From 62e03ca1fe21b2331f7e750c84dbfb37acbfe9be Mon Sep 17 00:00:00 2001 From: Micha Hobert Date: Tue, 17 Oct 2023 17:03:36 +0200 Subject: [PATCH] Add warning to html sanitizer --- guides/hosting/configurations/shopware/html-sanitizer.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/guides/hosting/configurations/shopware/html-sanitizer.md b/guides/hosting/configurations/shopware/html-sanitizer.md index 459f42d7c..013e0c3bf 100644 --- a/guides/hosting/configurations/shopware/html-sanitizer.md +++ b/guides/hosting/configurations/shopware/html-sanitizer.md @@ -13,7 +13,7 @@ This feature has been introduced with Shopware version 6.5. This is exclusively ## Overview -HTML sanitizer improves security, reliability and usability of the text editor by removing potentially unsafe or malicious HTML code. It also sanitizes styles and attributes for consistent and correct code rendering regardless of platform and browser. For example, if the `` tag is added, it is automatically removed by the editor after a few seconds and an additional notice appears that some of your inputs have been sanitized. +HTML sanitizer improves security, reliability and usability of the text editor by removing potentially unsafe or malicious HTML code. It also sanitizes styles and attributes for consistent and correct code rendering regardless of platform and browser. For example, if the `` tag is added, it is automatically removed by the editor after a few seconds and an additional notice appears that some of your inputs have been sanitized. ## Configuration @@ -30,3 +30,7 @@ In this example, the `` tag, as well as the CSS attributes `src`, `alt` and If you want to deactivate the sanitizer despite security risks, you can also do this in theĀ `z-shopware.yaml` using the following code: <<< @/docs/snippets/config/html_sanitizer_disabled.yaml + +::: warning +Disabling the HTML sanitizer will allow potentially unsafe or malicious HTML code to be inserted. +:::