@@ -71,30 +71,27 @@ public function getElementHtml()
7171 {
7272 $ html'' ;
7373
74- if ((string )$ this getValue ()) {
74+ if ((string )$ this getEscapedValue ()) {
7575 $ url$ this _getUrl ();
7676
7777 if (!preg_match ("/^http\:\/\/|https\:\/\// " , $ url
7878 $ url$ this _urlBuilder ->getBaseUrl (['_type ' => UrlInterface::URL_TYPE_MEDIA ]) . $ url
7979 }
8080
8181 $ linkId'linkId ' .$ this random ->getRandomString (8 );
82- $ html'<a previewlinkid=" ' .$ linkId'" href=" ' .
83- $ url
84- '" ' .
82+ $ html'<a previewlinkid=" ' .$ linkId'" href=" ' .
83+ $ url'" ' .
8584 $ this _getUiId (
8685 'link '
8786 ) .
8887 '> ' .
89- '<img src=" ' .
90- $ url
91- '" id=" ' .
88+ '<img src=" ' . $ url'" id=" ' .
9289 $ this getHtmlId () .
9390 '_image" title=" ' .
94- $ this getValue () .
91+ $ this getEscapedValue () .
9592 '" ' .
9693 ' alt=" ' .
97- $ this getValue () .
94+ $ this getEscapedValue () .
9895 '" height="22" width="22" class="small-image-preview v-middle" ' .
9996 $ this _getUiId () .
10097 ' /> ' .
@@ -120,7 +117,7 @@ public function getElementHtml()
120117 protected function _getDeleteCheckbox ()
121118 {
122119 $ html'' ;
123- if ($ this getValue ()) {
120+ if ($ this getEscapedValue ()) {
124121 $ labelstring )new \Magento \Framework \Phrase ('Delete Image ' );
125122 $ html'<span class="delete-image"> ' ;
126123 $ html'<input type="checkbox" ' .
@@ -153,7 +150,8 @@ protected function _getDeleteCheckbox()
153150 */
154151 protected function _getHiddenInput ()
155152 {
156- return '<input type="hidden" name=" ' . parent ::getName () . '[value]" value=" ' . $ this getValue () . '" /> ' ;
153+ return '<input type="hidden" name=" ' . parent ::getName () .
154+ '[value]" value=" ' . $ this getEscapedValue () . '" /> ' ;
157155 }
158156
159157 /**
@@ -163,7 +161,7 @@ protected function _getHiddenInput()
163161 */
164162 protected function _getUrl ()
165163 {
166- return $ this getValue ();
164+ return $ this getEscapedValue ();
167165 }
168166
169167 /**
0 commit comments