Resolved special character issue for sidebar

[deepjoshi94]

Description

Side bar for wishlist on catalog page or my account page, if product name contains special character like TM it will display ™ instead of special character.

Also resolved same issue for order summary on checkout page.

Manual testing scenarios

1. Verified My Account page wishlist sidebar with product in wishlist having special character.
2. Verified Catalog page wishlist sidebar with product in wishlist having special character.
3. Verified Catalog Search page wishlist sidebar with product in wishlist having special character.
4. Verified Wishlist page wishlist sidebar with product in wishlist having special character.
5. Verified Checkout page with products added in cart with product name having special character.

Contribution checklist

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• All automated tests passed successfully (all builds on Travis CI are green)

[magento-cicd2]

Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

Deep A. Joshi seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.

[magento-engcom-team]

Hi @deepjoshi94. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento-engcom-team give me test instance - deploy test instance based on PR changes
• @magento-engcom-team give me {$VERSION} instance - deploy vanilla Magento instance

For more details, please, review the Magento Contributor Assistant documentation

[deepjoshi94]

@magento-engcom-team give me test instance

[magento-engcom-team]

Hi @deepjoshi94. Thank you for your request. I'm working on Magento instance for you

[magento-engcom-team]

Hi @deepjoshi94, here is your new Magento instance.
Admin access: https://pr-17070.engcom.dev.magento.com/admin
Login: admin Password: 123123q

[orlangur]

What if product name contains <, > or &? What is current behavior and what will be the changed one?

[deepjoshi94]

@orlangur If product name contains <, > or & it will display as it is in product name, for reference you can see Product 1 in after-fix image.
If we are using ASCII value for the given characters that is:
< for <
> for >
& for &
it will convert HTML name into symbol.

You can check image before-fix here it displays ASCII code instead of converting it into HTML element.
For example: &lt; Product &amp; 2 &gt; instead of < Product & 2 >

[orlangur]

@deepjoshi94 after the fix if we use <script>alert(1);</script> as product name, will we see the alert?

[deepjoshi94]

@orlangur No we won't see any alert, I have created a product with the given name in instance provided.

Please find the link below:
https://pr-17070.engcom.dev.magento.com/

[orlangur]

@VladimirZaets would be really nice if you take a quick look into this.

[magento-engcom-team]

Hi @orlangur, thank you for the review.
ENGCOM-2636 has been created to process this Pull Request

[magento-engcom-team]

@deepjoshi94 thank you for contributing. Please accept Community Contributors team invitation here to gain extended permissions for this repository.

[magento-engcom-team]

Hi @deepjoshi94. Thank you for your contribution.
We will aim to release these changes as part of 2.2.7.
Please check the release notes for final confirmation.

Please, consider to port this solution to 2.3 release line.
You may use Porting tool to port commits automatically.