MAGETWO-70978: Stored XSS in Admin Shipment track

Author: ameysar

app/code/Magento/Shipping/view/frontend/templates/tracking/details.phtml

@@ -21,7 +21,7 @@ $fields = [
 ];
 $number = is_object($track) ? $track->getTracking() : $track['number'];
 ?>
-<table class="data table order tracking" id="tracking-table-popup-<?= /* @noEscape */ $number ?>">
+<table class="data table order tracking" id="tracking-table-popup-<?= $block->escapeHtml($number) ?>">
     <caption class="table-caption"><?= $block->escapeHtml(__('Order tracking')) ?></caption>
     <tbody>
     <?php if (is_object($track)): ?>

app/code/Magento/Shipping/view/frontend/templates/tracking/progress.phtml

@@ -11,7 +11,7 @@ $parentBlock = $block->getParentBlock();
 $track = $block->getData('track');
 ?>
 <div class="table-wrapper">
-    <table class="data table order tracking" id="track-history-table-<?= /* @noEscape */ $track->getTracking() ?>">
+    <table class="data table order tracking" id="track-history-table-<?= $block->escapeHtml($track->getTracking()) ?>">
         <caption class="table-caption"><?= $block->escapeHtml(__('Track history')) ?></caption>
         <thead>
         <tr>