Twig Templating
For developers who prefer safety, readability, and a rich feature set, Pragma CMS natively integrates Twig 3. Twig templates are automatically compiled to raw PHP in the background and cached for maximum performance.
By default, Pragma CMS configures Twig to auto-escape all variables, drastically reducing the risk of XSS attacks.
Core Functions
Pragma CMS extends Twig with native, highly optimized functions. Some of these functions output HTML markup natively and are marked as is_safe => ['html'] so you do not need to use the |raw filter.
1. Translation & Routing
| Twig Function | Description | Example |
|---|---|---|
getTranslation(key, params) | Returns the localized string from the dictionary. | {{ getTranslation('Read more') }} |
getLink(handle, params) | Generates an internal translated URL. | {{ getLink('front.articles.show', {'slug': 'my-post'}) }} |
2. Assets & Media
| Twig Function | Description | Example |
|---|---|---|
getAssetsPath(path, isTheme) | Returns the URL to static assets (JS, CSS). | <link href="{{ getAssetsPath('css/main.css', true) }}"> |
getMediaPath(path) | Returns the public URL to a media file. | <a href="{{ getMediaPath('documents/pdf.pdf') }}"> |
3. HTML Rendering (Pre-escaped)
These functions return safe HTML and do not require manual escaping.
| Twig Function | Description | Example |
|---|---|---|
renderImage(mediaId, size) | Generates an optimized <picture> tag (AVIF/WebP). | {{ renderImage(12, 'large') }} |
renderIcon(library, name) | Generates SVG or Font icon markup. | {{ renderIcon('fa-solid', 'house') }} |
renderForm(handle, options) | Renders a form managed in the Builder. | {{ renderForm('contact', {'ajax': true}) }} |
renderMenu(handle) | Generates a hierarchical <ul>/<li> navigation menu. | {{ renderMenu('main-navigation') }} |
renderBreadcrumbs() | Outputs the breadcrumb trail computed by the router. | {{ renderBreadcrumbs() }} |
renderFooterCredits() | Outputs the copyright and CMS credits. | {{ renderFooterCredits() }} |
4. Utilities
| Twig Function | Description | Example |
|---|---|---|
isActiveRouteHandle(handle) | Returns 'active' if the route matches the current URL. | <a class="{{ isActiveRouteHandle('front.home') }}"> |
truncateText(text, length) | Safely truncates a string, stripping HTML tags. | {{ truncateText(page.entry.description, 160) }} |
The Sandbox Engine (User Content)
Pragma CMS employs a powerful security feature called the TemplateEngine Sandbox.
When administrators use the WYSIWYG or Editor.js tools, they might sometimes input raw Twig logic (e.g., {{ site.name }}). To prevent privilege escalation or severe server breaches, the CMS parses Database-stored content using an isolated Twig Sandbox.
Allowed Tags: if, for, set, block, filter, spaceless, else, endif, endfor.
Allowed Filters: upper, lower, capitalize, date, format, escape, length, raw, nl2br, trim, json_encode.
Allowed Functions: range, random, date, getLink, getTranslation, getAssetsPath, getMediaPath, renderImage, renderForm, renderMenu.
(Note: Object methods and properties are strictly blocked in user-generated content for security reasons).