Skip to content

Commit d4e98ad

Browse files
author
Hwashiang Yu
committed
MAGETWO-55808: Eliminate @escapeNotVerified in Product Modules
- Resolved incorrect escape methods
1 parent 535723f commit d4e98ad

File tree

7 files changed

+59
-62
lines changed

7 files changed

+59
-62
lines changed

app/code/Magento/Bundle/view/adminhtml/templates/catalog/product/edit/tab/attributes/extend.phtml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,9 @@ $isElementReadonly = $block->getElement()
2727
<?php if (!$isElementReadonly && $block->getDisableChild()) { ?>
2828
<script>
2929
require(['prototype'], function () {
30-
function <?= $block->escapeJs($switchAttributeCode) ?>_change() {
30+
function <?= /* @noEscape */ $switchAttributeCode ?>_change() {
3131
var $attribute = $('<?= $block->escapeJs($attributeCode) ?>');
32-
if ($('<?= $block->escapeJs($switchAttributeCode) ?>').value == '<?= $block->escapeJs($block::DYNAMIC) ?>') {
32+
if ($('<?= /* @noEscape */ $switchAttributeCode ?>').value == '<?= $block->escapeJs($block::DYNAMIC) ?>') {
3333
if ($attribute) {
3434
$attribute.disabled = true;
3535
$attribute.value = '';
@@ -43,7 +43,7 @@ $isElementReadonly = $block->getElement()
4343
<?php if ($attributeCode === 'price' && !$block->getCanEditPrice() && $block->getCanReadPrice()
4444
&& $block->getProduct()->isObjectNew()) : ?>
4545
<?php $defaultProductPrice = $block->getDefaultProductPrice() ?: "''"; ?>
46-
$attribute.value = <?= $block->escapeJs($defaultProductPrice) ?>;
46+
$attribute.value = <?= /* @noEscape */ (string)$defaultProductPrice ?>;
4747
<?php else : ?>
4848
$attribute.disabled = false;
4949
$attribute.addClassName('required-entry');
@@ -57,10 +57,10 @@ $isElementReadonly = $block->getElement()
5757

5858
<?php if (!($attributeCode === 'price' && !$block->getCanEditPrice()
5959
&& !$block->getProduct()->isObjectNew())) : ?>
60-
$('<?= $block->escapeJs($switchAttributeCode) ?>').observe('change', <?= $block->escapeJs($switchAttributeCode) ?>_change);
60+
$('<?= /* @noEscape */ $switchAttributeCode ?>').observe('change', <?= /* @noEscape */ $switchAttributeCode ?>_change);
6161
<?php endif; ?>
6262
Event.observe(window, 'load', function(){
63-
<?= $block->escapeJs($switchAttributeCode) ?>_change();
63+
<?= /* @noEscape */ $switchAttributeCode ?>_change();
6464
});
6565
});
6666
</script>

app/code/Magento/Bundle/view/adminhtml/templates/product/edit/bundle/option.phtml

Lines changed: 25 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -7,67 +7,67 @@
77
/** @var $block \Magento\Bundle\Block\Adminhtml\Catalog\Product\Edit\Tab\Bundle\Option */
88
?>
99
<script id="bundle-option-template" type="text/x-magento-template">
10-
<div id="<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldId())) ?>_<%- data.index %>" class="option-box">
11-
<div class="fieldset-wrapper admin__collapsible-block-wrapper opened" id="<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldId())) ?>_<%- data.index %>-wrapper">
10+
<div id="<?= $block->escapeHtmlAttr($block->getFieldId()) ?>_<%- data.index %>" class="option-box">
11+
<div class="fieldset-wrapper admin__collapsible-block-wrapper opened" id="<?= $block->escapeHtmlAttr($block->getFieldId()) ?>_<%- data.index %>-wrapper">
1212
<div class="fieldset-wrapper-title">
13-
<strong class="admin__collapsible-title" data-toggle="collapse" data-target="#<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldId())) ?>_<%- data.index %>-content">
13+
<strong class="admin__collapsible-title" data-toggle="collapse" data-target="#<?= $block->escapeHtmlAttr($block->getFieldId()) ?>_<%- data.index %>-content">
1414
<span><%- data.default_title %></span>
1515
</strong>
1616
<div class="actions">
1717
<?= $block->getOptionDeleteButtonHtml() ?>
1818
</div>
1919
<div data-role="draggable-handle" class="draggable-handle"></div>
2020
</div>
21-
<div class="fieldset-wrapper-content in collapse" id="<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldId())) ?>_<%- data.index %>-content">
21+
<div class="fieldset-wrapper-content in collapse" id="<?= $block->escapeHtmlAttr($block->getFieldId()) ?>_<%- data.index %>-content">
2222
<fieldset class="fieldset">
2323
<fieldset class="fieldset-alt">
2424
<div class="field field-option-title required">
25-
<label class="label" for="id_<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldName())) ?>_<%- data.index %>_title">
26-
<?= $block->escapeJs($block->escapeHtml(__('Option Title'))) ?>
25+
<label class="label" for="id_<?= $block->escapeHtmlAttr($block->getFieldName()) ?>_<%- data.index %>_title">
26+
<?= $block->escapeHtml(__('Option Title'))) ?>
2727
</label>
2828
<div class="control">
2929
<?php if ($block->isDefaultStore()) : ?>
3030
<input class="input-text required-entry"
3131
type="text"
32-
name="<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldName())) ?>[<%- data.index %>][title]"
33-
id="id_<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldName())) ?>_<%- data.index %>_title"
32+
name="<?= $block->escapeHtmlAttr($block->getFieldName()) ?>[<%- data.index %>][title]"
33+
id="id_<?= $block->escapeHtmlAttr($block->getFieldName()) ?>_<%- data.index %>_title"
3434
value="<%- data.title %>"
3535
data-original-value="<%- data.title %>" />
3636
<?php else : ?>
3737
<input class="input-text required-entry"
3838
type="text"
39-
name="<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldName())) ?>[<%- data.index %>][default_title]"
40-
id="id_<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldName())) ?>_<%- data.index %>_default_title"
39+
name="<?= $block->escapeHtmlAttr($block->getFieldName()) ?>[<%- data.index %>][default_title]"
40+
id="id_<?= $block->escapeHtmlAttr($block->getFieldName()) ?>_<%- data.index %>_default_title"
4141
value="<%- data.default_title %>"
4242
data-original-value="<%- data.default_title %>" />
4343
<?php endif; ?>
4444
<input type="hidden"
45-
id="<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldId())) ?>_id_<%- data.index %>"
46-
name="<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldName())) ?>[<%- data.index %>][option_id]"
45+
id="<?= $block->escapeHtmlAttr($block->getFieldId()) ?>_id_<%- data.index %>"
46+
name="<?= $block->escapeHtmlAttr($block->getFieldName()) ?>[<%- data.index %>][option_id]"
4747
value="<%- data.option_id %>" />
4848
<input type="hidden"
49-
name="<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldName())) ?>[<%- data.index %>][delete]"
49+
name="<?= $block->escapeHtmlAttr($block->getFieldName()) ?>[<%- data.index %>][delete]"
5050
value=""
5151
data-state="deleted" />
5252
</div>
5353
</div>
5454
<?php if (!$block->isDefaultStore()) : ?>
5555
<div class="field field-option-store-view required">
56-
<label class="label" for="id_<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldName())) ?>_<%- data.index %>_title_store">
57-
<?= $block->escapeJs($block->escapeHtml(__('Store View Title'))) ?>
56+
<label class="label" for="id_<?= $block->escapeHtmlAttr($block->getFieldName()) ?>_<%- data.index %>_title_store">
57+
<?= $block->escapeHtml(__('Store View Title'))) ?>
5858
</label>
5959
<div class="control">
6060
<input class="input-text required-entry"
6161
type="text"
62-
name="<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldName())) ?>[<%- data.index %>][title]"
63-
id="id_<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldName())) ?>_<%- data.index %>_title_store"
62+
name="<?= $block->escapeHtmlAttr($block->getFieldName()) ?>[<%- data.index %>][title]"
63+
id="id_<?= $block->escapeHtmlAttr($block->getFieldName()) ?>_<%- data.index %>_title_store"
6464
value="<%- data.title %>" />
6565
</div>
6666
</div>
6767
<?php endif; ?>
6868
<div class="field field-option-input-type required">
69-
<label class="label" for="<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldId() . '_<%- data.index %>_type')) ?>">
70-
<?= $block->escapeJs($block->escapeHtml(__('Input Type'))) ?>
69+
<label class="label" for="<?= $block->escapeHtmlAttr($block->getFieldId() . '_<%- data.index %>_type')) ?>">
70+
<?= $block->escapeHtml(__('Input Type'))) ?>
7171
</label>
7272
<div class="control">
7373
<?= $block->getTypeSelectHtml() ?>
@@ -80,33 +80,33 @@
8080
checked="checked"
8181
id="field-option-req" />
8282
<label for="field-option-req">
83-
<?= $block->escapeJs($block->escapeHtml(__('Required'))) ?>
83+
<?= $block->escapeHtml(__('Required'))) ?>
8484
</label>
8585
<span style="display:none"><?= $block->getRequireSelectHtml() ?></span>
8686
</div>
8787
</div>
8888
<div class="field field-option-position no-display">
8989
<label class="label" for="field-option-position">
90-
<?= $block->escapeJs($block->escapeHtml(__('Position'))) ?>
90+
<?= $block->escapeHtml(__('Position'))) ?>
9191
</label>
9292
<div class="control">
9393
<input class="input-text validate-zero-or-greater"
9494
type="text"
95-
name="<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldName())) ?>[<%- data.index %>][position]"
95+
name="<?= $block->escapeHtmlAttr($block->getFieldName()) ?>[<%- data.index %>][position]"
9696
value="<%- data.position %>"
9797
id="field-option-position" />
9898
</div>
9999
</div>
100100
</fieldset>
101101

102102
<div class="no-products-message">
103-
<?= $block->escapeJs($block->escapeHtml(__('There are no products in this option.'))) ?>
103+
<?= $block->escapeHtml(__('There are no products in this option.'))) ?>
104104
</div>
105105
<?= $block->getAddSelectionButtonHtml() ?>
106106
</fieldset>
107107
</div>
108108
</div>
109-
<div id="<?= $block->escapeJs($block->escapeHtmlAttr($block->getFieldId())) ?>_search_<%- data.index %>" class="selection-search"></div>
109+
<div id="<?= $block->escapeHtmlAttr($block->getFieldId()) ?>_search_<%- data.index %>" class="selection-search"></div>
110110
</div>
111111
</script>
112112

@@ -149,7 +149,7 @@ Bundle.Option.prototype = {
149149

150150
add : function(data) {
151151
if (!data) {
152-
data = <?= $block->escapeJs($this->helper(Magento\Framework\Json\Helper\Data::class)->jsonEncode(['default_title' => __('New Option')])) ?>;
152+
data = <?= /* @noEscape */ $this->helper(Magento\Framework\Json\Helper\Data::class)->jsonEncode(['default_title' => __('New Option')])) ?>;
153153
} else {
154154
data.title = data.title.replace(/</g, "&lt;");
155155
data.title = data.title.replace(/"/g, "&quot;");

0 commit comments

Comments
 (0)