Description "Twig\Profiler\Dumper\HtmlDumper" writes "Profile::getTemplate()" and "Profile::getName()" straight into its HTML output without escaping: protected function formatTemplate(Profile $profile, $prefix): string { return \sprintf('%s└ <span style="background-color: %s">%s</span>', $prefix, self::$colors['template'], $profile->getTemplate()); } The template name comes from the loader (the array key for "ArrayLoader", a row id for a database-backed loader, etc.). When that name is attacker-controlled, the profiler dump emits arbitrary HTML, and any browser that renders it executes the injected markup. This is an output-encoding bug in profiler/debug tooling, not a sandbox escape. Resolution "HtmlDumper" now runs both "Profile::getTemplate()" and "Profile::getName()" through "htmlspecialchars()" before inserting them into the HTML output. Credits Twig would like to thank El Kharoubi Iosif for reporting the issue and Nicolas Grekas for fixing it.