MAGETWO-95506: Broken Swagger markup

viktorpetryk · viktorpetryk · commit 50ea8f1fee37 · 2018-10-23T16:32:26.000+03:00
diff --git a/app/code/Magento/Swagger/Block/Index.php b/app/code/Magento/Swagger/Block/Index.php
@@ -19,7 +19,7 @@ class Index extends Template
      */
     private function getParamStore()
     {
-        return $this->getRequest()->getParam('store') ?: 'all';
+        return $this->stripTags($this->getRequest()->getParam('store')) ?: 'all';
     }
 
     /**
diff --git a/app/code/Magento/Swagger/view/frontend/templates/swagger-ui/index.phtml b/app/code/Magento/Swagger/view/frontend/templates/swagger-ui/index.phtml
@@ -24,7 +24,7 @@ $schemaUrl = $block->getSchemaUrl();
     <div class="swagger-ui-wrap">
         <a id="logo" href="http://swagger.io">swagger</a>
         <form id='api_selector'>
-            <input id="input_baseUrl" type="hidden" value="<?php /* @escapeNotVerified */ echo $schemaUrl ?>"/>
+            <input id="input_baseUrl" type="hidden" value="<?= $block->escapeUrl($schemaUrl) ?>"/>
             <div class='input'><input placeholder="api_key" id="input_apiKey" name="apiKey" type="text"/></div>
             <div class='input'><a id="explore" href="#" data-sw-translate>apply</a></div>
         </form>

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ class Index extends Template`
`19`	`19`	`*/`
`20`	`20`	`private function getParamStore()`
`21`	`21`	`{`
`22`		`- return $this->getRequest()->getParam('store') ?: 'all';`
	`22`	`+ return $this->stripTags($this->getRequest()->getParam('store')) ?: 'all';`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`/**`