MC-10871: [Sec] XSS Injection in HTML Code Content Type

- Fix MFTF failures

Author: davemacaulay

app/code/Magento/PageBuilder/Model/Stage/HtmlFilter.php

@@ -54,15 +54,14 @@ public function filterHtml(string $content): string
             $item->parentNode->removeChild($item);
         }
         $xpath = new \DOMXPath($dom);
-        $htmlContentTypes = $xpath->query('//*[@data-role="html"]');
+        $htmlContentTypes = $xpath->query('//*[@data-role="html" and not(contains(@class, "placeholder-html-code"))]');
         foreach ($htmlContentTypes as $htmlContentType) {
             /* @var \DOMElement $htmlContentType */
             $innerHTML= '';
             $children = $htmlContentType->childNodes;
             foreach ($children as $child) {
                 $innerHTML .= $child->ownerDocument->saveXML($child);
             }
-            $htmlContentType->removeAttribute("data-role");
             $htmlContentType->setAttribute(
                 "class",
                 $htmlContentType->getAttribute("class") . " placeholder-html-code"

app/code/Magento/PageBuilder/Test/Mftf/Section/PageBuilderBlockSection.xml

@@ -9,7 +9,7 @@
 <sections xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:mftf:Page/etc/SectionObject.xsd">
     <section name="BlockOnStage">
-        <element name="html" type="text" selector="((//div[contains(@class,'pagebuilder-block')])[{{arg1}}]//div[contains(@data-bind,'html: data.main.html')])[{{arg2}}]//a[contains(@class,'pagebuilder-button-primary')]" parameterized="true"/>
+        <element name="html" type="text" selector="((//div[contains(@class,'pagebuilder-block')])[{{arg1}}]//div[contains(@data-bind,'html: data.main.html')])[{{arg2}}]//div[contains(@class,'placeholder-html-code')]" parameterized="true"/>
         <element name="status" type="text" selector="((//div[contains(@class,'pagebuilder-block')])[{{arg1}}]//span[contains(@class,'placeholder') and text()='{{arg}}'])" parameterized="true"/>
         <element name="deleted" type="text" selector="((//div[contains(@class,'pagebuilder-block')])[{{arg1}}]//span[contains(@class,'placeholder') and contains(text(),'Block with ID: {{arg}} doesn')])" parameterized="true"/>
         <element name="title" type="text" selector="(//div[contains(@class,'pagebuilder-block')])[{{arg1}}]//div[contains(@class,'pagebuilder-options-wrapper')]//div[contains(@class,'option-title') and text()='{{arg}}']" parameterized="true"/>

app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderBlockTest.xml

@@ -172,7 +172,7 @@
         <comment userInput="Validate stage after updating block" stepKey="validateStage2" />
         <actionGroup ref="switchToPageBuilderStage" stepKey="switchToPageBuilderStage"/>
         <waitForElementVisible selector="{{HtmlOnStage.base('1')}}" stepKey="waitForHtmlBaseStage1"/>
-        <waitForElementVisible selector="{{BlockOnStage.html('1', '1')}}" stepKey="waitForHtmlStage1"/>
+        <see selector="{{BlockOnStage.html('1', '1')}}" userInput="{{PageBuilderHtmlPropertyButton.value}}" stepKey="waitForHtmlStage1"/>
         <actionGroup ref="ClearCacheActionGroup" stepKey="clearMagentoCache"/>
         <!-- Validate Storefront -->
         <comment userInput="Validate storefront after updating block" stepKey="validateStorefront2" />
@@ -1475,7 +1475,7 @@
             </actionGroup>
         </before>
         <after>
-            <deleteData createDataKey="createPreReqBlock" stepKey="deletePreReqBlock" />
+            <!--<deleteData createDataKey="createPreReqBlock" stepKey="deletePreReqBlock" />-->
             <actionGroup ref="logout" stepKey="logout"/>
         </after>
         <!-- Edit Block and configure Row - Vertical Align Bottom -->