Merge pull request #35 from magento-lynx/MC-41904

MC-41904: Fix HTML tags not properly nested/closed [core]

Author: sivaschenko

app/code/Magento/AdminNotification/view/adminhtml/web/js/grid/columns/message.js

@@ -36,6 +36,16 @@ define([
             return record[this.messageIndex];
         },
 
+        /**
+         * Proxy to getLabel function with UnsanitizedHtml suffix
+         *
+         * @param {Object} record
+         * @returns {String}
+         */
+        getLabelUnsanitizedHtml: function (record) {
+            return this.getLabel(record);
+        },
+
         /** @inheritdoc */
         getFieldClass: function ($row) {
             var status = this.statusMap[$row.status] || 'warning',

app/code/Magento/AdminNotification/view/adminhtml/web/template/grid/cells/message.html

@@ -5,4 +5,4 @@
  */
 -->
 <div css="$col.getFieldClass($row())"
-     html="$col.getLabel($row())"/>
+     html="$col.getLabelUnsanitizedHtml($row())"></div>

app/code/Magento/AsynchronousOperations/view/adminhtml/web/template/form/field.html

@@ -6,4 +6,4 @@
 -->
 <div css="$data.additionalClasses"
      if="error"
-     text="error"/>
+     text="error"></div>

app/code/Magento/AsynchronousOperations/view/adminhtml/web/template/grid/cells/actions.html

@@ -11,5 +11,5 @@
             attr="{
                 title: $action().label
             }"
-    />
+    ></button>
 </div>

app/code/Magento/AsynchronousOperations/view/adminhtml/web/template/grid/listing.html

@@ -31,12 +31,12 @@
                 <a class="action__message-log"
                    href="#"
                    click="dismissAll"
-                   text="dismissAllText"/>
+                   text="dismissAllText"></a>
                 <a class="action__message-log"
                     attr="{
                         href: link
                     }"
-                    text="linkText"/>
+                    text="linkText"></a>
             </div>
         </div>
     </div>

app/code/Magento/Backend/view/adminhtml/web/template/dynamic-rows/grid.html

@@ -16,7 +16,7 @@
                 class="action-secondary"
                 type="button"
                 click="processingAddChild.bind($data, false, false, false)">
-            <span translate="addButtonLabel"/>
+            <span translate="addButtonLabel"></span>
         </button>
     </div>
 
@@ -30,7 +30,7 @@
      css="$data.setClasses($data)"
      attr="'data-index': index">
     <label if="$data.label" class="admin__field-label" attr="for: $data.uid">
-        <span translate="$data.label"/>
+        <span translate="$data.label"></span>
     </label>
 
     <div class="admin__field-control" data-role="grid-wrapper">
@@ -47,14 +47,14 @@
                 <thead if="element.columnsHeader">
                     <tr>
                         <th if="$data.dndConfig.enabled"
-                            class="data-grid-draggable-row-cell"/>
+                            class="data-grid-draggable-row-cell"></th>
 
                         <th repeat="foreach: labels, item: '$label'"
                             class="data-grid-th"
                             visible="$label().visible"
                             disable="$label().disabled"
                             css="setClasses($label())">
-                            <span translate="$label().label"/>
+                            <span translate="$label().label"></span>
                         </th>
                     </tr>
                 </thead>
@@ -65,15 +65,15 @@
                         css="'_odd-row': $index % 2">
                         <td if="dndConfig.enabled"
                             class="data-grid-draggable-row-cell"
-                            template="name: dndConfig.template, data: dnd"/>
+                            template="name: dndConfig.template, data: dnd"></td>
 
                         <!-- ko foreach: { data: $record().elems(), as: 'elem'}  -->
                         <td if="elem.template"
                             visible="elem.visible() && elem.formElement !== 'hidden'"
                             disable="elem.disabled"
                             css="$parent.setClasses(elem)"
                             template="elem.template"
-                            attr="'data-index': index"/>
+                            attr="'data-index': index"></td>
                         <!-- /ko -->
                     </tr>
                 </tbody>

app/code/Magento/Bundle/view/adminhtml/templates/product/composite/fieldset/options/type/radio.phtml

@@ -69,7 +69,7 @@
                         class="input-text admin__control-text qty validate-greater-than-zero<?php if (!$_canChangeQty) { echo ' qty-disabled'; } ?>"
                         type="text"
                         name="bundle_option_qty[<?= $block->escapeHtmlAttr($_option->getId()) ?>]"
-                        value="<?= $block->escapeHtmlAttr($_defaultQty) ?>" />
+                        value="<?= $block->escapeHtmlAttr($_defaultQty) ?>"></div>
                 </div>
             </div>
         </div>

app/code/Magento/Bundle/view/base/web/template/product/price/minimal_price.html

@@ -9,14 +9,14 @@
           css="getAdjustmentCssClasses($row())">
         <span if="label"
               class="price-label"
-              text="label"/>
+              text="label"></span>
 
         <span class="price-wrapper"
               css="priceWrapperCssClasses"
               attr="priceWrapperAttr"
               data-price-amount=""
               data-price-type=""
-              html="getMinimalPrice($row())"/>
+              html="getMinimalPriceUnsanitizedHtml($row())"></span>
 
         <each args="data: getAdjustments(), as: '$adj'">
                 <render args="$adj.getBody()"/>

app/code/Magento/Catalog/view/adminhtml/web/template/attributes/grid/paging.html

@@ -6,8 +6,8 @@
 -->
 <ul class="admin__control-support-text attributes-summary">
     <li class="attributes-selected">
-        <span translate="'Selected Attributes\:'"/>
-        <span text="label"/>
+        <span translate="'Selected Attributes\:'"></span>
+        <span text="label"></span>
     </li>
     <li class="attributes-found">
         <text args="totalRecords"/> records found

app/code/Magento/Catalog/view/adminhtml/web/template/form/element/frontend-input-select.html

@@ -17,7 +17,7 @@
     optionsCaption: caption,
     optionsValue: 'value',
     optionsText: 'label'"
-/>
+></select>
 <div class="admin__field-note" if="$data.hints">
-    <span translate="$data.hints[$data.value()]"/>
+    <span translate="$data.hints[$data.value()]"></span>
 </div>

app/code/Magento/Catalog/view/adminhtml/web/template/form/element/input.html

@@ -17,4 +17,4 @@
             id: uid,
             disabled: disabled
     }"/>
-<label class="admin__field-error" if="error" attr="for: uid" text="error"/>
+<label class="admin__field-error" if="error" attr="for: uid" text="error"></label>

app/code/Magento/Catalog/view/adminhtml/web/template/form/field.html

@@ -9,7 +9,7 @@
      css="$data.additionalClasses"
      attr="'data-index': index">
     <label class="admin__field-label" if="$data.label" visible="$data.labelVisible" attr="for: uid">
-        <span translate="label" attr="'data-config-scope': $data.scopeLabel"/>
+        <span translate="label" attr="'data-config-scope': $data.scopeLabel"></span>
     </label>
     <div class="admin__field-control"
          css="'_with-tooltip': $data.tooltip, '_with-reset': $data.showFallbackReset && $data.isDifferedFromDefault">
@@ -19,24 +19,28 @@
             <render args="elementTmpl"/>
 
             <label class="admin__addon-prefix" if="addBefore()" attr="for: uid">
-                <span text="addBefore()"/>
+                <span text="addBefore()"></span>
             </label>
             <label class="admin__addon-suffix" if="$data.addafter" attr="for: uid">
-                <span text="addafter"/>
+                <span text="addafter"></span>
             </label>
         </div>
 
         <render args="tooltipTpl" if="$data.tooltip"/>
 
         <render args="fallbackResetTpl" if="$data.showFallbackReset && $data.isDifferedFromDefault"/>
 
-        <label class="admin__field-error" if="error" attr="for: uid" text="error"/>
+        <label class="admin__field-error" if="error" attr="for: uid" text="error"></label>
 
         <div class="admin__field-note" if="$data.notice" attr="id: noticeId">
-            <span translate="notice"/>
+            <span translate="notice"></span>
         </div>
 
-        <div class="admin__additional-info" if="$data.additionalInfo" html="$data.additionalInfo"></div>
+        <!-- ko if: $data.additionalInfo -->
+            <!-- ko with: {additionalInfoUnsanitizedHtml: $data.additionalInfo} -->
+                <div class="admin__additional-info" html="additionalInfoUnsanitizedHtml"></div>
+            <!-- /ko -->
+        <!-- /ko -->
 
         <render args="$data.service.template" if="$data.hasService()"/>
     </div>

app/code/Magento/Catalog/view/adminhtml/web/template/grid/cells/preserved.html

@@ -4,4 +4,4 @@
  * See COPYING.txt for license details.
  */
 -->
-<div class="data-grid-cell-content white-space-preserved" html="$col.getLabel($row())"/>
+<div class="data-grid-cell-content white-space-preserved" html="$col.getLabelUnsanitizedHtml($row())"></div>

app/code/Magento/Catalog/view/adminhtml/web/template/image-preview.html

@@ -7,7 +7,7 @@
 <div class="file-uploader-summary">
     <div class="file-uploader-preview image-uploader-preview">
         <a class="image-uploader-preview-link" attr="href: $parent.getFilePreview($file)" target="_blank">
-            <div class="file-uploader-spinner image-uploader-spinner" />
+            <div class="file-uploader-spinner image-uploader-spinner"></div>
             <img
                 class="preview-image"
                 tabindex="0"
@@ -26,12 +26,12 @@
                 attr="title: $t('Delete image')"
                 disable="$parent.disabled"
                 click="$parent.removeFile.bind($parent, $file)">
-                <span translate="'Delete image'"/>
+                <span translate="'Delete image'"></span>
             </button>
         </div>
     </div>
 
-    <div class="file-uploader-filename" text="$file.name"/>
+    <div class="file-uploader-filename" text="$file.name"></div>
     <div class="file-uploader-meta">
         <text args="$file.previewWidth"/>x<text args="$file.previewHeight"/>,
         <text args="$parent.formatSize($file.size)"/>

app/code/Magento/Catalog/view/base/web/js/product/list/columns/final-price.js

@@ -32,6 +32,16 @@ define([
             return row['price_info']['formatted_prices']['final_price'];
         },
 
+        /**
+         * UnsanitizedHtml version of getPrice.
+         *
+         * @param {Object} row
+         * @return {HTMLElement} final price html
+         */
+        getPriceUnsanitizedHtml: function (row) {
+            return this.getPrice(row);
+        },
+
         /**
          * Get product regular price.
          *
@@ -42,6 +52,16 @@ define([
             return row['price_info']['formatted_prices']['regular_price'];
         },
 
+        /**
+         * UnsanitizedHtml version of getRegularPrice.
+         *
+         * @param {Object} row
+         * @return {HTMLElement} regular price html
+         */
+        getRegularPriceUnsanitizedHtml: function (row) {
+            return this.getRegularPrice(row);
+        },
+
         /**
          * Check if product has a price range.
          *
@@ -82,6 +102,16 @@ define([
             return row['price_info']['formatted_prices']['minimal_price'];
         },
 
+        /**
+         * UnsanitizedHtml version of getMinimalPrice.
+         *
+         * @param {Object} row
+         * @return {HTMLElement} minimal price html
+         */
+        getMinimalPriceUnsanitizedHtml: function (row) {
+            return this.getMinimalPrice(row);
+        },
+
         /**
          * Check if product is salable.
          *
@@ -102,6 +132,16 @@ define([
             return row['price_info']['formatted_prices']['max_price'];
         },
 
+        /**
+         * UnsanitizedHtml version of getMaxPrice.
+         *
+         * @param {Object} row
+         * @return {HTMLElement} maximum price html
+         */
+        getMaxPriceUnsanitizedHtml: function (row) {
+            return this.getMaxPrice(row);
+        },
+
         /**
          * Get product maximum regular price in case of price range and special price.
          *
@@ -112,6 +152,16 @@ define([
             return row['price_info']['formatted_prices']['max_regular_price'];
         },
 
+        /**
+         * UnsanitizedHtml version of getMaxRegularPrice.
+         *
+         * @param {Object} row
+         * @return {HTMLElement} maximum regular price html
+         */
+        getMaxRegularPriceUnsanitizedHtml: function (row) {
+            return this.getMaxRegularPrice(row);
+        },
+
         /**
          * Get product minimal regular price in case of price range and special price.
          *
@@ -122,6 +172,16 @@ define([
             return row['price_info']['formatted_prices']['min_regular_price'];
         },
 
+        /**
+         * UnsanitizedHtml version of getMinRegularPrice.
+         *
+         * @param {Object} row
+         * @return {HTMLElement} minimal regular price html
+         */
+        getMinRegularPriceUnsanitizedHtml: function (row) {
+            return this.getMinRegularPrice(row);
+        },
+
         /**
          * Get adjustments names and return as string.
          *
@@ -141,6 +201,16 @@ define([
             return row['price_info']['minimal_price'];
         },
 
+        /**
+         * UnsanitizedHtml version of getMinimalPriceAmount
+         *
+         * @param {Object} row
+         * @return {Number} minimal price amount
+         */
+        getMinimalPriceAmountUnsanitizedHtml: function (row) {
+            return this.getMinimalPriceAmount(row);
+        },
+
         /**
          * Get product minimal regular price as number in case of special price.
          *

app/code/Magento/Catalog/view/base/web/template/product/link.html

@@ -7,4 +7,4 @@
 <a if="isAllowed()"
    class="product-item-link"
    attr="href: $row().url"
-   text="label"/>
+   text="label"></a>

app/code/Magento/Catalog/view/base/web/template/product/list/listing.html

@@ -9,7 +9,7 @@
     <div class="block-title">
         <strong role="heading"
                 aria-level="2"
-                text="label"/>
+                text="label"></strong>
     </div>
     <div class="block-content">
         <div css="'products-' + displayMode">

app/code/Magento/Catalog/view/base/web/template/product/name.html

@@ -6,5 +6,5 @@
 -->
 <strong if="isAllowed()"
         class="product-item-name">
-    <a attr="href: $row().url" html="getNameUnsanitizedHtml($col.getLabel($row()))"/>
+    <a attr="href: $row().url" html="getNameUnsanitizedHtml($col.getLabel($row()))"></a>
 </strong>

app/code/Magento/Catalog/view/base/web/template/product/price/max_price.html

@@ -9,14 +9,14 @@
       css="getAdjustmentCssClasses($row())">
     <span if="label"
           class="price-label"
-          text="label"/>
+          text="label"></span>
 
     <span class="price-wrapper"
           css="priceWrapperCssClasses"
           attr="priceWrapperAttr"
           data-price-amount=""
           data-price-type=""
-          html="getMaxPrice($row())"/>
+          html="getMaxPriceUnsanitizedHtml($row())"></span>
 
     <each args="data: getAdjustments('max_price'), as: '$adj'">
         <render args="$adj.getBody()"/>