magento
diff --git a/‎app/code/Magento/Tax/view/adminhtml/templates/rate/title.phtml
Lines changed: 1 addition & 1 deletion b/‎app/code/Magento/Tax/view/adminhtml/templates/rate/title.phtml
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/code/Magento/Tax/view/adminhtml/templates/rule/rate/form.phtml
Lines changed: 1 addition & 1 deletion b/‎app/code/Magento/Tax/view/adminhtml/templates/rule/rate/form.phtml
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/code/Magento/Tax/view/base/templates/pricing/adjustment.phtml
Lines changed: 1 addition & 1 deletion b/‎app/code/Magento/Tax/view/base/templates/pricing/adjustment.phtml
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/code/Magento/Tax/view/frontend/templates/checkout/cart/item/price/sidebar.phtml
Lines changed: 2 additions & 2 deletions b/‎app/code/Magento/Tax/view/frontend/templates/checkout/cart/item/price/sidebar.phtml
Lines changed: 2 additions & 2 deletions
diff --git a/‎app/code/Magento/Tax/view/frontend/templates/checkout/grandtotal.phtml
Lines changed: 11 additions & 7 deletions b/‎app/code/Magento/Tax/view/frontend/templates/checkout/grandtotal.phtml
Lines changed: 11 additions & 7 deletions
diff --git a/‎app/code/Magento/Tax/view/frontend/templates/checkout/shipping.phtml
Lines changed: 12 additions & 8 deletions b/‎app/code/Magento/Tax/view/frontend/templates/checkout/shipping.phtml
Lines changed: 12 additions & 8 deletions
diff --git a/‎app/code/Magento/Tax/view/frontend/templates/checkout/shipping/price.phtml
Lines changed: 2 additions & 2 deletions b/‎app/code/Magento/Tax/view/frontend/templates/checkout/shipping/price.phtml
Lines changed: 2 additions & 2 deletions
diff --git a/‎app/code/Magento/Tax/view/frontend/templates/checkout/subtotal.phtml
Lines changed: 11 additions & 7 deletions b/‎app/code/Magento/Tax/view/frontend/templates/checkout/subtotal.phtml
Lines changed: 11 additions & 7 deletions
diff --git a/‎app/code/Magento/Tax/view/frontend/templates/checkout/tax.phtml
Lines changed: 5 additions & 5 deletions b/‎app/code/Magento/Tax/view/frontend/templates/checkout/tax.phtml
Lines changed: 5 additions & 5 deletions
diff --git a/‎app/code/Magento/Tax/view/frontend/templates/item/price/row.phtml
Lines changed: 2 additions & 2 deletions b/‎app/code/Magento/Tax/view/frontend/templates/item/price/row.phtml
Lines changed: 2 additions & 2 deletions
@@ -16,7 +16,7 @@
                     class="admin__control-text<?php if ($_store->getId() == 0): ?> required-entry<?php endif; ?>"
                     type="text"
                     name="title[<?= (int)$_store->getId() ?>]"
-                    value="<?= $block->escapeHtml($_labels[$_store->getId()]) ?>" />
+                    value="<?= $block->escapeHtmlAttr($_labels[$_store->getId()]) ?>" />
             </div>
         </div>
     <?php endforeach; ?>
 
@@ -10,7 +10,7 @@
     <div class="grid-loader"></div>
 </div>
 
-<div class="form-inline" id="<?= $block->escapeHtml($block->getNameInLayout()) ?>" style="display:none">
+<div class="form-inline" id="<?= $block->escapeHtmlAttr($block->getNameInLayout()) ?>" style="display:none">
     <?= $block->getFormHtml() ?>
     <?= $block->getChildHtml('form_after') ?>
 </div>
@@ -9,7 +9,7 @@
 
 <?php if ($block->displayBothPrices()): ?>
     <span id="<?= /* @noEscape */ $block->buildIdWithPrefix('price-excluding-tax-') ?>"
-          data-label="<?= $block->escapeHtml(__('Excl. Tax')) ?>"
+          data-label="<?= $block->escapeHtmlAttr(__('Excl. Tax')) ?>"
           data-price-amount="<?= /* @noEscape */ $block->getRawAmount() ?>"
           data-price-type="basePrice"
           class="price-wrapper price-excluding-tax">
 
@@ -8,13 +8,13 @@
 ?>
 <?php $_item = $block->getItem() ?>
     <?php if ($block->displayPriceInclTax() || $block->displayBothPrices()): ?>
-        <span class="price-wrapper price-including-tax" data-label="<?= $block->escapeHtml(__('Incl. Tax')) ?>">
+        <span class="price-wrapper price-including-tax" data-label="<?= $block->escapeHtmlAttr(__('Incl. Tax')) ?>">
             <?php $_incl = $_item->getPriceInclTax(); ?>
             <?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($_incl) ?>
         </span>
     <?php endif; ?>
     <?php if ($block->displayPriceExclTax() || $block->displayBothPrices()): ?>
-        <span class="price-wrapper price-excluding-tax" data-label="<?= $block->escapeHtml(__('Excl. Tax')) ?>">
+        <span class="price-wrapper price-excluding-tax" data-label="<?= $block->escapeHtmlAttr(__('Excl. Tax')) ?>">
             <?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($_item->getCalculationPrice()) ?>
         </span>
     <?php endif; ?>
@@ -9,29 +9,33 @@
  */
 ?>
 <?php if ($block->includeTax() && $block->getTotalExclTax() >= 0):?>
+<?php
+    $style = $block->escapeHtmlAttr($block->getStyle());
+    $colspan = (int)$block->getColspan();
+?>
 <tr class="grand totals excl">
-    <th style="<?= /* @noEscape */ $block->getStyle() ?>" class="mark" colspan="<?= /* @noEscape */ $block->getColspan() ?>" scope="row">
+    <th style="<?= /* @noEscape */ $style ?>" class="mark" colspan="<?= /* @noEscape */ $colspan ?>" scope="row">
         <strong><?= $block->escapeHtml(__('Grand Total Excl. Tax')) ?></strong>
     </th>
-    <td style="<?= /* @noEscape */ $block->getStyle() ?>" class="amount" data-th="<?= $block->escapeHtml(__('Grand Total Excl. Tax')) ?>">
+    <td style="<?= /* @noEscape */ $style ?>" class="amount" data-th="<?= $block->escapeHtmlAttr(__('Grand Total Excl. Tax')) ?>">
         <strong><?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($block->getTotalExclTax()) ?></strong>
     </td>
 </tr>
-<?= /* @noEscape */ $block->renderTotals('taxes', $block->getColspan()) ?>
+<?= /* @noEscape */ $block->renderTotals('taxes', $colspan) ?>
 <tr class="grand totals incl">
-    <th style="<?= /* @noEscape */ $block->getStyle() ?>" class="mark" colspan="<?= /* @noEscape */ $block->getColspan() ?>" scope="row">
+    <th style="<?= /* @noEscape */ $style ?>" class="mark" colspan="<?= /* @noEscape */ $colspan ?>" scope="row">
         <strong><?= $block->escapeHtml(__('Grand Total Incl. Tax')) ?></strong>
     </th>
-    <td style="<?= /* @noEscape */ $block->getStyle() ?>" class="amount" data-th="<?= $block->escapeHtml(__('Grand Total Incl. Tax')) ?>">
+    <td style="<?= /* @noEscape */ $style ?>" class="amount" data-th="<?= $block->escapeHtmlAttr(__('Grand Total Incl. Tax')) ?>">
         <strong><?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($block->getTotal()->getValue()) ?></strong>
     </td>
 </tr>
 <?php else:?>
 <tr class="grand totals">
-    <th style="<?= /* @noEscape */ $block->getStyle() ?>" class="mark" colspan="<?= /* @noEscape */ $block->getColspan() ?>" scope="row">
+    <th style="<?= /* @noEscape */ $style ?>" class="mark" colspan="<?= /* @noEscape */ $colspan ?>" scope="row">
         <strong><?= $block->escapeHtml($block->getTotal()->getTitle()) ?></strong>
     </th>
-    <td style="<?= /* @noEscape */ $block->getStyle() ?>" class="amount" data-th="<?= $block->escapeHtml($block->getTotal()->getTitle()) ?>">
+    <td style="<?= /* @noEscape */ $style ?>" class="amount" data-th="<?= $block->escapeHtmlAttr($block->getTotal()->getTitle()) ?>">
         <strong><?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($block->getTotal()->getValue()) ?></strong>
     </td>
 </tr>
 
@@ -10,38 +10,42 @@
  */
 ?>
 <?php if ($block->displayShipping()):?>
+<?php
+    $style = $block->escapeHtmlAttr($block->getStyle());
+    $colspan = (int)$block->getColspan();
+?>
     <?php if ($block->displayBoth()):?>
     <tr class="totals shipping excl">
-        <th style="<?= /* @noEscape */ $block->getStyle() ?>" class="mark" colspan="<?= /* @noEscape */ $block->getColspan() ?>" scope="row">
+        <th style="<?= /* @noEscape */ $style ?>" class="mark" colspan="<?= /* @noEscape */ $colspan ?>" scope="row">
             <?= $block->escapeHtml($block->getExcludeTaxLabel()) ?>
         </th>
-        <td style="<?= /* @noEscape */ $block->getStyle() ?>" class="amount" data-th="<?= $block->escapeHtml($block->getExcludeTaxLabel()) ?>">
+        <td style="<?= /* @noEscape */ $style ?>" class="amount" data-th="<?= $block->escapeHtmlAttr($block->getExcludeTaxLabel()) ?>">
             <?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($block->getShippingExcludeTax()) ?>
         </td>
     </tr>
     <tr class="totals shipping incl">
-        <th style="<?= /* @noEscape */ $block->getStyle() ?>" class="mark" colspan="<?= /* @noEscape */ $block->getColspan() ?>" scope="row">
+        <th style="<?= /* @noEscape */ $style ?>" class="mark" colspan="<?= /* @noEscape */ $colspan ?>" scope="row">
             <?= $block->escapeHtml($block->getIncludeTaxLabel()) ?>
         </th>
-        <td style="<?= /* @noEscape */ $block->getStyle() ?>" class="amount" data-th="<?= $block->escapeHtml($block->getIncludeTaxLabel()) ?>">
+        <td style="<?= /* @noEscape */ $style ?>" class="amount" data-th="<?= $block->escapeHtmlAttr($block->getIncludeTaxLabel()) ?>">
             <?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($block->getShippingIncludeTax()) ?>
         </td>
     </tr>
     <?php elseif ($block->displayIncludeTax()) : ?>
     <tr class="totals shipping incl">
-        <th style="<?= /* @noEscape */ $block->getStyle() ?>" class="mark" colspan="<?= /* @noEscape */ $block->getColspan() ?>" scope="row">
+        <th style="<?= /* @noEscape */ $style ?>" class="mark" colspan="<?= /* @noEscape */ $colspan ?>" scope="row">
             <?= $block->escapeHtml($block->getTotal()->getTitle()) ?>
         </th>
-        <td style="<?= /* @noEscape */ $block->getStyle() ?>" class="amount" data-th="<?= $block->escapeHtml($block->getTotal()->getTitle()) ?>">
+        <td style="<?= /* @noEscape */ $style ?>" class="amount" data-th="<?= $block->escapeHtmlAttr($block->getTotal()->getTitle()) ?>">
             <?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($block->getShippingIncludeTax()) ?>
         </td>
     </tr>
     <?php else:?>
     <tr class="totals shipping excl">
-        <th style="<?= /* @noEscape */ $block->getStyle() ?>" class="mark" colspan="<?= /* @noEscape */ $block->getColspan() ?>" scope="row">
+        <th style="<?= /* @noEscape */ $style ?>" class="mark" colspan="<?= /* @noEscape */ $colspan ?>" scope="row">
             <?= $block->escapeHtml($block->getTotal()->getTitle()) ?>
         </th>
-        <td style="<?= /* @noEscape */ $block->getStyle() ?>" class="amount" data-th="<?= $block->escapeHtml($block->getTotal()->getTitle()) ?>">
+        <td style="<?= /* @noEscape */ $style ?>" class="amount" data-th="<?= $block->escapeHtmlAttr($block->getTotal()->getTitle()) ?>">
             <?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($block->getShippingExcludeTax()) ?>
         </td>
     </tr>
 
@@ -12,13 +12,13 @@
     <span class="price"><?= /* @noEscape */ $_excl ?></span>
 <?php else: ?>
 <?php if ($block->displayShippingBothPrices() && $_incl != $_excl): ?>
-    <span class="price-including-tax" data-label="<?= $block->escapeHtml(__('Incl. Tax')) ?>">
+    <span class="price-including-tax" data-label="<?= $block->escapeHtmlAttr(__('Incl. Tax')) ?>">
 <?php endif; ?>
     <span class="price"><?= /* @noEscape */ $_incl ?></span>
 <?php if ($block->displayShippingBothPrices() && $_incl != $_excl): ?>
     </span>
 <?php endif; ?>
 <?php endif; ?>
 <?php if ($block->displayShippingBothPrices() && $_incl != $_excl): ?>
-    <span class="price-excluding-tax" data-label="<?= $block->escapeHtml(__('Excl. Tax')) ?>"><span class="price"><?= /* @noEscape */ $_excl ?></span></span>
+    <span class="price-excluding-tax" data-label="<?= $block->escapeHtmlAttr(__('Excl. Tax')) ?>"><span class="price"><?= /* @noEscape */ $_excl ?></span></span>
 <?php endif; ?>
@@ -9,29 +9,33 @@
  * @see \Magento\Tax\Block\Checkout\Subtotal
  */
 ?>
-<?php if ($block->displayBoth()):?>
+<?php if ($block->displayBoth()) :?>
+<?php
+    $style = $block->escapeHtmlAttr($block->getStyle());
+    $colspan = (int)$block->getColspan();
+?>
 <tr class="totals sub excl">
-    <th style="<?= /* @noEscape */ $block->getStyle() ?>" class="mark" colspan="<?= /* @noEscape */ $block->getColspan() ?>" scope="row">
+    <th style="<?= /* @noEscape */ $style ?>" class="mark" colspan="<?= /* @noEscape */ $colspan ?>" scope="row">
         <?= $block->escapeHtml(__('Subtotal (Excl. Tax)')) ?>
     </th>
-    <td style="<?= /* @noEscape */ $block->getStyle() ?>" class="amount" data-th="<?= $block->escapeHtml(__('Subtotal (Excl. Tax)')) ?>">
+    <td style="<?= /* @noEscape */ $style ?>" class="amount" data-th="<?= $block->escapeHtmlAttr(__('Subtotal (Excl. Tax)')) ?>">
         <?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($block->getTotal()->getValueExclTax()) ?>
     </td>
 </tr>
 <tr class="totals sub incl">
-    <th style="<?= /* @noEscape */ $block->getStyle() ?>" class="mark" colspan="<?= /* @noEscape */ $block->getColspan() ?>" scope="row">
+    <th style="<?= /* @noEscape */ $style ?>" class="mark" colspan="<?= /* @noEscape */ $colspan ?>" scope="row">
         <?= $block->escapeHtml(__('Subtotal (Incl. Tax)')) ?>
     </th>
-    <td style="<?= /* @noEscape */ $block->getStyle() ?>" class="amount" data-th="<?= $block->escapeHtml(__('Subtotal (Incl. Tax)')) ?>">
+    <td style="<?= /* @noEscape */ $style ?>" class="amount" data-th="<?= $block->escapeHtmlAttr(__('Subtotal (Incl. Tax)')) ?>">
         <?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($block->getTotal()->getValueInclTax()) ?>
     </td>
 </tr>
 <?php else : ?>
 <tr class="totals sub">
-    <th style="<?= /* @noEscape */ $block->getStyle() ?>" class="mark" colspan="<?= /* @noEscape */ $block->getColspan() ?>" scope="row">
+    <th style="<?= /* @noEscape */ $style ?>" class="mark" colspan="<?= /* @noEscape */ $colspan ?>" scope="row">
         <?= $block->escapeHtml($block->getTotal()->getTitle()) ?>
     </th>
-    <td style="<?= /* @noEscape */ $block->getStyle() ?>" class="amount" data-th="<?= $block->escapeHtml($block->getTotal()->getTitle()) ?>">
+    <td style="<?= /* @noEscape */ $style ?>" class="amount" data-th="<?= $block->escapeHtmlAttr($block->getTotal()->getTitle()) ?>">
         <?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($block->getTotal()->getValue()) ?>
     </td>
 </tr>
 
@@ -11,7 +11,7 @@
 ?>
 <?php
     $_value = $block->getTotal()->getValue();
-    $_style = $block->getTotal()->getStyle();
+    $_style = $block->escapeHtmlAttr($block->getTotal()->getStyle());
 ?>
 <?php global $taxIter; $taxIter++; ?>
 
@@ -23,14 +23,14 @@
 ?>
 
 <tr <?= /* @noEscape */ $attributes ?>>
-    <th style="<?= /* @noEscape */ $_style ?>" class="mark" colspan="<?= /* @noEscape */ $block->getColspan() ?>" scope="row">
+    <th style="<?= /* @noEscape */ $_style ?>" class="mark" colspan="<?= (int)$block->getColspan() ?>" scope="row">
         <?php if ($this->helper('Magento\Tax\Helper\Data')->displayFullSummary()): ?>
             <span class="detailed"><?= $block->escapeHtml($block->getTotal()->getTitle()) ?></span>
         <?php else: ?>
             <?= $block->escapeHtml($block->getTotal()->getTitle()) ?>
         <?php endif;?>
     </th>
-    <td style="<?= /* @noEscape */ $_style ?>" class="amount" data-th="<?= $block->escapeHtml($block->getTotal()->getTitle()) ?>">
+    <td style="<?= /* @noEscape */ $_style ?>" class="amount" data-th="<?= $block->escapeHtmlAttr($block->getTotal()->getTitle()) ?>">
         <?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($_value) ?>
     </td>
 </tr>
@@ -47,15 +47,15 @@
 
         <?php foreach ($rates as $rate): ?>
             <tr class="totals-tax-details details-<?= /* @noEscape */ $taxIter ?>">
-                <th class="mark" style="<?= /* @noEscape */ $_style ?>" colspan="<?= /* @noEscape */ $block->getColspan() ?>" scope="row">
+                <th class="mark" style="<?= /* @noEscape */ $_style ?>" colspan="<?= (int)$block->getColspan() ?>" scope="row">
                     <?= $block->escapeHtml($rate['title']) ?>
                     <?php if (!is_null($rate['percent'])): ?>
                         (<?= (float)$rate['percent'] ?>%)
                     <?php endif; ?>
                 </th>
                 <?php if ($isFirst): ?>
                     <td style="<?= /* @noEscape */ $_style ?>" class="amount" rowspan="<?= count($rates) ?>"
-                       data-th="<?= $block->escapeHtml($rate['title']) ?><?php if (!is_null($rate['percent'])): ?>(<?= (float)$rate['percent'] ?>%)<?php endif; ?>">
+                       data-th="<?= $block->escapeHtmlAttr($rate['title']) ?><?php if (!is_null($rate['percent'])): ?>(<?= (float)$rate['percent'] ?>%)<?php endif; ?>">
                         <?= /* @noEscape */ $this->helper('Magento\Checkout\Helper\Data')->formatPrice($amount) ?>
                     </td>
                 <?php endif; ?>
 
@@ -9,15 +9,15 @@
 $_item = $block->getItem();
 ?>
 <?php if (($block->displayPriceInclTax() || $block->displayBothPrices()) && !$_item->getNoSubtotal()): ?>
-    <span class="price-including-tax" data-label="<?= $block->escapeHtml(__('Incl. Tax')) ?>">
+    <span class="price-including-tax" data-label="<?= $block->escapeHtmlAttr(__('Incl. Tax')) ?>">
         <span class="cart-price">
             <?= /* @noEscape */ $block->formatPrice($_item->getRowTotalInclTax()) ?>
         </span>
     </span>
 <?php endif; ?>
 
 <?php if (($block->displayPriceExclTax() || $block->displayBothPrices()) && !$_item->getNoSubtotal()): ?>
-    <span class="price-excluding-tax" data-label="<?= $block->escapeHtml(__('Excl. Tax')) ?>">
+    <span class="price-excluding-tax" data-label="<?= $block->escapeHtmlAttr(__('Excl. Tax')) ?>">
         <span class="cart-price">
             <?= /* @noEscape */ $block->formatPrice($_item->getRowTotal()) ?>
         </span>