Execute script in copyright block?
-
13-04-2021 - |
Solution
This is not a bug. It's a feature.
In the template html/footer.phtml
from the Magento_Theme
module there is this:
<address><?= $block->escapeHtml($block->getCopyright()) ?></address>
getCopyright
returns exactly what you have in your config field.
This means that the value is escaped before printing it on the screen.
If you don't want this escape, you can override the template in your theme and replace the code above with
<address><?= $block->getCopyright(); ?></address>
But this will leave you exposed to XSS if someone inserts some (harmful) javascript code in your copyright section.
Licensed under: CC-BY-SA with attribution
Not affiliated with magento.stackexchange