templating Engines in PHP |Articles, odnonsno kako je preuzeo Twig.

Sandboxed PHP

Meni je potrebno da omogućim ama baš sve WP funkcije i da samo napomenem koje su zabranjene odnosno blacklisted.

Tu je apsolutni standard Corveda/PHPSandbox: A PHP-based sandboxing library with a full suite of configuration and validation options.

Super mali i brzi je apioo/psx-sandbox: Execute PHP code in a sandbox, ali nema blacklisting nego whitelisting samo.

Takođe, mogu da proverim sintaxu i security pre snimanja i sa linterom: overtrue/phplint: 🐛 A tool that can speed up linting of php files by running several lint processes at once. ali pretpostavljam da to može i sa PHPStan

Blacklisted functions in WP and PHP

Ove funkcije treba da preskačem: Be Watchful: PHP And WordPress Functions That Can Make Your Site Insecure — Smashing Magazine i XSS Attack in WordPress : The Developer’s Guide on how to prevent one • WPShout

leongrdic/php-smplang: simple expression language written in PHP that executes code in an isolated environment

Kitano/php-expression: PHP Expression Language

The ExpressionLanguage Component (Symfony Docs) It’s time to get creative with the Symfony Expression Language jameskfry/expression-language: Javascript implementation of Symfony/ExpressionLanguage

opis/closure: Serialize closures (anonymous functions)

krakjoe/sandbox: A sandbox environment for PHP7.1+