@gellert.gyuris my solution is to manually modify the code of my phplist installs 
public_html/lists/admin/attributes.php
Edit the file public_html/lists/admin/attributes.php by removing the strip_tags() function from three distinct places:
- the code that populates the value="" tag of the input on the page load
- the code that UPDATEs existing attributes in the DB
- the code that INSERTs new attributes in the DB
More specifically, here’s a diff of the original file and my updated version:
< $tables['attribute'], sql_escape(strip_tags($_POST['name'][0])), sql_escape($_POST['type'][0]),
---
> $tables['attribute'], sql_escape($_POST['name'][0]), sql_escape($_POST['type'][0]),
162c162
< $tables['attribute'], sql_escape(strip_tags($_POST['name'][$id])), sql_escape($_POST['type'][$id]),
---
> $tables['attribute'], sql_escape($_POST['name'][$id]), sql_escape($_POST['type'][$id]),
375c375
< <input type="text" name="name[' .$row['id'].']" value="'.htmlspecialchars(stripslashes(strip_tags($row['name']))).'" size="40" />';
---
> <input type="text" name="name[' .$row['id'].']" value="'.htmlspecialchars(stripslashes($row['name'])).'" size="40" />';
After this change, you should be able to set the “Name” of the attribute to include an html <a href="..."> anchor tag that links to your ToS.
I’ve done this on three distinct phpList installs. Note how they all have a checkbox for “I agree to the XYZ Privacy Policy” – where the “Privacy Policy” bit is a hyperlink to the actual privacy policy: