diff --git a/app/code/Magento/Backend/Block/Widget/Button.php b/app/code/Magento/Backend/Block/Widget/Button.php
index bc9deb2fd8be4543aaf9a8855bbbbd20ec106cb1..baa3aac747f315fdd44d42868f5f837d28221595 100644
--- a/app/code/Magento/Backend/Block/Widget/Button.php
+++ b/app/code/Magento/Backend/Block/Widget/Button.php
@@ -113,7 +113,7 @@ class Button extends \Magento\Backend\Block\Widget
if ($attributeValue === null || $attributeValue == '') {
continue;
}
- $html .= $attributeKey . '="' . htmlspecialchars($attributeValue, ENT_COMPAT, 'UTF-8', false) . '" ';
+ $html .= $attributeKey . '="' . $this->escapeHtmlAttr($attributeValue, false) . '" ';
}
return $html;
diff --git a/app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php b/app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php
index 312a460118630b2040f496cf96d02a0535def703..6e35ad8f4bc89995155c6be9e30cb73ccfc0ad88 100644
--- a/app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php
+++ b/app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php
@@ -83,7 +83,7 @@ class Action extends \Magento\Backend\Block\Widget\Grid\Column\Renderer\Text
$this->_transformActionData($action, $actionCaption, $row);
$htmlAttributes = [
- 'value' => htmlspecialchars($this->_jsonEncoder->encode($action), ENT_COMPAT, 'UTF-8', false)
+ 'value' => $this->escapeHtmlAttr($this->_jsonEncoder->encode($action), false)
];
$actionAttributes->setData($htmlAttributes);
return '<option ' . $actionAttributes->serialize() . '>' . $actionCaption . '</option>';
diff --git a/app/code/Magento/GoogleAnalytics/Block/Ga.php b/app/code/Magento/GoogleAnalytics/Block/Ga.php
index eafc1121ea6cd1928daccadb9682ec9235b2952d..710dd494995aa09d6561857113a0dd46538baecc 100644
--- a/app/code/Magento/GoogleAnalytics/Block/Ga.php
+++ b/app/code/Magento/GoogleAnalytics/Block/Ga.php
@@ -77,10 +77,10 @@ class Ga extends \Magento\Framework\View\Element\Template
$pageName = trim($this->getPageName());
$optPageURL = '';
if ($pageName && substr($pageName, 0, 1) == '/' && strlen($pageName) > 1) {
- $optPageURL = ", '" . htmlspecialchars($pageName, ENT_COMPAT, 'UTF-8', false) . "'";
+ $optPageURL = ", '" . $this->escapeHtmlAttr($pageName, false) . "'";
}
- return "\nga('create', '" . htmlspecialchars($accountId, ENT_COMPAT, 'UTF-8', false)
+ return "\nga('create', '" . $this->escapeHtmlAttr($accountId, false)
. ", 'auto');\nga('send', 'pageview'{$optPageURL});\n";
}
diff --git a/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php b/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php
index 200bf08f37a4574139a16aa7aa4f0ca44057524d..87b048e366df145b89683833e6fc54e16529c03c 100644
--- a/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php
+++ b/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php
@@ -87,7 +87,7 @@ class Button extends AbstractRenderer
if ($attributeValue) {
$attributes[] = sprintf(
'%s="%s"',
- $attributeName, htmlspecialchars($attributeValue, ENT_COMPAT, 'UTF-8', false)
+ $attributeName, $this->escapeHtmlAttr($attributeValue, false)
);
}
}
diff --git a/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php b/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php
index b7613f54f90d461d96dedc943c5cd19b82ba50b9..861af9f2a4cda86b13589a3053e84cb9ffcb69d9 100644
--- a/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php
+++ b/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php
@@ -118,7 +118,7 @@ class Link extends AbstractRenderer
if ($value === null || $value == '') {
continue;
}
- $html[] = sprintf('%s="%s"', $key, htmlspecialchars($value, ENT_COMPAT, 'UTF-8', false));
+ $html[] = sprintf('%s="%s"', $key, $this->escapeHtmlAttr($value, false));
}
return join(' ', $html);