From fb3350318c5b23c58dfa7b7b3219c927427491ec Mon Sep 17 00:00:00 2001 From: Kiel Pykett Date: Thu, 9 Mar 2023 00:24:14 +0000 Subject: [PATCH] Chore: Newsletter - Replace Block Escaping with Escaper --- .../templates/preview/iframeswitcher.phtml | 12 +++++-- .../adminhtml/templates/preview/store.phtml | 17 ++++++---- .../view/adminhtml/templates/queue/edit.phtml | 14 +++++--- .../adminhtml/templates/queue/preview.phtml | 9 +++-- .../adminhtml/templates/subscriber/list.phtml | 16 ++++++--- .../adminhtml/templates/template/edit.phtml | 34 +++++++++++-------- .../templates/template/preview.phtml | 9 +++-- .../localizedSubscriptionErrorMessage.phtml | 9 +++-- .../view/frontend/templates/subscribe.phtml | 19 +++++++---- 9 files changed, 93 insertions(+), 46 deletions(-) diff --git a/app/code/Magento/Newsletter/view/adminhtml/templates/preview/iframeswitcher.phtml b/app/code/Magento/Newsletter/view/adminhtml/templates/preview/iframeswitcher.phtml index 99342fd9d81ba..ab604e6e9aa34 100644 --- a/app/code/Magento/Newsletter/view/adminhtml/templates/preview/iframeswitcher.phtml +++ b/app/code/Magento/Newsletter/view/adminhtml/templates/preview/iframeswitcher.phtml @@ -3,9 +3,15 @@ * Copyright © Magento, Inc. All rights reserved. * See COPYING.txt for license details. */ +declare(strict_types=1); -/** @var \Magento\Backend\Block\Page $block */ -/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */ +use Magento\Backend\Block\Page; +use Magento\Framework\Escaper; +use Magento\Framework\View\Helper\SecureHtmlRenderer; + +/** @var Escaper $escaper */ +/** @var Page $block */ +/** @var SecureHtmlRenderer $secureRenderer */ ?>
@@ -20,7 +26,7 @@ id="preview_iframe" class="preview_iframe" frameborder="0" - title="escapeHtmlAttr(__('Preview')) ?>" + title="escapeHtmlAttr(__('Preview')) ?>" width="100%" sandbox="allow-forms allow-pointer-lock allow-same-origin" > diff --git a/app/code/Magento/Newsletter/view/adminhtml/templates/preview/store.phtml b/app/code/Magento/Newsletter/view/adminhtml/templates/preview/store.phtml index 896b8ce773c2d..cec6ae87e0d19 100644 --- a/app/code/Magento/Newsletter/view/adminhtml/templates/preview/store.phtml +++ b/app/code/Magento/Newsletter/view/adminhtml/templates/preview/store.phtml @@ -3,13 +3,18 @@ * Copyright © Magento, Inc. All rights reserved. * See COPYING.txt for license details. */ +declare(strict_types=1); -/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */ +use Magento\Framework\Escaper; +use Magento\Framework\View\Helper\SecureHtmlRenderer; + +/** @var Escaper $escaper */ +/** @var SecureHtmlRenderer $secureRenderer */ ?> getWebsites()): ?>
- +
getQueueAsOptions() as $_queue): ?> - renderEventListenerAsTag( 'onclick', diff --git a/app/code/Magento/Newsletter/view/adminhtml/templates/template/edit.phtml b/app/code/Magento/Newsletter/view/adminhtml/templates/template/edit.phtml index 29555130de1ae..cdd0ab0e43858 100644 --- a/app/code/Magento/Newsletter/view/adminhtml/templates/template/edit.phtml +++ b/app/code/Magento/Newsletter/view/adminhtml/templates/template/edit.phtml @@ -3,30 +3,34 @@ * Copyright © Magento, Inc. All rights reserved. * See COPYING.txt for license details. */ +declare(strict_types=1); +use Magento\Framework\Escaper; use Magento\Framework\App\TemplateTypesInterface; +use Magento\Framework\View\Helper\SecureHtmlRenderer; +use Magento\Newsletter\Block\Adminhtml\Template\Edit; -/* @var $block \Magento\Newsletter\Block\Adminhtml\Template\Edit */ -/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */ - +/** @var Escaper $escaper */ +/** @var Edit $block */ +/** @var SecureHtmlRenderer $secureRenderer */ ?> -
+ getBlockHtml('formkey') ?>
+ value="escapeHtmlAttr($block->getSaveAsFlag()) ?>" />
getForm() ?>
-
- +
escapeJs(__('Are you sure that you want to strip all tags?'))}", + content: "{$escaper->escapeJs(__('Are you sure that you want to strip all tags?'))}", actions: { confirm: function () { if (wysiwyg.activeEditor()) { @@ -145,8 +149,8 @@ require([ if (\$F('code').blank() || \$F('code') == templateControl.templateName) { prompt({ - content: '{$block->escapeJs(__('Please enter a new template name.'))}', - value: templateControl.templateName + '{$block->escapeJs(__(' Copy'))}', + content: '{$escaper->escapeJs(__('Please enter a new template name.'))}', + value: templateControl.templateName + '{$escaper->escapeJs(__(' Copy'))}', actions: { confirm: function (value) { $('code').value = value; @@ -177,9 +181,9 @@ require([ preview: function () { if (this.typeChange) { - $('preview_type').value = {$block->escapeJs(TemplateTypesInterface::TYPE_TEXT)}; + $('preview_type').value = {$escaper->escapeJs(TemplateTypesInterface::TYPE_TEXT)}; } else { - $('preview_type').value = {$block->escapeJs($block->getTemplateType())}; + $('preview_type').value = {$escaper->escapeJs($block->getTemplateType())}; } if (wysiwyg.activeEditor()) { @@ -203,10 +207,10 @@ require([ deleteTemplate: function () { confirm({ - content: "{$block->escapeJs(__('Are you sure you want to delete this template?'))}", + content: "{$escaper->escapeJs(__('Are you sure you want to delete this template?'))}", actions: { confirm: function () { - window.location.href = '{$block->escapeJs($block->getDeleteUrl())}'; + window.location.href = '{$escaper->escapeJs($block->getDeleteUrl())}'; } } }); @@ -214,7 +218,7 @@ require([ }; templateControl.init(); - templateControl.templateName = "{$block->escapeJs($block->getJsTemplateName())}"; + templateControl.templateName = "{$escaper->escapeJs($block->getJsTemplateName())}"; //]]> }); diff --git a/app/code/Magento/Newsletter/view/adminhtml/templates/template/preview.phtml b/app/code/Magento/Newsletter/view/adminhtml/templates/template/preview.phtml index e0a88cdf53f15..6b9c5fc8c3a66 100644 --- a/app/code/Magento/Newsletter/view/adminhtml/templates/template/preview.phtml +++ b/app/code/Magento/Newsletter/view/adminhtml/templates/template/preview.phtml @@ -3,14 +3,19 @@ * Copyright © Magento, Inc. All rights reserved. * See COPYING.txt for license details. */ +declare(strict_types=1); -/** @var \Magento\Framework\View\Element\Template $block */ +use Magento\Framework\Escaper; +use Magento\Framework\View\Element\Template; + +/** @var Escaper $escaper */ +/** @var Template $block */ ?> - <?= $block->escapeHtml(__('Newsletter Message Preview')) ?> + <?= $escaper->escapeHtml(__('Newsletter Message Preview')) ?> getChildHtml('content') ?> diff --git a/app/code/Magento/Newsletter/view/frontend/templates/messages/localizedSubscriptionErrorMessage.phtml b/app/code/Magento/Newsletter/view/frontend/templates/messages/localizedSubscriptionErrorMessage.phtml index 46c35002e3995..e704dbb5f4161 100644 --- a/app/code/Magento/Newsletter/view/frontend/templates/messages/localizedSubscriptionErrorMessage.phtml +++ b/app/code/Magento/Newsletter/view/frontend/templates/messages/localizedSubscriptionErrorMessage.phtml @@ -3,7 +3,12 @@ * Copyright © Magento, Inc. All rights reserved. * See COPYING.txt for license details. */ +declare(strict_types=1); -/** @var \Magento\Framework\View\Element\Template $block */ +use Magento\Framework\Escaper; +use Magento\Framework\View\Element\Template; + +/** @var Escaper $escaper */ +/** @var Template $block */ ?> -escapeHtml(__($block->getData('message')), ['a']); ?> +escapeHtml(__($block->getData('message')), ['a']); ?> diff --git a/app/code/Magento/Newsletter/view/frontend/templates/subscribe.phtml b/app/code/Magento/Newsletter/view/frontend/templates/subscribe.phtml index 554cc4e16bd6f..105f316f5dcf4 100644 --- a/app/code/Magento/Newsletter/view/frontend/templates/subscribe.phtml +++ b/app/code/Magento/Newsletter/view/frontend/templates/subscribe.phtml @@ -3,15 +3,20 @@ * Copyright © Magento, Inc. All rights reserved. * See COPYING.txt for license details. */ +declare(strict_types=1); -/** @var \Magento\Newsletter\Block\Subscribe $block */ +use Magento\Framework\Escaper; +use Magento\Newsletter\Block\Subscribe; + +/** @var Escaper $escaper */ +/** @var Subscribe $block */ ?>