MC-15427: Token Abuse in PayPal Payflow module

 - Added Captcha reload on negative place order flow

Author: YevSent

app/code/Magento/Payment/view/frontend/templates/transparent/iframe.phtml

@@ -40,7 +40,7 @@ $params = $block->getParams();
                     $(parent).trigger('clearTimeout');
                     fullScreenLoader.stopLoader();
                     globalMessageList.addErrorMessage({
-                        message: $t(<?= /* @escapeNotVerified */ json_encode($params['error_msg'])?>)
+                        message: $t(<?= /* @noEscape */ json_encode($params['error_msg'])?>)
                     });
                 }
             );

app/code/Magento/PaypalCaptcha/view/frontend/web/js/view/payment/list-mixin.js

@@ -3,10 +3,16 @@
  * See COPYING.txt for license details.
  */
 
-define([], function () {
+define([
+    'jquery',
+    'Magento_Captcha/js/model/captchaList'
+], function ($, captchaList) {
     'use strict';
 
     var mixin = {
+
+        formId: 'co-payment-form',
+
         /**
          * Sets custom template for Payflow Pro
          *
@@ -17,11 +23,25 @@ define([], function () {
 
             var component = this._super(payment);
 
-            if (payment.method === 'payflowpro') {
+            if (component.component === 'Magento_Paypal/js/view/payment/method-renderer/payflowpro-method') {
                 component.template = 'Magento_PaypalCaptcha/payment/payflowpro-form';
+                $(window).off('clearTimeout')
+                    .on('clearTimeout', this.clearTimeout.bind(this));
             }
 
             return component;
+        },
+
+        /**
+         * Overrides default window.clearTimeout() to catch errors from iframe and reload Captcha.
+         */
+        clearTimeout: function () {
+            var captcha = captchaList.getCaptchaByFormId(this.formId);
+
+            if (captcha !== null) {
+                captcha.refresh();
+            }
+            clearTimeout();
         }
     };