From 0151e0ebe3492b77ef448bb1ddcbbd442f11fec2 Mon Sep 17 00:00:00 2001 From: Engincan VESKE Date: Tue, 12 May 2026 14:45:52 +0300 Subject: [PATCH] Update migration guide Clarified behavior of Scriban templates regarding method invocation and sandboxing. --- docs/en/release-info/migration-guides/abp-10-4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/release-info/migration-guides/abp-10-4.md b/docs/en/release-info/migration-guides/abp-10-4.md index ff3718336c..c66f09c96a 100644 --- a/docs/en/release-info/migration-guides/abp-10-4.md +++ b/docs/en/release-info/migration-guides/abp-10-4.md @@ -170,7 +170,7 @@ Configure(options => ``` - If your engine derives from `TemplateRenderingEngineBase`, no action is required for compilation; however, override `IsSandboxed => true` if your engine is genuinely sandboxed so callers (such as the Text Template Management module) treat its templates as safe to edit by non-developer users. -- Scriban templates that invoke methods on the model (e.g. `{{ model.SomeMethod }}`) or read fields stop working because the engine now whitelists public properties only. Templates that access only properties (the typical Scriban usage) are unaffected. To restore the previous behavior in custom hosts, derive from `ScribanTemplateRenderingEngine` and override `IsMemberAllowed` to allow methods or fields: +- Scriban templates that invoke methods on the model (e.g. `{%{{{ model.SomeMethod }}}%}`) or read fields stop working because the engine now whitelists public properties only. Templates that access only properties (the typical Scriban usage) are unaffected. To restore the previous behavior in custom hosts, derive from `ScribanTemplateRenderingEngine` and override `IsMemberAllowed` to allow methods or fields: ```csharp protected override bool IsMemberAllowed(MemberInfo member) => true;