From 1e11b5c5c60f54849ad0e934f036d3cb08a65575 Mon Sep 17 00:00:00 2001
From: Sam Granger <sam.granger@gmail.com>
Date: Tue, 9 Oct 2018 15:36:02 +0200
Subject: [PATCH 1/3] Do not output html for region field due to xss

---
 .../web/template/shipping-address/address-renderer/default.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/code/Magento/Checkout/view/frontend/web/template/shipping-address/address-renderer/default.html b/app/code/Magento/Checkout/view/frontend/web/template/shipping-address/address-renderer/default.html
index 05ced7a978f82..2a5dc27328a43 100644
--- a/app/code/Magento/Checkout/view/frontend/web/template/shipping-address/address-renderer/default.html
+++ b/app/code/Magento/Checkout/view/frontend/web/template/shipping-address/address-renderer/default.html
@@ -8,7 +8,7 @@
     <text args="address().prefix"/> <text args="address().firstname"/> <text args="address().middlename"/>
     <text args="address().lastname"/> <text args="address().suffix"/><br/>
     <text args="_.values(address().street).join(', ')"/><br/>
-    <text args="address().city "/>, <span html="address().region"></span> <text args="address().postcode"/><br/>
+    <text args="address().city "/>, <span text="address().region"></span> <text args="address().postcode"/><br/>
     <text args="getCountryName(address().countryId)"/><br/>
     <a if="address().telephone" attr="'href': 'tel:' + address().telephone" text="address().telephone"></a><br/>
 

From 880622b3f6b827d30f4bbb6677b7d7fb5fc9caaa Mon Sep 17 00:00:00 2001
From: Sam Granger <sam.granger@gmail.com>
Date: Tue, 9 Oct 2018 15:36:44 +0200
Subject: [PATCH 2/3] Do not output html for region field due to xss

---
 .../template/shipping-information/address-renderer/default.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/code/Magento/Checkout/view/frontend/web/template/shipping-information/address-renderer/default.html b/app/code/Magento/Checkout/view/frontend/web/template/shipping-information/address-renderer/default.html
index 97286a28552d2..541413955cb47 100644
--- a/app/code/Magento/Checkout/view/frontend/web/template/shipping-information/address-renderer/default.html
+++ b/app/code/Magento/Checkout/view/frontend/web/template/shipping-information/address-renderer/default.html
@@ -8,7 +8,7 @@
     <text args="address().prefix"/> <text args="address().firstname"/> <text args="address().middlename"/>
     <text args="address().lastname"/> <text args="address().suffix"/><br/>
     <text args="_.values(address().street).join(', ')"/><br/>
-    <text args="address().city "/>, <span html="address().region"></span> <text args="address().postcode"/><br/>
+    <text args="address().city "/>, <span text="address().region"></span> <text args="address().postcode"/><br/>
     <text args="getCountryName(address().countryId)"/><br/>
     <a if="address().telephone" attr="'href': 'tel:' + address().telephone" text="address().telephone"></a><br/>
 

From f9bde4091d147c65944f2e08cad1c84650ca952f Mon Sep 17 00:00:00 2001
From: Sam Granger <sam.granger@gmail.com>
Date: Tue, 9 Oct 2018 15:37:48 +0200
Subject: [PATCH 3/3] Do not output html for region field due to xss

---
 .../view/frontend/web/template/billing-address/details.html     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/code/Magento/Checkout/view/frontend/web/template/billing-address/details.html b/app/code/Magento/Checkout/view/frontend/web/template/billing-address/details.html
index cc1d960bbe44b..ea521b3a8afd4 100644
--- a/app/code/Magento/Checkout/view/frontend/web/template/billing-address/details.html
+++ b/app/code/Magento/Checkout/view/frontend/web/template/billing-address/details.html
@@ -8,7 +8,7 @@
     <text args="currentBillingAddress().prefix"/> <text args="currentBillingAddress().firstname"/> <text args="currentBillingAddress().middlename"/>
     <text args="currentBillingAddress().lastname"/> <text args="currentBillingAddress().suffix"/><br/>
     <text args="_.values(currentBillingAddress().street).join(', ')"/><br/>
-    <text args="currentBillingAddress().city "/>, <span html="currentBillingAddress().region"></span> <text args="currentBillingAddress().postcode"/><br/>
+    <text args="currentBillingAddress().city "/>, <span text="currentBillingAddress().region"></span> <text args="currentBillingAddress().postcode"/><br/>
     <text args="getCountryName(currentBillingAddress().countryId)"/><br/>
     <a if="currentBillingAddress().telephone" attr="'href': 'tel:' + currentBillingAddress().telephone" text="currentBillingAddress().telephone"></a><br/>