Update js.js DOM text reinterpreted as HTML

[Shivam7-1]

Description (*)

By using innerText, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text. This helps prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML.

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
• All automated tests passed successfully (all builds are green)

Resolved issues:

1. resolves [Issue] Update js.js DOM text reinterpreted as HTML #38767: Update js.js DOM text reinterpreted as HTML

[m2-assistant]

Hi @Shivam7-1. Thank you for your contribution!
Here are some useful tips on how you can test your changes using Magento test environment.

Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento give me test instance - deploy test instance based on PR changes
• @magento give me 2.4-develop instance - deploy vanilla Magento instance

❗ Automated tests can be triggered manually with an appropriate comment:

• @magento run all tests - run or re-run all required tests against the PR changes
• @magento run <test-build(s)> - run or re-run specific test build(s)
  For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names.

Allowed build names are:

1. Database Compare
2. Functional Tests CE
3. Functional Tests EE
4. Functional Tests B2B
5. Integration Tests
6. Magento Health Index
7. Sample Data Tests CE
8. Sample Data Tests EE
9. Sample Data Tests B2B
10. Static Tests
11. Unit Tests
12. WebAPI Tests
13. Semantic Version Checker

You can find more information about the builds here
ℹ️ Run only required test builds during development. Run all test builds before sending your pull request for review.

---

For more details, review the Code Contributions documentation.
Join Magento Community Engineering Slack and ask your questions in #github channel.

[Shivam7-1]

@magento run all tests

[Shivam7-1]

@magento run all tests

[engcom-Charlie]

@magento create issue

[m2-assistant]

Hi @Shivam7-1. Thank you for your contribution!
Here are some useful tips on how you can test your changes using Magento test environment.
❗ Automated tests can be triggered manually with an appropriate comment:

• @magento run all tests - run or re-run all required tests against the PR changes
• @magento run <test-build(s)> - run or re-run specific test build(s)
  For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names.

Allowed build names are:

1. Database Compare
2. Functional Tests CE
3. Functional Tests EE
4. Functional Tests B2B
5. Integration Tests
6. Magento Health Index
7. Sample Data Tests CE
8. Sample Data Tests EE
9. Sample Data Tests B2B
10. Static Tests
11. Unit Tests
12. WebAPI Tests
13. Semantic Version Checker

You can find more information about the builds here
ℹ️ Run only required test builds during development. Run all test builds before sending your pull request for review.

---

For more details, review the Code Contributions documentation.
Join Magento Community Engineering Slack and ask your questions in #github channel.

[Shivam7-1]

@magento run all tests

[Shivam7-1]

Hii @engcom-Charlie , @engcom-Dash @engcom-Bravo and @engcom-Hotel Could You Please Review This PR
As Soon As Possible Because its pending for Review since many months

Thanks & Regards

[Shivam7-1]

Hii @engcom-Charlie , @engcom-Dash @engcom-Bravo and @engcom-Hotel Could You Please Review This PR
As Soon As Possible Because its pending for Review since many months

Thanks & Regards

[engcom-Hotel]

@magento run all tests

[engcom-Hotel]

Hello @Shivam7-1,

Please let us know the steps to reproduce the actual issue for this PR that has been created.

Thanks

[Shivam7-1]

Hii @engcom-Hotel Thanks For Reviewing Here innerText is indeed Preferable over here instead of innerHtml which makes code more safer
Eg https://www.freecodecamp.org/news/innerhtml-vs-innertext-vs-textcontent/

[Shivam7-1]

Hii @engcom-Hotel Could You Please Review This again
Thanks

[Shivam7-1]

Hii @engcom-Hotel @engcom-Bravo @engcom-Dash Thanks For Reviewing PR
Is there anything Else is required from my side to get PR merge ?
Regards

[engcom-Hotel]

Hello @Shivam7-1,

At this stage, no action is required from your side. The PR is currently in the testing bucket and will be progressed based on priority. We appreciate your patience.

Thanks

[Shivam7-1]

Hii @engcom-Hotel Thanks For Reply Could You Ping anyone from Team for Testing
So it would get fast-track in Process as PR is much older

Thanks

[Shivam7-1]

Hii @engcom-Hotel @engcom-Charlie @engcom-Bravo Could you Please ping tester here for tasting and get merge this PR

So it will get merge Soon
Thanks

[engcom-Charlie]

Hi @Shivam7-1,

Thank you for your contribution!

Currently team is working on other priority tasks. We will pick this PR for further activities as per the priority.

Thank you!

[Shivam7-1]

Hii @engcom-Hotel Thanks For Response
Is there any Update on this PR Testing?

[Shivam7-1]

Hii @engcom-Charlie have you assign this PR for Testing?

[Shivam7-1]

Hii @engcom-Hotel @engcom-Charlie @engcom-Bravo @engcom-Dash Could Team Ping anyone from Team for Testing
So it would get fast-track in Process as PR is much older

Thanks

[engcom-Charlie]

@magento run all tests

[Shivam7-1]

Hii @engcom-Charlie Is there any update on above test ?
Thanks

[engcom-Charlie]

Hi @Shivam7-1,

Thanks for the collaboration & contribution!

✔️ QA Passed

Preconditions:

• Install fresh Magento 2.4-develop
• Modify validation error message in lib/web/mage/validation.js eg.

Steps to reproduce

• Go to Storefront
• Click on Create Account
• Add wrong email id in Email filed and observe the error message
• On PR branch, only the plain text is getting displayed escaping the HTML special characters because of using innerText property.

Before: ✖️ 

After: ✔️

Builds are failing, hence, moving this PR to Extended Testing to look into it.

Thanks.

[engcom-Charlie]

@magento run all tests

[Shivam7-1]

Hii @engcom-Charlie Is there any update on above test ?
Thanks

[engcom-Charlie]

@magento run all tests

[engcom-Charlie]

Hi @Shivam7-1,

As mentioned here, we are looking into the build test failures. Currently no action is required from your side. We will let you know if its needed.

Thank you!

[engcom-Charlie]

@magento run Functional Tests B2B, Functional Tests CE, Functional Tests EE, Integration Tests

[engcom-Charlie]

Some of the Functional CE test failures are not consistent in recent 2 builds and the consistent once are the known issues.Neither they are failing because of this PR nor part of this PR.

Run 1:
https://public-results-storage-prod.magento-testing-service.engineering/reports/magento/magento2/pull/38756/fe504e355935f9594267871c065d0d2a/Functional/allure-report-ce/index.html#categories/b687f15aea026e613d3b0ad4a593aa22/d8b00804567a96df/

Run 2:
https://public-results-storage-prod.magento-testing-service.engineering/reports/magento/magento2/pull/38756/ece35a07807cd440af96f1003c0172bd/Functional/allure-report-ce/index.html#categories/7ea7ba6098fd5dba93af4c6a9157469a/e3aa1c60fcbde546/

Known issues:
ACQE-7464: VerifyDisableDownloadableProductSamplesAreNotAccessibleTest
ACQE-7465: VerifyOutOfStockDownloadableProductSamplesAreAccessibleTest

[engcom-Charlie]

Some of the Functional B2B test failures are not consistent in recent 2 builds and the consistent once are the known issues. Neither they are failing because of this PR nor part of this PR.

Run 1:
https://public-results-storage-prod.magento-testing-service.engineering/reports/magento/magento2/pull/38756/46c769a1d661f97913ad1dd6b6e26a2e/Functional/allure-report-b2b/index.html#categories

Run 2:
https://public-results-storage-prod.magento-testing-service.engineering/reports/magento/magento2/pull/38756/18eb80cadc7d800785fe4b447766aa6f/Functional/allure-report-b2b/index.html#categories/12252aa641d411a980bdd869ac7bd814/a76b73840d85896a/

Known issues:
ACQE-7464: VerifyDisableDownloadableProductSamplesAreNotAccessibleTest
ACQE-7465: VerifyOutOfStockDownloadableProductSamplesAreAccessibleTest
ACQE-7387: EndToEndB2CLoggedInUserTest
AC-13447: StorefrontQuoteCanBeRenamedUntilLockedTest
ACQE-7460: CheckingOfPreviewingRegistryUpdateEmailTest

[engcom-Charlie]

Some of the Functional EE test failures are not consistent in recent 2 builds and the consistent once are the known issues. Neither they are failing because of this PR nor part of this PR.

Run 1:
https://public-results-storage-prod.magento-testing-service.engineering/reports/magento/magento2/pull/38756/a260929a4a7d67ddcca4e388171f614b/Functional/allure-report-ee/index.html#categories

Run 2:
https://public-results-storage-prod.magento-testing-service.engineering/reports/magento/magento2/pull/38756/89b42d7c7fc9fecb7cda3e586bea38e9/Functional/allure-report-ee/index.html#categories/25ecddfde592b027d2bf7a7bbc5e25ba/5890297edd7bb579/

Known issues:
ACQE-7464: VerifyDisableDownloadableProductSamplesAreNotAccessibleTest
ACQE-7465: VerifyOutOfStockDownloadableProductSamplesAreAccessibleTest
ACQE-7460: CheckingOfPreviewingRegistryUpdateEmailTest

[engcom-Charlie]

The Integration test failures are consistent in recent 2 builds and they are the known issues. Neither they are failing because of this PR nor part of this PR. Hence moving this PR to Merge in Progress.

Run 1:
https://public-results-storage-prod.magento-testing-service.engineering/reports/magento/magento2/pull/38756/51bd846f8120ac7f2afe87573e3e7fab/Integration/console-error-logs.html

Run 2:
https://public-results-storage-prod.magento-testing-service.engineering/reports/magento/magento2/pull/38756/0adf949ed4088d09b2187c6c4708e9b8/Integration/console-error-logs.html

Known issues:
ACP2E-3531
AC-13688

[Shivam7-1]

Hii @engcom-Charlie just for confirmation is this PR is Ready to merge or anything is required from my side?
Thanks

[Shivam7-1]

Hii @engcom-Charlie @engcom-Hotel @engcom-Dash any update on this PR regarding merging related ?
Thanks

[engcom-Charlie]

Hi @Shivam7-1, As mentioned here, we will let you know if anything is required from your side. We are working on priority work now, will take care of this PR's merging activity as per the priority.