From d34fb8ab51108495a9a651b841202d935f4e12f7 Mon Sep 17 00:00:00 2001
From: Luke Towers <github@luketowers.ca>
Date: Fri, 13 Nov 2020 03:48:27 -0600
Subject: [PATCH] Improve Twig security policy

Follow up to https://github.com/octobercms/october/compare/106daa2930de4cebb18732732d47d4056f01dd5b...7cb148c1677373ac30ccfd3069d18098e403e1ca. Thanks to @ka1n4t for the additional review.
---
 modules/system/twig/SecurityPolicy.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/system/twig/SecurityPolicy.php b/modules/system/twig/SecurityPolicy.php
index bcbc7a1501..aacd39ba63 100644
--- a/modules/system/twig/SecurityPolicy.php
+++ b/modules/system/twig/SecurityPolicy.php
@@ -20,6 +20,8 @@ final class SecurityPolicy implements SecurityPolicyInterface
     protected $blockedMethods = [
         'addDynamicMethod',
         'addDynamicProperty',
+        'bindEvent',
+        'bindEventOnce',
     ];
 
     /**