safe php template engine

I finding a php template engine allow user defined function only or it allow white-list functions only. My problem is I will let my user edit their templates. So I need a开发者_运维知识库 safe template engine.

The twig project ( http://www.twig-project.org/ ) has a sandbox mode.

Rain implements the sandbox with black_list, if you ask they might add the white list as well http://www.raintpl.com/

If you just need conditions(if), loops(for) and filters maybe my minimal Text-Template class could do the job: https://github.com/dermatthes/text-template

It's pure regular expressions without the need for filesystem access nor eval()'d code. So it should be quite secure. And it'll parse 50kB of template within <3ms.