Dev news

Commit c9189ad6a74 for woocommerce

commit c9189ad6a7438053c11a87972cb395632f894774
Author: Seghir Nadir <nadir.seghir@gmail.com>
Date:   Tue Apr 7 08:51:22 2026 +0200

    Fix address autocomplete branding logo not rendering in block checkout (#63985)

    * Fix address autocomplete "Powered by Google" logo not showing in block checkout

    The branding HTML from the address provider contains an <img> tag, but
    sanitizeHTML() was called with default allowed tags which don't include
    img. This caused DOMPurify to strip the logo on block checkout, while
    the shortcode checkout worked fine with its own permissive config.

    * Fix prettier formatting for sanitizeHTML config arrays

    * Reduce sanitizeHTML allowlist to tags actually used by branding

diff --git a/plugins/woocommerce/changelog/fix-address-autocomplete-branding-logo b/plugins/woocommerce/changelog/fix-address-autocomplete-branding-logo
new file mode 100644
index 00000000000..b9a97d1707f
--- /dev/null
+++ b/plugins/woocommerce/changelog/fix-address-autocomplete-branding-logo
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Fix address autocomplete branding logo not rendering in block checkout due to sanitizeHTML stripping img tags
diff --git a/plugins/woocommerce/client/blocks/assets/js/base/components/cart-checkout/address-autocomplete/suggestions.tsx b/plugins/woocommerce/client/blocks/assets/js/base/components/cart-checkout/address-autocomplete/suggestions.tsx
index c44d61d9fe8..838f8ef3928 100644
--- a/plugins/woocommerce/client/blocks/assets/js/base/components/cart-checkout/address-autocomplete/suggestions.tsx
+++ b/plugins/woocommerce/client/blocks/assets/js/base/components/cart-checkout/address-autocomplete/suggestions.tsx
@@ -117,7 +117,19 @@ export const Suggestions = ( {
 				<div
 					className="woocommerce-address-autocomplete-branding"
 					dangerouslySetInnerHTML={ {
-						__html: sanitizeHTML( branding ),
+						__html: sanitizeHTML( branding, {
+							tags: [ 'a', 'img', 'span', 'br' ],
+							attr: [
+								'href',
+								'target',
+								'rel',
+								'src',
+								'alt',
+								'style',
+								'width',
+								'height',
+							],
+						} ),
 					} }
 				/>
 			) : null }