MC-18157: [Incorrect Escaping] Add proper escaping to translation phrases marked with @NoEscape tag

zakdma · zakdma · commit dded342d0b8d · 2019-07-25T10:29:11.000+03:00
diff --git a/app/code/Magento/Bundle/view/frontend/templates/catalog/product/view/type/bundle/options.phtml b/app/code/Magento/Bundle/view/frontend/templates/catalog/product/view/type/bundle/options.phtml
@@ -26,7 +26,7 @@ $options = $block->decorateArray($block->getOptions($stripSelection));
 </script>
         <fieldset class="fieldset fieldset-bundle-options">
             <legend id="customizeTitle" class="legend title">
-                <span><?= /* @noEscape */ __('Customize %1', $helper->productAttribute($product, $product->getName(), 'name')) ?></span>
+                <span><?= $block->escapeHtml(__('Customize %1', $helper->productAttribute($product, $product->getName(), 'name'))) ?></span>
             </legend><br />
             <?= $block->getChildHtml('product_info_bundle_options_top') ?>
             <?php foreach ($options as $option) : ?>
diff --git a/app/code/Magento/Catalog/view/frontend/templates/product/gallery.phtml b/app/code/Magento/Catalog/view/frontend/templates/product/gallery.phtml
@@ -34,7 +34,7 @@
          id="product-gallery-image"
          class="image"
          data-mage-init='{"catalogGallery":{}}'/>
-    <div class="buttons-set"><a href="#" class="button" role="close-window"><span><?= /* @noEscape */ __('Close Window') ?></span></a></div>
+    <div class="buttons-set"><a href="#" class="button" role="close-window"><span><?= $block->escapeHtml(__('Close Window')) ?></span></a></div>
     <?php if ($block->getPreviousImageUrl() || $block->getNextImageUrl()) :?>
         <div class="nav">
             <?php if ($_prevUrl = $block->getPreviousImageUrl()) :?>
diff --git a/app/code/Magento/Downloadable/view/adminhtml/templates/product/edit/downloadable.phtml b/app/code/Magento/Downloadable/view/adminhtml/templates/product/edit/downloadable.phtml
@@ -210,7 +210,7 @@ var uploaderTemplate = '<div class="no-display" id="[[idName]]-template">' +
     <input type="checkbox" data-action="change-type-product-downloadable"  class="admin__control-checkbox"
            name="is_downloadable" id="is-downloaodable" <?= $block->isDownloadable() ? 'checked="checked"' : ''?> />
     <label class="admin__field-label" for="is-downloaodable">
-        <span><?= /* @noEscape */ __('Is this a downloadable Product?'); ?></span>
+        <span><?= $block->escapeHtml(__('Is this a downloadable Product?')); ?></span>
     </label>
 </div>
 <div class="entry-edit" id="product_info_tabs_downloadable_items">
diff --git a/app/code/Magento/Downloadable/view/adminhtml/templates/product/edit/downloadable/samples.phtml b/app/code/Magento/Downloadable/view/adminhtml/templates/product/edit/downloadable/samples.phtml
@@ -51,7 +51,7 @@ $block->getConfigJson();
                 </table>
             </div>
             <div class="admin__field-note">
-                <?= /* @noEscape */ __('Alphanumeric, dash and underscore characters are recommended for filenames. Improper characters are replaced with \'_\'.') ?>
+                <?= $block->escapeHtml(__('Alphanumeric, dash and underscore characters are recommended for filenames. Improper characters are replaced with \'_\'.')) ?>
             </div>
         </div>
     </div>
