AC-11662 CSP - improve script rendering

Author: tranthienbinh1989

app/code/Magento/PageBuilder/view/adminhtml/templates/stage/render.phtml

@@ -52,7 +52,7 @@ $script .= <<<SCRIPT
 ?>
 SCRIPT;
 
-/* @noEscape */ $secureRenderer->renderTag('script', [], $script, false)
+/* @noEscape */ echo $secureRenderer->renderTag('script', [], $script, false);
 ?>
 
 <div>Page Builder Render Frame</div>

app/code/Magento/PageBuilder/view/adminhtml/templates/wysiwyg_setup.phtml

@@ -4,15 +4,22 @@
  * See COPYING.txt for license details.
  */
 
-/** @var Magento\PageBuilder\Block\WysiwygSetup $block */
+/** @var Magento\PageBuilder\Block\WysiwygSetup $block
+ *  @var Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
+ */
 
 ?>
-<script>
+<?php
+$config = $block->getConfigJson();
+$script = <<<SCRIPT
     require.config({
         config: {
             'mage/adminhtml/wysiwyg/tiny_mce/setup': {
-                config: <?= /* @noEscape */ $block->getConfigJson() ?>
+                config: {$config}
             }
         }
     });
-</script>
+?>
+SCRIPT;
+?>
+<?= /* @noEscape */ $secureRenderer->renderTag('script', [], $script, false) ?>

app/code/Magento/PageBuilder/view/base/templates/googlemaps.phtml

@@ -4,39 +4,49 @@
  * See COPYING.txt for license details.
  */
 
-/** @var Magento\PageBuilder\Block\GoogleMapsApi $block */
+/** @var Magento\PageBuilder\Block\GoogleMapsApi $block
+ *  @var Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
+ *  @var Magento\Framework\Escaper $escaper
+ */
 ?>
-<script>
+
+<?php
+$script = <<<SCRIPT
     require.config({
         paths: {
-            googleMaps: '<?= $block->escapeJs($block->getLibraryUrl()); ?>'
+            googleMaps: '" . $escaper->escapeJs($block->getLibraryUrl()); . "'
         },
         config: {
             'Magento_PageBuilder/js/utils/map': {
-                style: '<?= $block->escapeJs($block->getStyle()); ?>'
+                style: '" . $escaper->escapeJs($block->getStyle()); . "'
             },
             'Magento_PageBuilder/js/content-type/map/preview': {
-                apiKey: '<?= $block->escapeJs($block->getApiKey()); ?>',
-                apiKeyErrorMessage: '<?= $block->escapeJs($block->getInvalidApiKeyMessage()); ?>'
+                apiKey: '" . $escaper->escapeJs($block->getApiKey()); . "',
+                apiKeyErrorMessage: '" . $escaper->escapeJs($block->getInvalidApiKeyMessage()); . "'
             },
             'Magento_PageBuilder/js/form/element/map': {
-                apiKey: '<?= $block->escapeJs($block->getApiKey()); ?>',
-                apiKeyErrorMessage: '<?= $block->escapeJs($block->getInvalidApiKeyMessage()); ?>'
+                apiKey: '" . $escaper->escapeJs($block->getApiKey()); . "',
+                apiKeyErrorMessage: '" . $escaper->escapeJs($block->getInvalidApiKeyMessage()); . "'
             },
         }
     });
-</script>
+SCRIPT;
+/** @noEscape */ echo $secureRenderer->renderTag('script', [], $script, false);
+?>
 
 <?php
-// Include the googleMaps dependency only if we have an API key set, this removes unnecessary calls to Google
-if ($block->shouldIncludeGoogleMapsLibrary()) : ?>
-<script>
+/** Include the googleMaps dependency only if we have an API key set, this removes unnecessary calls to Google */
+if ($block->shouldIncludeGoogleMapsLibrary()) {
+    $script = <<<SCRIPT
+
     require.config({
         shim: {
             'Magento_PageBuilder/js/utils/map': {
                 deps: ['googleMaps']
             }
         }
     });
-</script>
-<?php endif; ?>
+SCRIPT;
+    /** @noEscape */ echo $secureRenderer->renderTag('script', [], $script, false);
+}
+?>