MAGETWO-56441: Eliminate @escapeNotVerified in Product and Catalog Rules Modules

Oleksandr Gorkun · Oleksandr Gorkun · commit 6952aca26dc3 · 2019-05-21T15:06:40.000-05:00
diff --git a/app/code/Magento/CatalogRule/view/adminhtml/templates/promo/fieldset.phtml b/app/code/Magento/CatalogRule/view/adminhtml/templates/promo/fieldset.phtml
@@ -11,8 +11,8 @@
 <?php $_element = $block->getElement() ?>
 <?php $_jsObjectName = $block->getFieldSetId() != null ? $block->getFieldSetId() : $_element->getHtmlId() ?>
 <div class="rule-tree">
-    <fieldset id="<?= /* @escapeNotVerified */ $_jsObjectName ?>" <?= /* @escapeNotVerified */ $_element->serialize(['class']) ?> class="fieldset">
-        <legend class="legend"><span><?= /* @escapeNotVerified */ $_element->getLegend() ?></span></legend>
+    <fieldset id="<?= $block->escapeHtmlAttr($_jsObjectName) ?>" <?= /* @noEscape */ $_element->serialize(['class']) ?> class="fieldset">
+        <legend class="legend"><span><?= $block->escapeHtml($_element->getLegend()) ?></span></legend>
         <br>
     <?php if ($_element->getComment()): ?>
         <div class="messages">
@@ -30,9 +30,9 @@ require([
     "prototype"
 ], function(VarienRulesForm){
 
-window.<?= /* @escapeNotVerified */ $_jsObjectName ?> = new VarienRulesForm('<?= /* @escapeNotVerified */ $_jsObjectName ?>', '<?= /* @escapeNotVerified */ $block->getNewChildUrl() ?>');
+window.<?= $block->escapeJs($_jsObjectName) ?> = new VarienRulesForm('<?= /* @noEscape */ $_jsObjectName ?>', '<?= /* @noEscape */ $block->getNewChildUrl() ?>');
 <?php if ($_element->getReadonly()): ?>
-    <?= $_element->getHtmlId() ?>.setReadonly(true);
+    <?= /* @noEscape */ $_element->getHtmlId() ?>.setReadonly(true);
 <?php endif; ?>
 
 });
diff --git a/app/code/Magento/Msrp/view/base/templates/product/price/msrp.phtml b/app/code/Magento/Msrp/view/base/templates/product/price/msrp.phtml
@@ -35,8 +35,8 @@ $priceElementIdPrefix = $block->getPriceElementIdPrefix() ? $block->getPriceElem
 ?>
 
 <?php if ($amount): ?>
-    <span class="old-price map-old-price"><?= /* @escapeNotVerified */ $msrpPrice ?></span>
-    <span class="map-fallback-price normal-price"><?= /* @escapeNotVerified */ $msrpPrice ?></span>
+    <span class="old-price map-old-price"><?= /* @noEscape */ $msrpPrice ?></span>
+    <span class="map-fallback-price normal-price"><?= /* @noEscape */ $msrpPrice ?></span>
 <?php endif; ?>
 
 <?php if ($priceType->isShowPriceOnGesture()): ?>
@@ -83,26 +83,27 @@ $priceElementIdPrefix = $block->getPriceElementIdPrefix() ? $block->getPriceElem
             (int) $productId));
     }
     ?>
-    <span id="<?= /* @escapeNotVerified */ $block->getPriceId() ? $block->getPriceId() : $priceElementId ?>" style="display:none"></span>
+    <span id="<?= $block->escapeHtmlAttr($block->getPriceId() ? $block->getPriceId() : $priceElementId) ?>" style="display:none"></span>
     <a href="javascript:void(0);"
-       id="<?= /* @escapeNotVerified */ ($popupId) ?>"
+       id="<?= /* @noEscape */ ($popupId) ?>"
        class="action map-show-info"
-       data-mage-init='<?= /* @noEscape */ $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($data) ?>'><?= /* @escapeNotVerified */ __('Click for price') ?>
+       data-mage-init='<?= /* @noEscape */ $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($data) ?>'>
+        <?= $block->escapeHtml(__('Click for price')) ?>
     </a>
 <?php else: ?>
     <span class="msrp-message">
-     <?= /* @escapeNotVerified */ $priceType->getMsrpPriceMessage() ?>
+     <?= $block->escapeHtml($priceType->getMsrpPriceMessage()) ?>
     </span>
 <?php endif; ?>
 
 <?php if ($block->getZone() == \Magento\Framework\Pricing\Render::ZONE_ITEM_VIEW): ?>
     <?php $helpLinkId = 'msrp-help-' . $productId . $block->getRandomString(20); ?>
     <a href="javascript:void(0);"
-       id="<?= /* @escapeNotVerified */ $helpLinkId ?>"
+       id="<?= /* @noEscape */ $helpLinkId ?>"
        class="action map-show-info"
        data-mage-init='{"addToCart":{"origin": "info",
-                                     "helpLinkId": "#<?= /* @escapeNotVerified */ $helpLinkId ?>",
+                                     "helpLinkId": "#<?= /* @noEscape */ $helpLinkId ?>",
                                      "productName": "<?= $block->escapeJs($block->escapeHtml($product->getName())) ?>",
-                                     "closeButtonId": "#map-popup-close"}}'><span><?= /* @escapeNotVerified */ __("What's this?") ?></span>
+                                     "closeButtonId": "#map-popup-close"}}'><span><?= $block->escapeHtml(__("What's this?")) ?></span>
     </a>
 <?php endif; ?>
diff --git a/app/code/Magento/Msrp/view/frontend/templates/cart/subtotal.phtml b/app/code/Magento/Msrp/view/frontend/templates/cart/subtotal.phtml
@@ -6,6 +6,6 @@
 ?>
 <div class="subtotal">
     <span class="mark msrp">
-        <?= /* @escapeNotVerified */ __('Order total will be displayed before you submit the order') ?>
+        <?= $block->escapeHtml(__('Order total will be displayed before you submit the order')) ?>
     </span>
 </div>
diff --git a/app/code/Magento/Msrp/view/frontend/templates/cart/totals.phtml b/app/code/Magento/Msrp/view/frontend/templates/cart/totals.phtml
@@ -7,5 +7,5 @@
 // @codingStandardsIgnoreFile
 ?>
 <div class="cart-totals">
-    <div class="msrp totals"><?= /* @escapeNotVerified */ __('You will see the order total before you submit the order.') ?></div>
+    <div class="msrp totals"><?= $block->escapeHtml(__('You will see the order total before you submit the order.')) ?></div>
 </div>
diff --git a/app/code/Magento/Msrp/view/frontend/templates/popup.phtml b/app/code/Magento/Msrp/view/frontend/templates/popup.phtml
@@ -20,13 +20,13 @@
             <div class="map-info-price" id="map-popup-content">
                 <div class="price-box">
                     <div class="map-msrp" id="map-popup-msrp-box">
-                        <span class="label"><?= /* @escapeNotVerified */ __('Price') ?></span>
+                        <span class="label"><?= $block->escapeHtml(__('Price')) ?></span>
                         <span class="old-price map-old-price" id="map-popup-msrp">
                             <span class="price"></span>
                         </span>
                     </div>
                     <div class="map-price" id="map-popup-price-box">
-                        <span class="label"><?= /* @escapeNotVerified */ __('Actual Price') ?></span>
+                        <span class="label"><?= $block->escapeHtml(__('Actual Price')) ?></span>
                         <span id="map-popup-price" class="actual-price"></span>
                     </div>
                 </div>
@@ -35,15 +35,15 @@
                     <button type="button"
                             title="<?= $block->escapeHtml(__('Add to Cart')) ?>"
                             class="action tocart primary">
-                        <span><?= /* @escapeNotVerified */ __('Add to Cart') ?></span>
+                        <span><?= $block->escapeHtml(__('Add to Cart')) ?></span>
                     </button>
                     <div class="additional-addtocart-box">
                         <?= $block->getChildHtml() ?>
                     </div>
                 </form>
             </div>
             <div class="map-text" id="map-popup-text">
-                <?= /* @escapeNotVerified */ $block->getExplanationMessage() ?>
+                <?= /* @noEscape */ $block->getExplanationMessage() ?>
             </div>
         </div>
     </div>
@@ -55,7 +55,7 @@
         </div>
         <div class="popup-content">
             <div class="map-help-text" id="map-popup-text-what-this">
-                <?= /* @escapeNotVerified */ $block->getExplanationMessageWhatsThis() ?>
+                <?= /* @noEscape */ $block->getExplanationMessageWhatsThis() ?>
             </div>
         </div>
     </div>
diff --git a/app/code/Magento/Msrp/view/frontend/templates/render/item/price_msrp_item.phtml b/app/code/Magento/Msrp/view/frontend/templates/render/item/price_msrp_item.phtml
@@ -29,27 +29,29 @@
 <div class="price-box msrp">
     <?php if ($_product->getMsrp()): ?>
         <?php $_msrpPrice = $pricingHelper->currency($_product->getMsrp(), true, false) ?>
-        <span class="old-price"><?= /* @escapeNotVerified */ $_msrpPrice ?></span>
+        <span class="old-price"><?= /* @noEscape */ $_msrpPrice ?></span>
     <?php endif; ?>
     <?php if ($_catalogHelper->isShowPriceOnGesture($_product)): ?>
         <?php $priceElementId = 'product-price-' . $_id . $block->getIdSuffix(); ?>
-        <span id="<?= /* @escapeNotVerified */ $priceElementId ?>" style="display: none"></span>
+        <span id="<?= /* @noEscape */ $priceElementId ?>" style="display: none"></span>
         <?php $popupId = 'msrp-popup-' . $_id . $block->getRandomString(20); ?>
         <a href="javascript:void(0);"
-           id="<?= /* @escapeNotVerified */ ($popupId) ?>"
-           data-mage-init='{"addToCart":{"popupId": "#<?= /* @escapeNotVerified */ ($popupId) ?>",
+           id="<?= /* @noEscape */ ($popupId) ?>"
+           data-mage-init='{"addToCart":{"popupId": "#<?= /* @noEscape */ ($popupId) ?>",
                                          "productName": "<?= /* @noEscape */ $block->escapeJs($block->escapeHtml($_product->getName())) ?>",
-                                         "realPrice": <?= /* @escapeNotVerified */ $block->getRealPriceJs($_product) ?>,
-                                         "msrpPrice": "<?= /* @escapeNotVerified */ $_msrpPrice ?>",
-                                         "priceElementId":"<?= /* @escapeNotVerified */ $priceElementId ?>",
+                                         "realPrice": <?= /* @noEscape */ $block->getRealPriceJs($_product) ?>,
+                                         "msrpPrice": "<?= /* @noEscape */ $_msrpPrice ?>",
+                                         "priceElementId":"<?= /* @noEscape */ $priceElementId ?>",
                                          "popupCartButtonId": "#map-popup-button",
-                                         "cartForm": "#wishlist-view-form"}}'><?= /* @escapeNotVerified */ __('Click for price') ?>
+                                         "cartForm": "#wishlist-view-form"}}'><?= $block->escapeHtml(__('Click for price')) ?>
         </a>
     <?php else: ?>
         <span class="msrp-message">
-            <?= /* @escapeNotVerified */ $_catalogHelper->getMsrpPriceMessage($_product) ?>
+            <?= $block->escapeHtml($_catalogHelper->getMsrpPriceMessage($_product)) ?>
         </span>
     <?php endif; ?>
     <?php $helpLinkId = 'msrp-help-' . $_id . $block->getRandomString(20); ?>
-    <a href="javascript:void(0);" id="<?= /* @escapeNotVerified */ ($helpLinkId) ?>" data-mage-init='{"addToCart":{"helpLinkId": "#<?= /* @escapeNotVerified */ ($helpLinkId) ?>", "productName": "<?= /* @noEscape */ $block->escapeJs($block->escapeHtml($_product->getName())) ?>"}}' class="link tip"><?= /* @escapeNotVerified */ __("What's this?") ?></a>
+    <a href="javascript:void(0);" id="<?= /* @noEscape */ ($helpLinkId) ?>" data-mage-init='{"addToCart":{"helpLinkId": "#<?= /* @noEscape */ ($helpLinkId) ?>", "productName": "<?= /* @noEscape */$block->escapeJs($block->escapeHtml($_product->getName())) ?>"}}' class="link tip">
+        <?= $block->escapeHtml(__("What's this?")) ?>
+    </a>
 </div>
diff --git a/app/code/Magento/Msrp/view/frontend/templates/render/item/price_msrp_rss.phtml b/app/code/Magento/Msrp/view/frontend/templates/render/item/price_msrp_rss.phtml
@@ -16,6 +16,8 @@
 ?>
 <div class="price-box msrp">
     <?php if ($this->helper('Magento\Msrp\Helper\Data')->canApplyMsrp($block->getProduct())): ?>
-        <a href="<?= /* @escapeNotVerified */ $block->getProduct()->getProductUrl() ?>"><?= /* @escapeNotVerified */ __('Click for price') ?></a>
+        <a href="<?= $block->escapeUrl($block->getProduct()->getProductUrl()) ?>">
+            <?= $block->escapeHtml(__('Click for price')) ?>
+        </a>
     <?php endif; ?>
 </div>
