Allow HTML in Customer Reassurance Module

[t.zak510]

Hello,

I'm trying to allow HTML into the Assurance Block but it's always showing me just plain html instead of translating the html.

I edited the blockreassurance.tpl to:

{if $elements}
  <div id="block-reassurance">
    <ul>
      {foreach from=$elements item=element}
        <li><img src="{$element.image}" alt="{$element.text nofilter}" /> <span>{$element.text nofilter}</span></li>
      {/foreach}
    </ul>
  </div>
{/if}

I also edited the reassuranceClass.php to:

 'text' => array('type' => self::TYPE_HTML, 'lang' => true, 'validate' => 'isCleanHtml', 'required' => true),

The result is:

 <a href="www.google.com">Security Policy</a>

How to solve this issue please?

[tantan199]

Did you turn off the "Use HTMLPurifier Library" option on the "BO>Shop parameters>General" page.

[t.zak510]

Hello,

No I didn't, If I turn it off, would it affect my store in a bad way?

[t.zak510]

Hello @tantan199 I did some research regarding HTML Purifier Library and it seems that it is a very important Library to prevent HTML XSS by injecting malicious HTML by a user, I find it strange that you ask me to turn it off, either you are stupid or maybe you have no idea about the role of that Library since you ask me to turn it off.

[tantan199]

How rude you are, I was trying to help. I don't want to explain anything to you anymore.

[t.zak510]

@tantan199Explain to me what exactly? How to ruin my store by making it more vulnerable? you shouldn't ask anyone to disable that Library, it's essential and I concluded you have no idea what you were talking about