MC-16608: Use escaper methods

cspruiell · cspruiell · commit 0835f9df8190 · 2019-05-31T14:25:33.000-05:00
- clean up code
diff --git a/app/code/Magento/Config/view/adminhtml/templates/system/config/js.phtml b/app/code/Magento/Config/view/adminhtml/templates/system/config/js.phtml
@@ -143,36 +143,50 @@ originModel.prototype = {
             var value = this.regionElement.value;
             var disabled = this.regionElement.disabled;
             if (data.length) {
-                var html = '<select name="'+this.regionElement.name+'" id="'+this.regionElement.id+'" ' +
-                    'class="required-entry select" title="'+this.regionElement.title+'"'+(disabled?" disabled":"")+'>';
+                var select = document.createElement('select');
+                select.setAttribute('name', this.regionElement.name);
+                select.setAttribute('title', this.regionElement.title);
+                select.setAttribute('id', this.regionElement.id);
+                select.setAttribute('class', 'required-entry select');
+                if (disabled) {
+                    select.setAttribute('disabled', '');
+                }
                 for (var i in data) {
                     if (data[i].label) {
-                        html+= '<option value="'+data[i].value+'"';
+                        var option = document.createElement('option');
+                        option.setAttribute('value', data[i].value);
+                        option.innerText = data[i].label;
                         if (this.regionElement.value &&
                             (this.regionElement.value == data[i].value || this.regionElement.value == data[i].label)
                         ) {
-                            html+= ' selected';
+                            option.setAttribute('selected', '');
                         }
-                        html+='>'+data[i].label+'<\/option>';
+                        select.add(option);
                     }
                 }
-                html+= '<\/select>';
 
                 var parentNode = this.regionElement.parentNode;
                 var regionElementId = this.regionElement.id;
-                parentNode.innerHTML = html;
+                parentNode.innerHTML = select.outerHTML;
+
                 this.regionElement = $(regionElementId);
             } else if (this.reload) {
                 this.clearRegionField(disabled);
             }
         }
     },
     clearRegionField: function(disabled) {
-        var html = '<input type="text" name="' + this.regionElement.name + '" id="' + this.regionElement.id + '" ' +
-            'class="input-text" title="' + this.regionElement.title + '"' + (disabled ? " disabled" : "") + '>';
+        var text = document.createElement('text');
+        text.setAttribute('name', this.regionElement.name);
+        text.setAttribute('title', this.regionElement.title);
+        text.setAttribute('id', this.regionElement.id);
+        text.setAttribute('class', 'input-text');
+        if (disabled) {
+            text.setAttribute('disabled', '');
+        }
         var parentNode = this.regionElement.parentNode;
         var regionElementId = this.regionElement.id;
-        parentNode.innerHTML = html;
+        parentNode.innerHTML = text.outerHTML;
         this.regionElement = $(regionElementId);
     }
 }
