Fix security notices

[dwainm]

Fixes #8468

Changes proposed in this Pull Request

Add escaping and ignore where needed.

Testing instructions

Make sure tests pass.

---

• Run npm run changelog to add a changelog file, choose patch to leave it empty if the change is not significant. You can add multiple changelog files in one PR by running this command a few times.
• Covered with tests (or have a good reason not to test in description ☝️)
• Tested on mobile (or does not apply)

Post merge

• Link to testing instructions from release testing doc following these instructions : Add link here / 'QA Testing Not Applicable'
• Add or update critical flows and testing instructions for critical flows, if applicable.
• Add what's changed (description, screenshot, demo videos etc.) to the release announcement post, if applicable.

[botwoo]

Test the build

Option 1. Jetpack Beta

• Install and activate Jetpack Beta.
• Use this build by searching for PR number 8474 or branch name fix/multi-currency/phpcs-notices in your-test.site/wp-admin/admin.php?page=jetpack-beta&plugin=woocommerce-payments

Option 2. Jurassic Ninja - available for logged-in A12s

🚀 Launch a JN site with this branch 🚀

ℹ️ Install this Tampermonkey script to get more options.

---

Build info:

• Latest commit: 42f1ec0
• Build time: 2024-03-26 10:35:13 UTC

Note: the build is updated when a new commit is pushed to this PR.

[github-actions]

Size Change: 0 B

Total Size: 1.2 MB

ℹ️ View Unchanged

Filename	Size
release/woocommerce-payments/assets/css/admin.css	1.06 kB
release/woocommerce-payments/assets/css/admin.rtl.css	1.06 kB
release/woocommerce-payments/assets/css/success.css	158 B
release/woocommerce-payments/assets/css/success.rtl.css	158 B
release/woocommerce-payments/dist/blocks-checkout-rtl.css	1.92 kB
release/woocommerce-payments/dist/blocks-checkout.css	1.91 kB
release/woocommerce-payments/dist/blocks-checkout.js	54.1 kB
release/woocommerce-payments/dist/cart.js	4.45 kB
release/woocommerce-payments/dist/checkout-rtl.css	405 B
release/woocommerce-payments/dist/checkout.css	406 B
release/woocommerce-payments/dist/checkout.js	37 kB
release/woocommerce-payments/dist/index-rtl.css	40.1 kB
release/woocommerce-payments/dist/index.css	40 kB
release/woocommerce-payments/dist/index.js	290 kB
release/woocommerce-payments/dist/multi-currency-analytics.js	1.05 kB
release/woocommerce-payments/dist/multi-currency-rtl.css	3.28 kB
release/woocommerce-payments/dist/multi-currency-switcher-block.js	59.4 kB
release/woocommerce-payments/dist/multi-currency.css	3.29 kB
release/woocommerce-payments/dist/multi-currency.js	54.5 kB
release/woocommerce-payments/dist/order-rtl.css	733 B
release/woocommerce-payments/dist/order.css	735 B
release/woocommerce-payments/dist/order.js	41.7 kB
release/woocommerce-payments/dist/payment-gateways-rtl.css	1.21 kB
release/woocommerce-payments/dist/payment-gateways.css	1.21 kB
release/woocommerce-payments/dist/payment-gateways.js	38.5 kB
release/woocommerce-payments/dist/payment-request-rtl.css	155 B
release/woocommerce-payments/dist/payment-request.css	155 B
release/woocommerce-payments/dist/payment-request.js	12.4 kB
release/woocommerce-payments/dist/product-details-rtl.css	155 B
release/woocommerce-payments/dist/product-details.css	155 B
release/woocommerce-payments/dist/product-details.js	16.6 kB
release/woocommerce-payments/dist/settings-rtl.css	11 kB
release/woocommerce-payments/dist/settings.css	10.8 kB
release/woocommerce-payments/dist/settings.js	199 kB
release/woocommerce-payments/dist/subscription-edit-page.js	669 B
release/woocommerce-payments/dist/subscription-product-onboarding-modal-rtl.css	527 B
release/woocommerce-payments/dist/subscription-product-onboarding-modal.css	527 B
release/woocommerce-payments/dist/subscription-product-onboarding-modal.js	19.4 kB
release/woocommerce-payments/dist/subscription-product-onboarding-toast.js	710 B
release/woocommerce-payments/dist/subscriptions-empty-state-rtl.css	120 B
release/woocommerce-payments/dist/subscriptions-empty-state.css	120 B
release/woocommerce-payments/dist/subscriptions-empty-state.js	18.5 kB
release/woocommerce-payments/dist/tos-rtl.css	235 B
release/woocommerce-payments/dist/tos.css	236 B
release/woocommerce-payments/dist/tos.js	21 kB
release/woocommerce-payments/dist/woopay-direct-checkout.js	4.58 kB
release/woocommerce-payments/dist/woopay-express-button-rtl.css	155 B
release/woocommerce-payments/dist/woopay-express-button.css	155 B
release/woocommerce-payments/dist/woopay-express-button.js	21.1 kB
release/woocommerce-payments/dist/woopay-rtl.css	4.44 kB
release/woocommerce-payments/dist/woopay.css	4.41 kB
release/woocommerce-payments/dist/woopay.js	71 kB
release/woocommerce-payments/includes/subscriptions/assets/css/plugin-page.css	622 B
release/woocommerce-payments/includes/subscriptions/assets/js/plugin-page.js	812 B
release/woocommerce-payments/vendor/automattic/jetpack-assets/build/i18n-loader.js	2.43 kB
release/woocommerce-payments/vendor/automattic/jetpack-assets/src/js/i18n-loader.js	1.01 kB
release/woocommerce-payments/vendor/automattic/jetpack-connection/dist/tracks-ajax.js	522 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/dist/tracks-callables.js	581 B
release/woocommerce-payments/vendor/automattic/jetpack-identity-crisis/babel.config.js	160 B
release/woocommerce-payments/vendor/automattic/jetpack-identity-crisis/build/index.css	2.37 kB
release/woocommerce-payments/vendor/automattic/jetpack-identity-crisis/build/index.js	13.5 kB
release/woocommerce-payments/vendor/automattic/jetpack-identity-crisis/build/index.rtl.css	2.37 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/about.css	1.03 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/admin-empty-state.css	291 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/admin-order-statuses.css	403 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/admin.css	3.6 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/checkout.css	299 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/modal.css	742 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/view-subscription.css	572 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/wcs-upgrade.css	411 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/admin-pointers.js	544 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/admin.js	9.4 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/jstz.js	6.8 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/jstz.min.js	3.83 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/meta-boxes-coupon.js	544 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/meta-boxes-subscription.js	2.52 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/moment.js	22.1 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/moment.min.js	11.6 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/payment-method-restrictions.js	1.29 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/wcs-meta-boxes-order.js	502 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/frontend/payment-methods.js	355 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/frontend/single-product.js	429 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/frontend/view-subscription.js	1.38 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/frontend/wcs-cart.js	781 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/modal.js	1.1 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/wcs-upgrade.js	1.27 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/build/index.css	392 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/build/index.js	3.05 kB

_{compressed-size-action}

[reykjalin]

Hmm, I would've expected this to get caught because of the following lines in phpcs.xml.dist:

woocommerce-payments/phpcs.xml.dist

Lines 73 to 77 in 9b6a7da

	<rule ref="WordPress.Security.EscapeOutput">
	<properties>
	<property name="customEscapingFunctions" type="array" value="WC_Payments_Utils,esc_interpolated_html" />
	</properties>
	</rule>

I wonder if we're not adding that correctly 🤔
It'd be neat if we didn't need the ignore. I'll see if I can look into this as part of #8460 👍

[dwainm]

Thank you @reykjalin, good catch there and thanks for looking into it. I wasn't aware of that rule.

[reykjalin]

Looks like this is actually an issue with the ruleset and not necessarily our config (although I think the config is wrong as well):

See WordPress/WordPress-Coding-Standards#1176 and WordPress/WordPress-Coding-Standards#2370.

I think the config is wrong based on this example.

Either way, I guess this can wait until the next time we update the PHPCS sniffs since all those issues and PRs are still open 🫠