- today
- label Tutorials
- favorite 0 likes
- remove_red_eye 2878 views
PrestaShop, the open-source e-commerce platform, faced issues in detecting certain event attributes through the isCleanHTML method before versions 8.1.3 and 1.7.8.11. This flaw posed a potential vulnerability in modules utilizing the isCleanHTML method for cross-site scripting. Versions 8.1.3 and 1.7.8.11 include a fix for this concern. The recommended solution involves using the HTMLPurifier library to sanitize HTML inputs from users, already present as a dependency in the PrestaShop project. However, caution is advised, as fields of HTML type in legacy object models trigger the isCleanHTML method.
Updating to the latest version is strongly advised.