Follow-up: Auto removal of HTML anchor tags in Cookie Notice Content

  • Resolved gskyknight

    (@gskyknight)


    5 months ago

    Hello WPeka,

    Happy New Year!

    I hope this message finds you well.

    We would like to let you know that in the light of the recent updates (current version 3.6.8) a previously resolved issue has returned again.

    Plugin versions 2.2.4 and 2.3.9 have successfully resolved the issue about HTML link tags getting removed from the Cookie Notice in the frontend. However, it seems that issue has returned again.

    Here is an example “GDPR Message”:

    <a href="https://www.example.com/">Example.com</a>, uses cookies in order to blah blah blah...

    Unfortunately, the plugin strips off the link tag:

    <a href="https://www.example.com/"></a>

    With regard to my previously suggested fixes (here and here) , it is possible that the same approach might be eligible for the current version.

    For example:

    File: gdpr-cookie-consent/public/templates/skins/default.php
    Line 33:

    Current code:

    <div class="group-description" tabindex="0"><p class="gdpr"><?php echo $the_options['is_iabtcf_on'] ? $cookie_data['dash_notify_message_iabtcf']: esc_html__( $cookie_data['dash_notify_message'], '<a><br><em><strong><span><p><i><img><b><div><label>' ); ?>

    Suggested modification:

    <div class="group-description" tabindex="0"><p class="gdpr"><?php echo $the_options['is_iabtcf_on'] ? $cookie_data['dash_notify_message_iabtcf']: strip_tags(__( $cookie_data['dash_notify_message']), '<a><br><em><strong><span><p><i><img><b><div><label>' ); ?>

    As previously, this suggestion employs again the PHP function strip_tags() instead of esc_html() to escape HTML tags in the frontend without compromising security.

    We would be grateful if you could re-implement the proposed fix or take any other action that remedies the issue in the next update to allow basic HTML markup the in consent message.

    Thank you for your attention to this matter, and we look forward to your response.

    Best regards,
    George

Viewing 10 replies - 1 through 10 (of 10 total)
  • prasada_pujari

    (@prasadaeightnine)

    5 months ago

    Hi there,

    Please submit a ticket to support@wpeka.com for assistance so that we can investigate the issue.

    Thanks for your understanding.

    Thread Starter gskyknight

    (@gskyknight)

    5 months ago

    Hi,

    Thank you for your quick response!
    We raised the ticket #29013.

    Best regards,
    George

    prasada_pujari

    (@prasadaeightnine)

    4 months, 3 weeks ago

    Hi George,

    Thank you for providing the ticket number! We have noted it and will prioritize looking into the issue.

    Thread Starter gskyknight

    (@gskyknight)

    3 months, 3 weeks ago

    Hello WPeka,

    Thank you for the effort you put in maintaining this plugin!

    Taking the opportunity from the last update of three days ago, we’d be grateful if we could have an update regarding this issue about removal of HTML anchor tags in Cookie Notice Content.

    Best regards,
    George

    prasada_pujari

    (@prasadaeightnine)

    3 months, 2 weeks ago

    Hi,

    This issue has been fixed and included in the latest version.

    If you’re still experiencing any problems, please email us at support@wpeka.com, and we’ll be happy to investigate further.

    Regards,

    Prasada

    Thread Starter gskyknight

    (@gskyknight)

    3 months, 2 weeks ago

    Hi @prasadaeightnine ,

    Thank you for your response and for addressing this issue in the latest update. However, after updating to the latest version, we are still experiencing the same problem with HTML anchor tags being removed in the Cookie Notice content.

    Could you please confirm if the fix was applied correctly?

    After a quick check, I believe a small adjustment could help resolve this.

    Currently, in the file:

    File: gdpr-cookie-consent/public/templates/skins/default.php
    Line 62:

    Current Code:

    <div class="group-description" tabindex="0"><p class="gdpr"><?php echo $the_options['is_iabtcf_on'] ? $cookie_data['dash_notify_message_iabtcf']: esc_html__( $cookie_data['dash_notify_message'], '<a><br><em><strong><span><p><i><img><b><div><label>' ); ?>

    Suggested Modification:

    <div class="group-description" tabindex="0"><p class="gdpr"><?php echo $the_options['is_iabtcf_on'] ? $cookie_data['dash_notify_message_iabtcf']: strip_tags(__( $cookie_data['dash_notify_message']), '<a><br><em><strong><span><p><i><img><b><div><label>' ); ?>

    Additionally, this issue seems to affect all files within:
    /gdpr-cookie-consent/public/templates/skins/

    Using esc_html() and wp_kses_post with a second argument like '<a><br><em><strong><span><p><i><img><b><div><label>' doesn’t work effectively for this case because:

    • esc_html() only takes one argument and escapes all HTML completely, meaning any allowed tags specified in the second argument are ignored [reference].
    • wp_kses_post() accepts only one argument and allows WordPress-approved tags and does not respect custom tag allowances in this specific use case [reference].

    By using strip_tags() instead, we can correctly allow the specified HTML tags in the consent message while maintaining security.

    I’ll be happy to submit this suggestion to your email, at support@wpeka.com.

    Looking forward to your response.

    Best regards,
    George

    prasada_pujari

    (@prasadaeightnine)

    3 months, 2 weeks ago

    Hi there,

    Thanks for reaching out!

    I noticed that you’ve also raised a support ticket.

    Our team will continue assisting you through that channel.

    Let us know if you need any further help!

    Regards,

    Prasada

    Thread Starter gskyknight

    (@gskyknight)

    2 months, 3 weeks ago

    Hello WPeka,

    We appreciate the latest update (v3.7.6) and the resolution mark on this thread. However, I wanted to bring to your attention that the issue still persists.

    Following this thread and the ticket I raised, could you please provide an update on the removal of HTML anchor tags in the Cookie Notice Content on the front-end?

    Best regards,
    George

    prasada_pujari

    (@prasadaeightnine)

    2 months, 3 weeks ago

    Hi George,

    Sorry for the confusion.

    Our development team is still working on it and have fixed it.

    We will be releasing the updated version shortly.

    In the meantime, I am sending you the updated ZIP file on the support ticket thread so you can apply the fix right away.

    Please let us know if you need any further assistance.

    Thread Starter gskyknight

    (@gskyknight)

    2 months, 3 weeks ago

    Hi @prasadaeightnine ,

    Thank you for the update and for providing the fixed version in the support ticket. We have applied the update, and we can confirm that the issue is now resolved.

    I appreciate the team’s effort in addressing this, and I look forward to the official release. Thanks again for your prompt support!

    Best regards,
    George

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.