MC-29420: Remove event handlers from CE

Author: svitja

app/code/Magento/ImportExport/view/adminhtml/templates/export/form/after.phtml

@@ -3,8 +3,11 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+/** @var \Magento\ImportExport\Block\Adminhtml\Form\After $block */
+/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
 ?>
-<fieldset class="admin__fieldset" id="export_filter_container" style="display:none;">
+<fieldset class="admin__fieldset" id="export_filter_container">
     <legend class="admin__legend">
         <span><?= $block->escapeHtml(__('Entity Attributes')) ?></span>
     </legend>
@@ -13,16 +16,24 @@
         <input name="form_key" type="hidden" value="<?= /* @noEscape */ $block->getFormKey() ?>" />
         <div id="export_filter_grid_container"><!-- --></div>
     </form>
-    <button class="action- scalable" type="button" onclick="getFile();"><span><?=
-        $block->escapeHtml(__('Continue'))
-    ?></span></button>
+    <button class="action- scalable" type="button">
+        <span><?= $block->escapeHtml(__('Continue')) ?></span>
+    </button>
 </fieldset>
-<script>
+<?= /* @noEscape */ $secureRenderer->renderStyleAsTag("display:none;", 'fieldset#export_filter_container') ?>
+<?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
+    'onclick',
+    "getFile();",
+    'fieldset#export_filter_container button'
+) ?>
+<?php $scriptString = <<<script
 require(['prototype'], function(){
 
 //<![CDATA[
    $('entity').selectedIndex = 0; // forced resetting entity selector after page refresh
 //]]>
 
 });
-</script>
+script;
+?>
+<?= /* @noEscape */ $secureRenderer->renderTag('script', [], $scriptString, false) ?>

app/code/Magento/ImportExport/view/adminhtml/templates/export/form/before.phtml

@@ -3,8 +3,12 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+/** @var \Magento\Backend\Block\Template $block */
+/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
 ?>
-<script>
+
+<?php $scriptString = <<<script
 require([
     'Magento_Ui/js/modal/alert',
     'prototype'
@@ -26,14 +30,14 @@ require([
          *  Handle value change in entity type selector
          */
         modifyFilterGrid: function() {
-            if ($('entity') && $F('entity') && $F('entity') != 'catalog_product') {
-                    $$('col:first-child').each(function(el) {
+            if ($('entity') && \$F('entity') && \$F('entity') != 'catalog_product') {
+                    \$$('col:first-child').each(function(el) {
                         el.show();
                     });
-                    $$('th.no-link:first-child').each(function(el) {
+                    \$$('th.no-link:first-child').each(function(el) {
                         el.show();
                     });
-                    $$('td.a-center').each(function(el) {
+                    \$$('td.a-center').each(function(el) {
                         el.show();
                     });
             }
@@ -43,9 +47,9 @@ require([
          * Post form data and process response via AJAX
          */
         getFilter: function() {
-            if ($('entity') && $F('entity')) {
-                var url    = "<?= $block->escapeJs($block->escapeUrl($block->getUrl('*/*/getFilter'))) ?>";
-                var entity = $F('entity');
+            if ($('entity') && \$F('entity')) {
+                var url    = "{$block->escapeJs($block->getUrl('*/*/getFilter'))}";
+                var entity = \$F('entity');
                 if (entity != this.previousGridEntity) {
                     this.previousGridEntity = entity;
                     url += ((url.slice(-1) != '/') ? '/' : '') + 'entity/' + entity;
@@ -76,20 +80,20 @@ require([
      * return void
      */
     getFile = function() {
-        if ($('entity') && $F('entity')) {
+        if ($('entity') && \$F('entity')) {
             var form      = $('export_filter_form');
             var oldAction = form.action;
-            var url = oldAction + ((oldAction.slice(-1) != '/') ? '/' : '') + 'entity/' + $F('entity')
-                + '/file_format/' + $F('file_format');
-            if ($F('fields_enclosure')) {
-                url += '/fields_enclosure/' + $F('fields_enclosure');
+            var url = oldAction + ((oldAction.slice(-1) != '/') ? '/' : '') + 'entity/' + \$F('entity')
+                + '/file_format/' + \$F('file_format');
+            if (\$F('fields_enclosure')) {
+                url += '/fields_enclosure/' + \$F('fields_enclosure');
             }
             form.action = url;
             form.submit();
             form.action   = oldAction;
         } else {
             alert({
-                content: '<?= $block->escapeHtml(__('Invalid data')); ?>'
+                content: '{$block->escapeHtml(__('Invalid data'))}'
             });
         }
     };
@@ -98,4 +102,6 @@ require([
 //]]>
 
 });
-</script>
+script;
+?>
+<?= /* @noEscape */ $secureRenderer->renderTag('script', [], $scriptString, false) ?>

app/code/Magento/ImportExport/view/adminhtml/templates/export/form/filter/after.phtml

@@ -3,8 +3,12 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+/** @var \Magento\Backend\Block\Template $block */
+/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
 ?>
-<script>
+
+<?php $scriptString = <<<script
 require([
     'mage/adminhtml/grid'
 ], function(){
@@ -17,4 +21,6 @@ require([
         };
     }
 });
-</script>
+script;
+?>
+<?= /* @noEscape */ $secureRenderer->renderTag('script', [], $scriptString, false) ?>

app/code/Magento/ImportExport/view/adminhtml/templates/import/form/after.phtml

@@ -3,19 +3,26 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+/** @var \Magento\ImportExport\Block\Adminhtml\Form\After $block */
+/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
 ?>
-<div class="entry-edit fieldset" id="import_validation_container" style="display:none;">
+
+<div class="entry-edit fieldset" id="import_validation_container">
     <div class="entry-edit-head legend">
         <span class="icon-head head-edit-form fieldset-legend"
             id="import_validation_container_header"><?= $block->escapeHtml(__('Validation Results')) ?></span>
     </div><br>
     <div id="import_validation_messages" class="fieldset"><!-- --></div>
 </div>
-<script>
+<?= /* @noEscape */ $secureRenderer->renderStyleAsTag("display:none;", 'div#import_validation_container') ?>
+<?php $scriptString = <<<script
 require(['jquery', 'Magento_Ui/js/modal/alert', 'prototype'], function(jQuery){
 //<![CDATA[
     varienImport.resetSelectIndex('entity'); // forced resetting entity selector after page refresh
 //]]>
 
 });
-</script>
+script;
+?>
+<?= /* @noEscape */ $secureRenderer->renderTag('script', [], $scriptString, false) ?>

app/code/Magento/ImportExport/view/adminhtml/templates/import/form/before.phtml

@@ -6,8 +6,10 @@
 ?>
 <?php
 /** @var $block \Magento\ImportExport\Block\Adminhtml\Import\Edit\Before */
+/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
 ?>
-<script>
+
+<?php $scriptString = <<<script
 require([
     'jquery',
     'Magento_Ui/js/modal/alert',
@@ -27,27 +29,25 @@ require([
          * List of existing behavior sets
          * @type {Array}
          */
-        uniqueBehaviors: <?= /* @noEscape */ $block->getUniqueBehaviors() ?>,
+        uniqueBehaviors: {$block->getUniqueBehaviors()},
 
         /**
          * Behaviour codes for import entities
          * @type {Array}
          */
-        entityBehaviors: <?= /* @noEscape */ $block->getEntityBehaviors() ?>,
+        entityBehaviors: {$block->getEntityBehaviors()},
 
         /**
          * Behaviour notes for import entities
          * @type {Array}
          */
-        entityBehaviorsNotes: <?= /* @noEscape */ $block->getEntityBehaviorsNotes() ?>,
+        entityBehaviorsNotes: {$block->getEntityBehaviorsNotes()},
 
         /**
          * Base url
          * @type {string}
          */
-        sampleFilesBaseUrl: '<?= $block->escapeJs(
-            $block->escapeUrl($block->getUrl('*/*/download/', ['filename' => 'entity-name']))
-        ) ?>',
+        sampleFilesBaseUrl: '{$block->escapeJs($block->getUrl('*/*/download/', ['filename' => 'entity-name']))}',
 
         /**
          * Reset selected index
@@ -168,8 +168,8 @@ require([
          */
         postToFrame: function(newActionUrl) {
             if (!jQuery('[name="' + this.ifrElemName + '"]').length) {
-                jQuery('body').append('<iframe name="' + this.ifrElemName + '" id="' + this.ifrElemName
-                    + '" style="display:none;"/>');
+                jQuery('body').append('<iframe name="' + this.ifrElemName + '" id="' + this.ifrElemName + '"/>');
+                jQuery('iframe#' + this.ifrElemName).attr('display', 'none');
             }
             jQuery('body')
                 .loader({
@@ -209,25 +209,25 @@ require([
         postToFrameProcessResponse: function(response) {
             if ('object' != typeof(response)) {
                 alert({
-                    content: '<?= $block->escapeHtml(__('Invalid response')); ?>'
+                    content: '{$block->escapeHtml(__('Invalid response'))}'
                 });
 
                 return false;
             }
-            $H(response).each(function(pair) {
+            \$H(response).each(function(pair) {
                 switch (pair.key) {
                     case 'show':
                     case 'clear':
                     case 'hide':
-                        $H(pair.value).each(function(val) {
+                        \$H(pair.value).each(function(val) {
                             if ($(val.value)) {
                                 $(val.value)[pair.key]();
                             }
                         });
                         break;
                     case 'innerHTML':
                     case 'value':
-                        $H(pair.value).each(function(val) {
+                        \$H(pair.value).each(function(val) {
                             var el = $(val.key);
                             if (el) {
                                 el[pair.key] = val.value;
@@ -238,7 +238,7 @@ require([
                         break;
                     case 'removeClassName':
                     case 'addClassName':
-                        $H(pair.value).each(function(val) {
+                        \$H(pair.value).each(function(val) {
                             if ($(val.key)) $(val.key)[pair.key](val.value);
                         });
                         break;
@@ -265,4 +265,6 @@ require([
 //]]>
 
 });
-</script>
+script;
+?>
+<?= /* @noEscape */ $secureRenderer->renderTag('script', [], $scriptString, false) ?>