It turns out PHP code is allowed in .volt templates. Is there a way to disable this? Is there a way to have a sandbox mode where an user will supply a template and it would be safe to include it? By safe I mean no PHP code will be accepted nor executed and only certain tags, variables and methods will be allowed to be accessed?