Skip to content
← Shopware 6 - Product Feedback & Ideas

What idea would you like to share with us?

Shopware 6 - Product Feedback & Ideas: System & Settings

Categories

(thinking…)

Possibility to disable HTML Sanitizer

With 6.5, the HTML Sanitizer was added, which removes possible malicious code in the text editor in the admin. There are possibilities to add certain bypasses, but no possibility to disable it completely.

For example, some CSS attributes cannot be bypassed because they are simply not supported by HTML Purifier.

Please add a function to disable this completely. About e.g. the shopware.yaml or .env

31 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Rafael Betz shared this idea  ·   ·  Report…  ·  Admin →

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Philipp Fuge commented  ·   ·  Report

    Cant even do basic image tags anymore.

  • Stefan Brockhaus commented  ·   ·  Report

    The sanitizer keeps us from updating a multichannel instance to 6.5. Even though this implementation is an OWASP recommendation, we would like to have an easy choice to disable the sanitizer.
    I agree with the initiator of this "idea" and other two commentators in their statements.

  • Tobias Pierschel commented  ·   ·  Report

    In my opinion, the switch should be added in the administration not in a hidden yaml file.

  • Dennis Mertens commented  ·   ·  Report

    But the intention of the sanitizer is against the use case of the Text-Element in most shops.

    Also, CMS, Productdescriptions etc. have many html-code also html code with Shop specific features.

    We still need the Code more than we need the security feature.

    Just take a look at your SW6 showcases!
    BVB Shop has some icons with HTML in the product description. -> not possible with sanitizer and you can’t get every secure HTML code.