MC-15311: [Sec] PageBuilder XSS Injection Possible Through Block on HTML Code Content Type For CSS Classes Attribute & in TinyMCE

Use DEFAULT_STORE_ID reference

Author: danmooney2

app/code/Magento/PageBuilder/Plugin/Filter/TemplatePlugin.php

@@ -7,6 +7,8 @@
 
 namespace Magento\PageBuilder\Plugin\Filter;
 
+use Magento\Store\Model\Store;
+
 /**
  * Plugin to the template filter to process any background images added by Page Builder
  */
@@ -120,7 +122,7 @@ public function aroundCustomvarDirective(
     ) {
         // Determine the need to escape the return value of observed method.
         // Admin context requires store ID of 0; in that context return value should be escaped
-        $shouldEscape = $subject->getStoreId() !== null && (int) $subject->getStoreId() === 0;
+        $shouldEscape = $subject->getStoreId() !== null && (int) $subject->getStoreId() === Store::DEFAULT_STORE_ID;
 
         if (!$shouldEscape) {
             return $proceed($construction);