From 8449a05cc00c9b814ac73f14778d0e627f6a4a24 Mon Sep 17 00:00:00 2001 From: amitsamsukha Date: Fri, 23 Oct 2020 14:05:43 +0000 Subject: [PATCH 1/4] Issue #30594 - added preventDefault if EventListner is added for a tag --- .../Magento/Framework/View/Helper/SecureHtmlRenderer.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php b/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php index ae8ab3f15bc96..3d5db3746a07f 100644 --- a/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php +++ b/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php @@ -119,8 +119,10 @@ function {$listenerFunction} () { targetElement = event.target; } {$listenerFunction}.apply(targetElement); - } + event.preventDefault(); + } } + script; return $this->renderTag('script', ['type' => 'text/javascript'], $script, false); From 7d3ea410d487d56ea0f20c79491348317a5c7a6c Mon Sep 17 00:00:00 2001 From: amitsamsukha Date: Tue, 27 Oct 2020 07:53:29 +0000 Subject: [PATCH 2/4] indentation correction --- .../Magento/Framework/View/Helper/SecureHtmlRenderer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php b/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php index 3d5db3746a07f..a9f330d4379c6 100644 --- a/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php +++ b/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php @@ -119,7 +119,7 @@ function {$listenerFunction} () { targetElement = event.target; } {$listenerFunction}.apply(targetElement); - event.preventDefault(); + event.preventDefault(); } } From 6fd02b338b9562d1d2d1c61371a848cd24ebcd18 Mon Sep 17 00:00:00 2001 From: amitsamsukha Date: Wed, 4 Nov 2020 06:18:50 +0000 Subject: [PATCH 3/4] added check for anchor tag and click event --- .../Magento/Framework/View/Helper/SecureHtmlRenderer.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php b/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php index a9f330d4379c6..f1304634bd62a 100644 --- a/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php +++ b/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php @@ -119,7 +119,9 @@ function {$listenerFunction} () { targetElement = event.target; } {$listenerFunction}.apply(targetElement); - event.preventDefault(); + if ({$elementName}.nodeName == 'A' && "$eventName" == 'onclick') { + event.preventDefault(); + } } } From 93654ab8592a08ea361fc13f46d4370a74075c1a Mon Sep 17 00:00:00 2001 From: amitsamsukha Date: Wed, 4 Nov 2020 06:22:07 +0000 Subject: [PATCH 4/4] indentation correction --- .../Magento/Framework/View/Helper/SecureHtmlRenderer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php b/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php index f1304634bd62a..3df30fec1673f 100644 --- a/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php +++ b/lib/internal/Magento/Framework/View/Helper/SecureHtmlRenderer.php @@ -120,7 +120,7 @@ function {$listenerFunction} () { } {$listenerFunction}.apply(targetElement); if ({$elementName}.nodeName == 'A' && "$eventName" == 'onclick') { - event.preventDefault(); + event.preventDefault(); } } }