Symfony News

New in Symfony 5.1: ExpressionLanguage validator

Andrey Sevastianov

Contributed by
Andrey Sevastianov
in #35849.

The ExpressionLanguage component provides an engine to compile and evaluate expressions. It's used by many companies to allow non-developers write business rules (e.g. evaluate the following expression to decide if your store offers a discount: 'user["isActive"] == true and product["price"] > 20').

In Symfony 5.1 we've improved the ExpressionLanguage component to allow validating the expressions without parsing or evaluating them. The ExpressionLanguage and Parser classes now include a lint() method to validate expressions:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
use Symfony\Component\ExpressionLanguage\Lexer;
use Symfony\Component\ExpressionLanguage\Parser;

$lexer = new Lexer();
$parser = new Parser([]);
$parser->lint($lexer->tokenize($expression), $allowedVariableNames);

$expression = 'foo["some_key"].callFunction(a ? b)';
$allowedVariableNames = ['foo', 'a', 'b'];
// Result: no error; expression is valid.

$expression = 'foo["some_key")';
$allowedVariableNames = ['foo'];
// Result: Unclosed "[" around position 3 for expression `foo["some_key")`.

$expression = '{key: foo key2: bar}';
$allowedVariableNames = ['foo', 'bar'];
// Result: A hash value must be followed by a comma
//         Unexpected token "name" of value "key2" ("punctuation" expected with value ",")
//         around position 11 for expression `{key: foo key2: bar}`.

In addition to using these lint() methods, you can also use the new ExpressionLanguageSyntax constraint to validate that the value stored in some property defines valid ExpressionLanguage syntax (you can optionally validate the expression variable names too):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
namespace App\Entity;

use Symfony\Component\Validator\Constraints as Assert;

class Order
{
    /**
     * @Assert\ExpressionLanguageSyntax()
     */
    protected $promotion;

    /**
     * @Assert\ExpressionLanguageSyntax(
     *     names = ['user', 'shipping_centers'],
     *     validateNames = true
     * )
     */
    protected $shippingOptions;
}
Sponsor the Symfony project.


Source: https://symfony.com/blog

About us

What a Symfony developer should know about the framework: News, Jobs, Tweets, Events, Videos,...

Resources

Find us on Twitter

Find us on Facebook