Merge branch 'MC-38985' of github.com:magento-cia/magento2ce into cia-2.4.3-3172021

admanesachin · admanesachin · commit 261e087e5a83 · 2021-03-17T09:17:39.000-05:00
diff --git a/app/code/Magento/Payment/view/adminhtml/templates/form/cc.phtml b/app/code/Magento/Payment/view/adminhtml/templates/form/cc.phtml
@@ -40,6 +40,21 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
                    title="<?= $block->escapeHtml(__('Credit Card Number')) ?>"
                    class="admin__control-text validate-cc-number"
                    value="<?= /* @noEscape */ $block->getInfoData('cc_number') ?>"/>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'oncopy',
+                "event.preventDefault();",
+                '#' . $code . '_cc_number'
+            ) ?>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'oncut',
+                "event.preventDefault();",
+                '#' . $code . '_cc_number'
+            ) ?>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'onpaste',
+                "event.preventDefault();",
+                '#' . $code . '_cc_number'
+            ) ?>
         </div>
     </div>
     <div class="field-date admin__field _required">
@@ -78,6 +93,21 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
                        class="required-entry validate-cc-cvn admin__control-cvn admin__control-text"
                        id="<?= /* @noEscape */ $code ?>_cc_cid"
                        name="payment[cc_cid]" value="<?= /* @noEscape */ $block->getInfoData('cc_cid') ?>"/>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'oncopy',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_cid'
+                ) ?>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'oncut',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_cid'
+                ) ?>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'onpaste',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_cid'
+                ) ?>
             </div>
         </div>
     <?php endif; ?>
diff --git a/app/code/Magento/Payment/view/adminhtml/templates/transparent/form.phtml b/app/code/Magento/Payment/view/adminhtml/templates/transparent/form.phtml
@@ -80,6 +80,21 @@ $ccExpMonth = $block->getInfoData('cc_exp_month');
                        "validate-cc-type":"#<?= /* @noEscape */ $code ?>_cc_type"
                    }'
                    autocomplete="off"/>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'oncopy',
+                "event.preventDefault();",
+                '#' . $code . '_cc_number'
+            ) ?>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'oncut',
+                "event.preventDefault();",
+                '#' . $code . '_cc_number'
+            ) ?>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'onpaste',
+                "event.preventDefault();",
+                '#' . $code . '_cc_number'
+            ) ?>
         </div>
     </div>
 
@@ -129,6 +144,21 @@ $ccExpMonth = $block->getInfoData('cc_exp_month');
                        value=""
                        data-validate='{"required-number":true, "validate-cc-cvn":"#<?=/* @noEscape */ $code?>_cc_type"}'
                        autocomplete="off"/>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'oncopy',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_cid'
+                ) ?>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'oncut',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_cid'
+                ) ?>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'onpaste',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_cid'
+                ) ?>
             </div>
         </div>
     <?php endif; ?>
diff --git a/app/code/Magento/Payment/view/frontend/templates/form/cc.phtml b/app/code/Magento/Payment/view/frontend/templates/form/cc.phtml
@@ -51,6 +51,21 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
                        "validate-cc-number":"#<?= /* @noEscape */ $code ?>_cc_type",
                        "validate-cc-type":"#<?= /* @noEscape */ $code ?>_cc_type"
                    }'/>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'oncopy',
+                "event.preventDefault();",
+                '#' . $code . '_cc_number'
+            ) ?>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'oncut',
+                "event.preventDefault();",
+                '#' . $code . '_cc_number'
+            ) ?>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'onpaste',
+                "event.preventDefault();",
+                '#' . $code . '_cc_number'
+            ) ?>
         </div>
     </div>
     <div class="field date required" id="<?= /* @noEscape */ $code ?>_cc_type_exp_div">
@@ -100,6 +115,21 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
             <input type="number" title="<?= $block->escapeHtml(__('Card Verification Number')) ?>"
                    class="input-text cvv" id="<?= /* @noEscape */ $code ?>_cc_cid" name="payment[cc_cid]" value=""
                    data-validate='{"required-number":true, "validate-cc-cvn":"#<?= /* @noEscape */ $code ?>_cc_type"}'/>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'oncopy',
+                "event.preventDefault();",
+                '#' . $code . '_cc_cid'
+            ) ?>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'oncut',
+                "event.preventDefault();",
+                '#' . $code . '_cc_cid'
+            ) ?>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'onpaste',
+                "event.preventDefault();",
+                '#' . $code . '_cc_cid'
+            ) ?>
             <?php $content = '<img src=\"' . $block->getViewFileUrl('Magento_Checkout::cvv.png') . '\" alt=\"' .
                 $block->escapeHtml(__('Card Verification Number Visual Reference')) .
                 '\" title=\"' . $block->escapeHtml(__('Card Verification Number Visual Reference')) . '\" />'; ?>
diff --git a/app/code/Magento/Payment/view/frontend/templates/transparent/form.phtml b/app/code/Magento/Payment/view/frontend/templates/transparent/form.phtml
@@ -75,6 +75,21 @@ $content = '<img src=\"' . $block->escapeUrl($block->getViewFileUrl('Magento_Che
                            "validate-cc-type":"#<?= /* @noEscape */ $code ?>_cc_type"
                        }'
                        autocomplete="off"/>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'oncopy',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_number'
+                ) ?>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'oncut',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_number'
+                ) ?>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'onpaste',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_number'
+                ) ?>
             </div>
         </div>
         <div class="field required date" id="<?= /* @noEscape */ $code ?>_cc_type_exp_div">
@@ -130,6 +145,21 @@ $content = '<img src=\"' . $block->escapeUrl($block->getViewFileUrl('Magento_Che
                            "required-number":true,
                            "validate-cc-cvn":"#<?= /* @noEscape */ $code ?>_cc_type"
                        }' autocomplete="off"/>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'oncopy',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_cid'
+                ) ?>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'oncut',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_cid'
+                ) ?>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'onpaste',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_cid'
+                ) ?>
                 <div class="note">
                     <a href="#" id="<?= /* @noEscape */ $code ?>-cvv-what-is-this" class="action cvv"
                        title="<?= $block->escapeHtml(__('What is this?')) ?>" data-mage-init='{
diff --git a/app/code/Magento/Payment/view/frontend/web/js/view/payment/cc-form.js b/app/code/Magento/Payment/view/frontend/web/js/view/payment/cc-form.js
@@ -192,6 +192,14 @@ define([
                 '" />';
         },
 
+        /**
+         * Get unsanitized html for image for CVV
+         * @returns {String}
+         */
+        getCvvImageUnsanitizedHtml: function () {
+            return this.getCvvImageHtml();
+        },
+
         /**
          * @deprecated
          * @returns {Object}
diff --git a/app/code/Magento/Payment/view/frontend/web/template/payment/cc-form.html b/app/code/Magento/Payment/view/frontend/web/template/payment/cc-form.html
@@ -45,6 +45,9 @@
         </label>
         <div class="control">
             <input type="number" name="payment[cc_number]" class="input-text" value=""
+                   oncopy="return false;"
+                   oncut="return false;"
+                   onpaste="return false;"
                    data-bind="attr: {
                                     autocomplete: off,
                                     id: getCode() + '_cc_number',
@@ -104,6 +107,9 @@
                    class="input-text cvv"
                    name="payment[cc_cid]"
                    value=""
+                   oncopy="return false;"
+                   oncut="return false;"
+                   onpaste="return false;"
                    data-bind="attr: {id: getCode() + '_cc_cid',
                         title: $t('Card Verification Number'),
                         'data-container': getCode() + '-cc-cvv',
@@ -119,7 +125,7 @@
                 </span>
                 <div class="field-tooltip-content"
                      data-target="dropdown"
-                     data-bind="html: getCvvImageHtml()"></div>
+                     data-bind="html: getCvvImageUnsanitizedHtml()"></div>
             </div>
         </div>
     </div>
diff --git a/app/code/Magento/Paypal/view/adminhtml/templates/transparent/form.phtml b/app/code/Magento/Paypal/view/adminhtml/templates/transparent/form.phtml
@@ -81,6 +81,21 @@ $ccExpMonth = $block->getInfoData('cc_exp_month');
                        "validate-cc-type":"#<?= /* @noEscape */ $code ?>_cc_type"
                    }'
                    autocomplete="off"/>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'oncopy',
+                "event.preventDefault();",
+                '#' . $code . '_cc_number'
+            ) ?>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'oncut',
+                "event.preventDefault();",
+                '#' . $code . '_cc_number'
+            ) ?>
+            <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                'onpaste',
+                "event.preventDefault();",
+                '#' . $code . '_cc_number'
+            ) ?>
         </div>
     </div>
 
@@ -130,6 +145,21 @@ $ccExpMonth = $block->getInfoData('cc_exp_month');
                        value=""
                        data-validate='{"required-number":true, "validate-cc-cvn":"#<?=/* @noEscape */ $code?>_cc_type"}'
                        autocomplete="off"/>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'oncopy',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_cid'
+                ) ?>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'oncut',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_cid'
+                ) ?>
+                <?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+                    'onpaste',
+                    "event.preventDefault();",
+                    '#' . $code . '_cc_cid'
+                ) ?>
             </div>
         </div>
     <?php endif; ?>
