Merge pull request #318 from magento-cia/AC-11662

admanesachin · web-flow · commit 8706d602fc7e · 2024-03-27T10:02:18.000-05:00
AC-11662 [PCI] - improve script rendering
diff --git a/app/code/Magento/PageBuilder/view/adminhtml/templates/stage/render.phtml b/app/code/Magento/PageBuilder/view/adminhtml/templates/stage/render.phtml
@@ -4,32 +4,39 @@
  * See COPYING.txt for license details.
  */
 
-/** @var \Magento\PageBuilder\Block\Adminhtml\Stage\Render $block */
+/**
+ * @var \Magento\PageBuilder\Block\Adminhtml\Stage\Render $block
+ * @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
+ */
 ?>
-<script>
-    <?php
-    /**
-     * Override the text! plugin within the iframe to ensure we can pipe any XHR requests through to the parent window
-     * as the same origin policy will not allow us to load the templates within this iframe.
-     */
-    ?>
-    require.config({
-        'map': {
-            '*': {
-                'text': 'Magento_PageBuilder/js/master-format/render/requirejs/text',
-                'Magento_PageBuilder/js/events': 'Magento_PageBuilder/js/master-format/render/events'
-            }
-        }
-    });
 
-    <?php
-    /**
-     * To be able to override the text plugin we need the Magento template engine to be used, as the template engine
-     * within lib has a dependency on the text! plugin we need to ensure we set the template engine before the
-     * dependency blocks us. If we try to just override using the RequireJS config above our !text plugin will never
-     * get overridden as our template engine cannot load.
-     */
-    ?>
+<?php
+/**
+ * Override the text! plugin within the iframe to ensure we can pipe any XHR requests through to the parent window
+ * as the same origin policy will not allow us to load the templates within this iframe.
+ */
+?>
+<?php
+$pageBuilderConfig = $block->getPageBuilderConfig();
+
+$script = <<<SCRIPT
+   require.config({
+       'map': {
+           '*': {
+               'text': 'Magento_PageBuilder/js/master-format/render/requirejs/text',
+               'Magento_PageBuilder/js/events': 'Magento_PageBuilder/js/master-format/render/events'
+           }
+       }
+   });
+SCRIPT;
+
+/**
+ * To be able to override the text plugin we need the Magento template engine to be used, as the template engine
+ * within lib has a dependency on the text! plugin we need to ensure we set the template engine before the
+ * dependency blocks us. If we try to just override using the RequireJS config above our !text plugin will never
+ * get overridden as our template engine cannot load.
+ */
+$script .= <<<SCRIPT
     require([
         'ko',
         'Magento_Ui/js/lib/knockout/template/engine'
@@ -39,10 +46,11 @@
         ko.uid = 0;
         ko.setTemplateEngine(templateEngine);
     });
-</script>
-<script>
+
     require(['Magento_PageBuilder/js/master-format/render/frame'], function (listen) {
-        listen(<?= /* @noEscape */ $block->getPageBuilderConfig(); ?>);
+        listen({$pageBuilderConfig});
     });
-</script>
+SCRIPT;
+?>
+<?= /* @noEscape */ $secureRenderer->renderTag('script', [], $script, false) ?>
 <div>Page Builder Render Frame</div>
diff --git a/app/code/Magento/PageBuilder/view/adminhtml/templates/wysiwyg_setup.phtml b/app/code/Magento/PageBuilder/view/adminhtml/templates/wysiwyg_setup.phtml
@@ -4,15 +4,22 @@
  * See COPYING.txt for license details.
  */
 
-/** @var Magento\PageBuilder\Block\WysiwygSetup $block */
+/**
+ * @var Magento\PageBuilder\Block\WysiwygSetup $block
+ * @var Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
+ */
 
 ?>
-<script>
+<?php
+$config = $block->getConfigJson();
+$script = <<<SCRIPT
     require.config({
         config: {
             'mage/adminhtml/wysiwyg/tiny_mce/setup': {
-                config: <?= /* @noEscape */ $block->getConfigJson() ?>
+                config: {$config}
             }
         }
     });
-</script>
+SCRIPT;
+?>
+<?= /* @noEscape */ $secureRenderer->renderTag('script', [], $script, false) ?>
diff --git a/app/code/Magento/PageBuilder/view/base/templates/googlemaps.phtml b/app/code/Magento/PageBuilder/view/base/templates/googlemaps.phtml
@@ -4,39 +4,53 @@
  * See COPYING.txt for license details.
  */
 
-/** @var Magento\PageBuilder\Block\GoogleMapsApi $block */
-?>
-<script>
+/**
+ * @var Magento\PageBuilder\Block\GoogleMapsApi $block
+ * @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
+ * @var \Magento\Framework\Escaper $escaper
+ */
+
+$libraryUrl = $escaper->escapeJs($block->getLibraryUrl());
+$style = $escaper->escapeJs($block->getStyle());
+$apiKey = $escaper->escapeJs($block->getApiKey());
+$invalidApiKeyMessage = $escaper->escapeJs($block->getInvalidApiKeyMessage());
+
+$script = <<<SCRIPT
     require.config({
         paths: {
-            googleMaps: '<?= $block->escapeJs($block->getLibraryUrl()); ?>'
+            googleMaps: '{$libraryUrl}'
         },
         config: {
             'Magento_PageBuilder/js/utils/map': {
-                style: '<?= $block->escapeJs($block->getStyle()); ?>'
+                style: '{$style}',
             },
             'Magento_PageBuilder/js/content-type/map/preview': {
-                apiKey: '<?= $block->escapeJs($block->getApiKey()); ?>',
-                apiKeyErrorMessage: '<?= $block->escapeJs($block->getInvalidApiKeyMessage()); ?>'
+                apiKey: '{$apiKey}',
+                apiKeyErrorMessage: '{$invalidApiKeyMessage}'
             },
             'Magento_PageBuilder/js/form/element/map': {
-                apiKey: '<?= $block->escapeJs($block->getApiKey()); ?>',
-                apiKeyErrorMessage: '<?= $block->escapeJs($block->getInvalidApiKeyMessage()); ?>'
+                apiKey: '{$apiKey}',
+                apiKeyErrorMessage: '{$invalidApiKeyMessage}'
             },
         }
     });
-</script>
+SCRIPT;
+// phpcs:ignore
+echo /* @noEscape */ $secureRenderer->renderTag('script', [], $script, false);
+
+/** Include the googleMaps dependency only if we have an API key set, this removes unnecessary calls to Google */
+if ($block->shouldIncludeGoogleMapsLibrary()) {
+    $script = <<<SCRIPT
 
-<?php
-// Include the googleMaps dependency only if we have an API key set, this removes unnecessary calls to Google
-if ($block->shouldIncludeGoogleMapsLibrary()) : ?>
-<script>
     require.config({
         shim: {
             'Magento_PageBuilder/js/utils/map': {
                 deps: ['googleMaps']
             }
         }
     });
-</script>
-<?php endif; ?>
+SCRIPT;
+
+    // phpcs:ignore
+    echo /* @noEscape */ $secureRenderer->renderTag('script', [], $script, false);
+}
