How to disable HTML Sanitizer in shopware 6?

How to Disable HTML Sanitizer in Shopware 6

The HTML sanitizer enhances the text editor’s security, dependability, and user experience by eliminating potentially hazardous or malicious HTML code. It also purifies styles and attributes to ensure uniform and accurate code rendering across various platforms and browsers. For instance, if the tag is inserted, the editor promptly removes it and displays a notification that certain inputs have been sanitized after a brief delay.

When adding content to the layout, especially in the text area section, you will receive the following notification: ‘Potentially harmful code will be automatically sanitized and removed from the editor‘.

HTML Sanitizer

To disable these default functionalities or allow certain HTML tags, preventing them from being automatically sanitized and removed from the editor, follow the steps below:

By making adjustments to the z-shopware.yaml file or employing a workaround, it’s possible to allow certain HTML tags within the permitted code. Initially, the z-shopware.yaml file may not exist and can be created by duplicating the shopware.yaml file located under config/packages/ on the server hosting Shopware.

In the duplicated file (z-shopware.yaml), include an additional key named html_sanitizer: within the shopware: section. This key should contain all the necessary values and wildcards for whitelisting.

For example, the <img> tag, along with CSS attributes like src, alt, and style, can be added to the whitelist.

shopware:
  html_sanitizer:
    sets:
      -   name: basic
          tags: [ "img" ]
          attributes: [ "src", "alt", "style" ]
          options:
            - key: HTML.Trusted
              value: true
            - key: CSS.Trusted
              value: true

If you wish to disable the sanitizer, despite potential security risks, you can achieve this within the z-shopware.yaml file by using the following code:

shopware:
  html_sanitizer:
    enabled: false

After making changes to the z-shopware.yaml file. Clear the cache.

Note:-

Disabling the HTML sanitizer will allow potentially unsafe or malicious HTML code to be inserted.

Please contact us at manish@bay20.com or call us at +91-8800519180 for any support related to shopware 6. You can also visit the Shopware development page to check the services we offer.