#140: Link "Read instructions on how to generate signature" in Store-Configuration is incorrect.

Author: lenaorobei

Securitytxt/Model/Config/Signature.php

@@ -3,12 +3,12 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
 declare(strict_types=1);
 
 namespace Magento\Securitytxt\Model\Config;
 
 use Magento\Config\Model\Config\CommentInterface;
+use Magento\Framework\Escaper;
 
 /**
  * Signature field description
@@ -21,11 +21,19 @@ class Signature implements CommentInterface
     private $instructionLink;
 
     /**
+     * @var Escaper
+     */
+    private $escaper;
+
+    /**
+     * @param Escaper $escaper
      * @param string $instructionLink
      */
     public function __construct(
+        Escaper $escaper,
         string $instructionLink = ''
     ) {
+        $this->escaper = $escaper;
         $this->instructionLink = $instructionLink;
     }
 
@@ -38,8 +46,13 @@ public function __construct(
      */
     public function getCommentText($elementValue): string
     {
-        return "<a href='{$this->instructionLink}' target='_blank'>
-                    Read instructions on how to generate signature
-                </a>";
+        if ($this->instructionLink === '') {
+            return '';
+        }
+        return sprintf(
+            "<a href='%s' target='_blank'>%s</a>",
+            $this->escaper->escapeUrl($this->instructionLink),
+            __('Read instructions on how to generate signature')
+        );
     }
 }

Securitytxt/i18n/en_US.csv

@@ -26,4 +26,5 @@ Hiring,Hiring
 "Example: https://example.com/jobs.html","Example: https://example.com/jobs.html"
 Policy,Policy
 "Example: https://example.com/security-policy.html","Example: https://example.com/security-policy.html"
-Signature,Signature
+Signature,Signature
+"Read instructions on how to generate signature","Read instructions on how to generate signature"