Hello - some of our products have an option where the customer can enter a custom message to include on the product.
This option is set as a “Text” field (the regular html input field).
Due to the nature of our business though, allowing the < and > characters is necessary. But it looks like cs-cart strips out any < that gets entered, and every other >.
I know it’s doing this to prevent malicious html input. I have tried to see where it’s doing this but did not find it.
Where is cs-cart stripping these out?
Even escaping the < and > to the html entity > and < internally will be fine, because the other views should hopefully render them as expected.
i think that removing this is not secure for you, removing this from everywhere will be quite difficult, but for some specific functionality you can try.
try to search smarty strip_tags in templates where you want to remove this cleaning.
for example:
with cleaning {$product.product|strip_tags}, without {$product.product}