Cross-site scripting, or XSS, is a security vulnerability that can be found in web applications. This vulnerability allows attackers to inject malicious code/styles into a web page viewed by users. Hackers trying to attack in HTML code to attack / harm files
PHTML templates An ‘Escaper’ class is provided for .phtml templates and PHP classes responsible for generating HTML. It contains HTML sanitization methods for a variety of contexts.
The following code sample illustrates XSS-safe output in templates:
<?php
/*
* John_Country
* @category Adobe Commerce Region / State List By Country ID
* @package Country Form
* @copyright Copyright (c) 2023 - Mage2DB.com
* @Email johndusa1021@gmail.com
* @version 1.0.0
*/
namespace John\Country\Model;
use Magento\Directory\Model\Country;
use Magento\Directory\Model\CountryFactory;
class Country
{
/**
* @var Country
*/
public $countryFactory;
public function __construct(
CountryFactory $countryFactory
) {
$this->countryFactory = $countryFactory;
}
/**
* Region / State List By Country ID
*
* @return string
*/
Public function getregionsOfCountry($countryCode) {
$regionCollection = $this->countryFactory->create()->loadByCode($countryCode)->getRegions();
$regions = $regionCollection->loadData()->toOptionArray(false);
return $regions;
}
}
Step [2] – if you have written above code in your Custom Block, call this Block in your custom template.
<?php
/*
* John_Customercompanycreation
* @category Adobe Commerce Region / State List By Country ID
* @package Customerregister Form
* @copyright Copyright (c) 2023 - Mage2DB.com
* @Email johndusa1021@gmail.com
* @version 1.0.0
*/
?>
<?php
$countryCode="US";
echo"<BR><B>Country=</b>".$block->getCountryName($countryCode);
foreach($block->getregionsOfCountry($countryCode) as $key=>$regionlist):
if($key>0):
echo"<BR><b>Region / State ID==".$regionlist['value']." "."Region / State ID==</b>".$regionlist['title'];
endif;
endforeach;
?>
<?php
/*
* John_Country
* @category Adobe Commerce Region / State List By Country ID
* @package Country Name
* @copyright Copyright (c) 2023 - Mage2DB.com
* @Email johndusa1021@gmail.com
* @version 1.0.0
*/
namespace John\Country\Model;
use Magento\Directory\Model\Country;
use Magento\Directory\Model\CountryFactory;
class Country
{
/**
* @var Country
*/
public $countryFactory;
public function __construct(
CountryFactory $countryFactory
) {
$this->countryFactory = $countryFactory;
}
/**
* country full name
*
* @return string
*/
public function getCountryName($countryId)
{
$countryName = '';
$country = $this->countryFactory->create()->loadByCode($countryId);
if (!empty($country)) {
$countryName = $country->getName();
}
return $countryName;
}
}
Step [2] – if you have written above code in your Custom Block, call this Block in your custom template.
<?php
/*
* John_Country
* @category Adobe Commerce Region / State List By Country ID
* @package Country Name
* @copyright Copyright (c) 2023 - Mage2DB.com
* @Email johndusa1021@gmail.com
* @version 1.0.0
*/
?>
<?php
$countryCode="US";
echo"<BR><B>Country=</b>".$block->getCountryName($countryCode);
?>