Results 1 to 2 of 2
  1. 1 Aug 2013, 03:36 PM #1
    PetleyJ's Avatar
    PetleyJ
    PetleyJ is offline Zen Follower
    Join Date
    Jul 2009
    Location
    Norwich, UK
    Posts
    120
    Plugin Contributions
    0

    Default HTML in Reviews (Need it to be supported.)

    Hi Guys.

    I need to have HTML enabled within customer reviews.

    Does anyone know what I need to do to get it working?

    Thanks.
    James
    FMUK Consulting - Web Design & Development | Graphics | Marketing | Apps - http://www.FMUKConsulting.co.uk
    Reply With Quote Reply With Quote
  2. 1 Aug 2013, 05:01 PM #2
    DrByte's Avatar
    DrByte
    DrByte is offline Sensei
    Join Date
    Jan 2004
    Posts
    66,373
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: HTML in Reviews (Need it to be supported.)

    As with any "I wanna change the way it works, the approach I'd take to find out would be to look at the main_page= value in the URL of the page when a review is composed, then look at the header_php.php file for that page and find where that input field is used, and change the logic that's been applied to it.

    BUT ...

    Keep in mind that what you're doing is VERY dangerous from a security perspective.
    When you remove the strip_tags() from the input you receive, you are now opening yourself up to CSRF and XSS attacks, so you need to sanitize. You need to sanitize EVERY place where that data is ever used (both the input from the visitor and every place where it's ever output back to the browser, both in non-admin and admin), and review to make sure you are 1000% certain that you've not allowed anyone to input iframes, script tags, and numerous other possible site-hijacking code into any reviews. Test test test test test and test again.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
    Reply With Quote Reply With Quote
 

 
« Previous Thread | Next Thread »

Similar Threads

  1. Reviews Sidebox HTML Links Bleeding Over Into Sideboxes Below The Reviews Box
    By mikeel100 in forum Bug Reports
    Replies: 4
    Last Post: 24 Oct 2015, 05:54 AM
  2. v154 specials.html and reviews.html in admin point to site not admin
    By eyeb in forum General Questions
    Replies: 6
    Last Post: 2 Sep 2015, 04:46 AM
  3. Need two types of coupons - is it supported ?
    By CreatingSitesSince95 in forum Discounts/Coupons, Gift Certificates, Newsletters, Ads
    Replies: 7
    Last Post: 26 Nov 2011, 06:13 PM
  4. HTML in reviews
    By joshlfisher in forum General Questions
    Replies: 1
    Last Post: 14 Oct 2008, 07:29 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR
Content and Graphics Copyright (c) 2003 - 2024 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC